From c98f7b2cc6a222a75fad7df4d4d464206d947be4 Mon Sep 17 00:00:00 2001 From: devsecops454 Date: Wed, 26 Feb 2025 01:04:45 +0530 Subject: [PATCH 01/21] Create debricked.yml --- .github/workflows/debricked.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 .github/workflows/debricked.yml diff --git a/.github/workflows/debricked.yml b/.github/workflows/debricked.yml new file mode 100644 index 0000000..8172137 --- /dev/null +++ b/.github/workflows/debricked.yml @@ -0,0 +1,10 @@ +name: Vulnerability scan +on: [push, pull_request] +jobs: + vulnerabilities-scan: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - uses: debricked/actions/scan@v1 + env: + DEBRICKED_TOKEN: ${{ secrets.DEBRICKED_TOKEN }} From 4b1efc6731e32d6c055344b8789a81c54c3d991c Mon Sep 17 00:00:00 2001 From: devsecops454 Date: Wed, 26 Feb 2025 01:09:04 +0530 Subject: [PATCH 02/21] Update debricked.yml From 1efbd9ebe7cd50f1b4b6afe32217b5c2cfec3649 Mon Sep 17 00:00:00 2001 From: devsecops454 Date: Wed, 26 Feb 2025 01:22:04 +0530 Subject: [PATCH 03/21] Update debricked.yml --- .github/workflows/debricked.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/debricked.yml b/.github/workflows/debricked.yml index 8172137..3a2ac3d 100644 --- a/.github/workflows/debricked.yml +++ b/.github/workflows/debricked.yml @@ -1,10 +1,10 @@ name: Vulnerability scan on: [push, pull_request] jobs: - vulnerabilities-scan: - runs-on: ubuntu-latest + vulnerabilities-scan: + runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 - - uses: debricked/actions/scan@v1 - env: - DEBRICKED_TOKEN: ${{ secrets.DEBRICKED_TOKEN }} + - uses: actions/checkout@v2 + - uses: debricked/actions/scan@v1 + env: + DEBRICKED_TOKEN: ${{ secrets.DEBRICKED_TOKEN }} From d97051d3ad23ab6512ba22a8646adb652de149c2 Mon Sep 17 00:00:00 2001 From: devsecops454 Date: Sat, 1 Mar 2025 01:38:03 +0530 Subject: [PATCH 04/21] Update README.MD --- README.MD | 1 + 1 file changed, 1 insertion(+) diff --git a/README.MD b/README.MD index 661d8e2..65dabbd 100644 --- a/README.MD +++ b/README.MD @@ -3,6 +3,7 @@ # Important Information + Thank you for downloading WebGoat! This is the WebGoat Legacy version which is essentially the WebGoat 5 with a new UI. This program is a demonstration of common server-side application flaws. The From 90a6dbca648e33bf86420dceb13d3054fa1872f2 Mon Sep 17 00:00:00 2001 From: devsecops454 Date: Sat, 1 Mar 2025 01:47:23 +0530 Subject: [PATCH 05/21] Update README.MD --- README.MD | 1 - 1 file changed, 1 deletion(-) diff --git a/README.MD b/README.MD index 65dabbd..661d8e2 100644 --- a/README.MD +++ b/README.MD @@ -3,7 +3,6 @@ # Important Information - Thank you for downloading WebGoat! This is the WebGoat Legacy version which is essentially the WebGoat 5 with a new UI. This program is a demonstration of common server-side application flaws. The From 213a40221b561ae431f8909993ba6db900d4096d Mon Sep 17 00:00:00 2001 From: devsecops454 Date: Thu, 6 Mar 2025 12:09:04 +0530 Subject: [PATCH 06/21] Create codacy.yml --- .github/workflows/codacy.yml | 61 ++++++++++++++++++++++++++++++++++++ 1 file changed, 61 insertions(+) create mode 100644 .github/workflows/codacy.yml diff --git a/.github/workflows/codacy.yml b/.github/workflows/codacy.yml new file mode 100644 index 0000000..7d6d5a7 --- /dev/null +++ b/.github/workflows/codacy.yml @@ -0,0 +1,61 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +# This workflow checks out code, performs a Codacy security scan +# and integrates the results with the +# GitHub Advanced Security code scanning feature. For more information on +# the Codacy security scan action usage and parameters, see +# https://github.com/codacy/codacy-analysis-cli-action. +# For more information on Codacy Analysis CLI in general, see +# https://github.com/codacy/codacy-analysis-cli. + +name: Codacy Security Scan + +on: + push: + branches: [ "master" ] + pull_request: + # The branches below must be a subset of the branches above + branches: [ "master" ] + schedule: + - cron: '19 9 * * 2' + +permissions: + contents: read + +jobs: + codacy-security-scan: + permissions: + contents: read # for actions/checkout to fetch code + security-events: write # for github/codeql-action/upload-sarif to upload SARIF results + actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status + name: Codacy Security Scan + runs-on: ubuntu-latest + steps: + # Checkout the repository to the GitHub Actions runner + - name: Checkout code + uses: actions/checkout@v4 + + # Execute Codacy Analysis CLI and generate a SARIF output with the security issues identified during the analysis + - name: Run Codacy Analysis CLI + uses: codacy/codacy-analysis-cli-action@d840f886c4bd4edc059706d09c6a1586111c540b + with: + # Check https://github.com/codacy/codacy-analysis-cli#project-token to get your project token from your Codacy repository + # You can also omit the token and run the tools that support default configurations + project-token: ${{ secrets.CODACY_API_TOKEN }} + verbose: true + output: results.sarif + format: sarif + # Adjust severity of non-security issues + gh-code-scanning-compat: true + # Force 0 exit code to allow SARIF file generation + # This will handover control about PR rejection to the GitHub side + max-allowed-issues: 2147483647 + + # Upload the SARIF file generated in the previous step + - name: Upload SARIF results file + uses: github/codeql-action/upload-sarif@v3 + with: + sarif_file: results.sarif From 42e02b715037576f2b2a89ad474fbacf3ae3b112 Mon Sep 17 00:00:00 2001 From: devsecops454 Date: Thu, 6 Mar 2025 12:21:49 +0530 Subject: [PATCH 07/21] Update codacy.yml --- .github/workflows/codacy.yml | 31 ++++--------------------------- 1 file changed, 4 insertions(+), 27 deletions(-) diff --git a/.github/workflows/codacy.yml b/.github/workflows/codacy.yml index 7d6d5a7..6b6eabb 100644 --- a/.github/workflows/codacy.yml +++ b/.github/workflows/codacy.yml @@ -1,15 +1,3 @@ -# This workflow uses actions that are not certified by GitHub. -# They are provided by a third-party and are governed by -# separate terms of service, privacy policy, and support -# documentation. - -# This workflow checks out code, performs a Codacy security scan -# and integrates the results with the -# GitHub Advanced Security code scanning feature. For more information on -# the Codacy security scan action usage and parameters, see -# https://github.com/codacy/codacy-analysis-cli-action. -# For more information on Codacy Analysis CLI in general, see -# https://github.com/codacy/codacy-analysis-cli. name: Codacy Security Scan @@ -19,33 +7,22 @@ on: pull_request: # The branches below must be a subset of the branches above branches: [ "master" ] - schedule: - - cron: '19 9 * * 2' - -permissions: - contents: read - jobs: codacy-security-scan: - permissions: - contents: read # for actions/checkout to fetch code - security-events: write # for github/codeql-action/upload-sarif to upload SARIF results - actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status name: Codacy Security Scan runs-on: ubuntu-latest steps: # Checkout the repository to the GitHub Actions runner - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@master # Execute Codacy Analysis CLI and generate a SARIF output with the security issues identified during the analysis - name: Run Codacy Analysis CLI - uses: codacy/codacy-analysis-cli-action@d840f886c4bd4edc059706d09c6a1586111c540b + uses: codacy/codacy-analysis-cli-action@master with: # Check https://github.com/codacy/codacy-analysis-cli#project-token to get your project token from your Codacy repository # You can also omit the token and run the tools that support default configurations - project-token: ${{ secrets.CODACY_API_TOKEN }} - verbose: true + api-token: ${{ secrets.CODACY_API_TOKEN }} output: results.sarif format: sarif # Adjust severity of non-security issues @@ -56,6 +33,6 @@ jobs: # Upload the SARIF file generated in the previous step - name: Upload SARIF results file - uses: github/codeql-action/upload-sarif@v3 + uses: github/codeql-action/upload-sarif@master with: sarif_file: results.sarif From 8f55b02b78cbe4591953583a8a2117afca2fb0d9 Mon Sep 17 00:00:00 2001 From: devsecops454 Date: Thu, 6 Mar 2025 12:27:15 +0530 Subject: [PATCH 08/21] Update codacy.yml --- .github/workflows/codacy.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codacy.yml b/.github/workflows/codacy.yml index 6b6eabb..8dd8bc3 100644 --- a/.github/workflows/codacy.yml +++ b/.github/workflows/codacy.yml @@ -14,11 +14,11 @@ jobs: steps: # Checkout the repository to the GitHub Actions runner - name: Checkout code - uses: actions/checkout@master + uses: actions/checkout@v2 # Execute Codacy Analysis CLI and generate a SARIF output with the security issues identified during the analysis - name: Run Codacy Analysis CLI - uses: codacy/codacy-analysis-cli-action@master + uses: codacy/codacy-analysis-cli-action@v2 with: # Check https://github.com/codacy/codacy-analysis-cli#project-token to get your project token from your Codacy repository # You can also omit the token and run the tools that support default configurations @@ -33,6 +33,6 @@ jobs: # Upload the SARIF file generated in the previous step - name: Upload SARIF results file - uses: github/codeql-action/upload-sarif@master + uses: github/codeql-action/upload-sarif@v2 with: sarif_file: results.sarif From e6d17740b4f61980018a2e4ba8ed1b37ee003daa Mon Sep 17 00:00:00 2001 From: devsecops454 Date: Thu, 6 Mar 2025 12:29:28 +0530 Subject: [PATCH 09/21] Update codacy.yml --- .github/workflows/codacy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/codacy.yml b/.github/workflows/codacy.yml index 8dd8bc3..12e4927 100644 --- a/.github/workflows/codacy.yml +++ b/.github/workflows/codacy.yml @@ -18,7 +18,7 @@ jobs: # Execute Codacy Analysis CLI and generate a SARIF output with the security issues identified during the analysis - name: Run Codacy Analysis CLI - uses: codacy/codacy-analysis-cli-action@v2 + uses: codacy/codacy-analysis-cli-action@v3 with: # Check https://github.com/codacy/codacy-analysis-cli#project-token to get your project token from your Codacy repository # You can also omit the token and run the tools that support default configurations From 4982771dd7def21d1c0d274919d68eb2bbad8977 Mon Sep 17 00:00:00 2001 From: devsecops454 Date: Thu, 6 Mar 2025 12:31:19 +0530 Subject: [PATCH 10/21] Update codacy.yml --- .github/workflows/codacy.yml | 13 ++----------- 1 file changed, 2 insertions(+), 11 deletions(-) diff --git a/.github/workflows/codacy.yml b/.github/workflows/codacy.yml index 12e4927..2113c91 100644 --- a/.github/workflows/codacy.yml +++ b/.github/workflows/codacy.yml @@ -1,37 +1,28 @@ - name: Codacy Security Scan on: push: branches: [ "master" ] pull_request: - # The branches below must be a subset of the branches above branches: [ "master" ] + jobs: codacy-security-scan: name: Codacy Security Scan runs-on: ubuntu-latest steps: - # Checkout the repository to the GitHub Actions runner - name: Checkout code uses: actions/checkout@v2 - # Execute Codacy Analysis CLI and generate a SARIF output with the security issues identified during the analysis - name: Run Codacy Analysis CLI - uses: codacy/codacy-analysis-cli-action@v3 + uses: codacy/codacy-analysis-cli-action@v4 with: - # Check https://github.com/codacy/codacy-analysis-cli#project-token to get your project token from your Codacy repository - # You can also omit the token and run the tools that support default configurations api-token: ${{ secrets.CODACY_API_TOKEN }} output: results.sarif format: sarif - # Adjust severity of non-security issues gh-code-scanning-compat: true - # Force 0 exit code to allow SARIF file generation - # This will handover control about PR rejection to the GitHub side max-allowed-issues: 2147483647 - # Upload the SARIF file generated in the previous step - name: Upload SARIF results file uses: github/codeql-action/upload-sarif@v2 with: From 7ef57b73d5669c5eff09b8dd3c69e8f55ce9e611 Mon Sep 17 00:00:00 2001 From: "mend-bolt-for-github[bot]" <42819689+mend-bolt-for-github[bot]@users.noreply.github.com> Date: Thu, 6 Mar 2025 07:43:06 +0000 Subject: [PATCH 11/21] Add .whitesource configuration file --- .whitesource | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 .whitesource diff --git a/.whitesource b/.whitesource new file mode 100644 index 0000000..9c7ae90 --- /dev/null +++ b/.whitesource @@ -0,0 +1,14 @@ +{ + "scanSettings": { + "baseBranches": [] + }, + "checkRunSettings": { + "vulnerableCheckRunConclusionLevel": "failure", + "displayMode": "diff", + "useMendCheckNames": true + }, + "issueSettings": { + "minSeverityLevel": "LOW", + "issueType": "DEPENDENCY" + } +} \ No newline at end of file From 7c57fb8c5b68264131be65c185d96d4ac756408d Mon Sep 17 00:00:00 2001 From: devsecops454 Date: Thu, 6 Mar 2025 13:21:42 +0530 Subject: [PATCH 12/21] Update codacy.yml --- .github/workflows/codacy.yml | 28 ---------------------------- 1 file changed, 28 deletions(-) diff --git a/.github/workflows/codacy.yml b/.github/workflows/codacy.yml index 2113c91..8b13789 100644 --- a/.github/workflows/codacy.yml +++ b/.github/workflows/codacy.yml @@ -1,29 +1 @@ -name: Codacy Security Scan -on: - push: - branches: [ "master" ] - pull_request: - branches: [ "master" ] - -jobs: - codacy-security-scan: - name: Codacy Security Scan - runs-on: ubuntu-latest - steps: - - name: Checkout code - uses: actions/checkout@v2 - - - name: Run Codacy Analysis CLI - uses: codacy/codacy-analysis-cli-action@v4 - with: - api-token: ${{ secrets.CODACY_API_TOKEN }} - output: results.sarif - format: sarif - gh-code-scanning-compat: true - max-allowed-issues: 2147483647 - - - name: Upload SARIF results file - uses: github/codeql-action/upload-sarif@v2 - with: - sarif_file: results.sarif From 99fd10d562e800ecb3d32015401ffc1d623da725 Mon Sep 17 00:00:00 2001 From: devsecops454 Date: Thu, 6 Mar 2025 13:24:52 +0530 Subject: [PATCH 13/21] Delete .github/workflows/codacy.yml --- .github/workflows/codacy.yml | 1 - 1 file changed, 1 deletion(-) delete mode 100644 .github/workflows/codacy.yml diff --git a/.github/workflows/codacy.yml b/.github/workflows/codacy.yml deleted file mode 100644 index 8b13789..0000000 --- a/.github/workflows/codacy.yml +++ /dev/null @@ -1 +0,0 @@ - From 21df551ee4ae3601b1022c86316d3aaf0b9e5004 Mon Sep 17 00:00:00 2001 From: devsecops454 Date: Thu, 6 Mar 2025 13:27:42 +0530 Subject: [PATCH 14/21] Delete .github/workflows/debricked.yml --- .github/workflows/debricked.yml | 10 ---------- 1 file changed, 10 deletions(-) delete mode 100644 .github/workflows/debricked.yml diff --git a/.github/workflows/debricked.yml b/.github/workflows/debricked.yml deleted file mode 100644 index 3a2ac3d..0000000 --- a/.github/workflows/debricked.yml +++ /dev/null @@ -1,10 +0,0 @@ -name: Vulnerability scan -on: [push, pull_request] -jobs: - vulnerabilities-scan: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - uses: debricked/actions/scan@v1 - env: - DEBRICKED_TOKEN: ${{ secrets.DEBRICKED_TOKEN }} From 29f7e748e92b974dad2524b9453d1a0c004a21db Mon Sep 17 00:00:00 2001 From: devsecops454 Date: Thu, 6 Mar 2025 13:30:33 +0530 Subject: [PATCH 15/21] Update .whitesource --- .whitesource | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.whitesource b/.whitesource index 9c7ae90..705c754 100644 --- a/.whitesource +++ b/.whitesource @@ -11,4 +11,4 @@ "minSeverityLevel": "LOW", "issueType": "DEPENDENCY" } -} \ No newline at end of file +} From e5ee33841303f8a406e8d2dc46e83cb032114763 Mon Sep 17 00:00:00 2001 From: devsecops454 Date: Thu, 6 Mar 2025 13:32:44 +0530 Subject: [PATCH 16/21] Delete .whitesource --- .whitesource | 14 -------------- 1 file changed, 14 deletions(-) delete mode 100644 .whitesource diff --git a/.whitesource b/.whitesource deleted file mode 100644 index 705c754..0000000 --- a/.whitesource +++ /dev/null @@ -1,14 +0,0 @@ -{ - "scanSettings": { - "baseBranches": [] - }, - "checkRunSettings": { - "vulnerableCheckRunConclusionLevel": "failure", - "displayMode": "diff", - "useMendCheckNames": true - }, - "issueSettings": { - "minSeverityLevel": "LOW", - "issueType": "DEPENDENCY" - } -} From 52e38831cea8531e0d500de02aee298bb997a060 Mon Sep 17 00:00:00 2001 From: "mend-bolt-for-github[bot]" <42819689+mend-bolt-for-github[bot]@users.noreply.github.com> Date: Thu, 6 Mar 2025 08:02:49 +0000 Subject: [PATCH 17/21] Add .whitesource configuration file --- .whitesource | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 .whitesource diff --git a/.whitesource b/.whitesource new file mode 100644 index 0000000..9c7ae90 --- /dev/null +++ b/.whitesource @@ -0,0 +1,14 @@ +{ + "scanSettings": { + "baseBranches": [] + }, + "checkRunSettings": { + "vulnerableCheckRunConclusionLevel": "failure", + "displayMode": "diff", + "useMendCheckNames": true + }, + "issueSettings": { + "minSeverityLevel": "LOW", + "issueType": "DEPENDENCY" + } +} \ No newline at end of file From 9af2b5c5c2d0e4562414acdef5d8e8ffa21108ba Mon Sep 17 00:00:00 2001 From: devsecops454 Date: Thu, 6 Mar 2025 13:41:02 +0530 Subject: [PATCH 18/21] Create codacy.yml --- .github/workflows/codacy.yml | 62 ++++++++++++++++++++++++++++++++++++ 1 file changed, 62 insertions(+) create mode 100644 .github/workflows/codacy.yml diff --git a/.github/workflows/codacy.yml b/.github/workflows/codacy.yml new file mode 100644 index 0000000..759b562 --- /dev/null +++ b/.github/workflows/codacy.yml @@ -0,0 +1,62 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +# This workflow checks out code, performs a Codacy security scan +# and integrates the results with the +# GitHub Advanced Security code scanning feature. For more information on +# the Codacy security scan action usage and parameters, see +# https://github.com/codacy/codacy-analysis-cli-action. +# For more information on Codacy Analysis CLI in general, see +# https://github.com/codacy/codacy-analysis-cli. + +name: Codacy Security Scan + +on: + push: + branches: [ "master" ] + pull_request: + # The branches below must be a subset of the branches above + branches: [ "master" ] + schedule: + - cron: '33 18 * * 1' + +permissions: + contents: read + +jobs: + codacy-security-scan: + permissions: + contents: read # for actions/checkout to fetch code + security-events: write # for github/codeql-action/upload-sarif to upload SARIF results + actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status + name: Codacy Security Scan + runs-on: ubuntu-latest + steps: + # Checkout the repository to the GitHub Actions runner + - name: Checkout code + uses: actions/checkout@v4 + + # Execute Codacy Analysis CLI and generate a SARIF output with the security issues identified during the analysis + - name: Run Codacy Analysis CLI + uses: codacy/codacy-analysis-cli-action@d840f886c4bd4edc059706d09c6a1586111c540b + with: + # Check https://github.com/codacy/codacy-analysis-cli#project-token to get your project token from your Codacy repository + # You can also omit the token and run the tools that support default configurations + #project-token: ${{ secrets.CODACY_PROJECT_TOKEN }} + api-token: ${{ secrets.CODACY_API_TOKEN }} + #verbose: true + output: results.sarif + format: sarif + # Adjust severity of non-security issues + gh-code-scanning-compat: true + # Force 0 exit code to allow SARIF file generation + # This will handover control about PR rejection to the GitHub side + max-allowed-issues: 2147483647 + + # Upload the SARIF file generated in the previous step + - name: Upload SARIF results file + uses: github/codeql-action/upload-sarif@v3 + with: + sarif_file: results.sarif From 5eacd2096aa5d22b52741ae299c60397aec0455b Mon Sep 17 00:00:00 2001 From: devsecops454 Date: Thu, 6 Mar 2025 13:41:41 +0530 Subject: [PATCH 19/21] Delete .whitesource --- .whitesource | 14 -------------- 1 file changed, 14 deletions(-) delete mode 100644 .whitesource diff --git a/.whitesource b/.whitesource deleted file mode 100644 index 9c7ae90..0000000 --- a/.whitesource +++ /dev/null @@ -1,14 +0,0 @@ -{ - "scanSettings": { - "baseBranches": [] - }, - "checkRunSettings": { - "vulnerableCheckRunConclusionLevel": "failure", - "displayMode": "diff", - "useMendCheckNames": true - }, - "issueSettings": { - "minSeverityLevel": "LOW", - "issueType": "DEPENDENCY" - } -} \ No newline at end of file From e5d1868a3bf4fe82d663646564b01457e369ee54 Mon Sep 17 00:00:00 2001 From: "mend-bolt-for-github[bot]" <42819689+mend-bolt-for-github[bot]@users.noreply.github.com> Date: Thu, 6 Mar 2025 08:11:46 +0000 Subject: [PATCH 20/21] Add .whitesource configuration file --- .whitesource | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 .whitesource diff --git a/.whitesource b/.whitesource new file mode 100644 index 0000000..9c7ae90 --- /dev/null +++ b/.whitesource @@ -0,0 +1,14 @@ +{ + "scanSettings": { + "baseBranches": [] + }, + "checkRunSettings": { + "vulnerableCheckRunConclusionLevel": "failure", + "displayMode": "diff", + "useMendCheckNames": true + }, + "issueSettings": { + "minSeverityLevel": "LOW", + "issueType": "DEPENDENCY" + } +} \ No newline at end of file From fb7198a84087cdc81e7a506d1eeb8d154310a32f Mon Sep 17 00:00:00 2001 From: devsecops454 Date: Thu, 6 Mar 2025 13:48:55 +0530 Subject: [PATCH 21/21] Update codacy.yml --- .github/workflows/codacy.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/codacy.yml b/.github/workflows/codacy.yml index 759b562..0be2761 100644 --- a/.github/workflows/codacy.yml +++ b/.github/workflows/codacy.yml @@ -44,8 +44,8 @@ jobs: with: # Check https://github.com/codacy/codacy-analysis-cli#project-token to get your project token from your Codacy repository # You can also omit the token and run the tools that support default configurations - #project-token: ${{ secrets.CODACY_PROJECT_TOKEN }} - api-token: ${{ secrets.CODACY_API_TOKEN }} + project-token: ${{ secrets.CODACY_PROJECT_TOKEN }} + #api-token: ${{ secrets.CODACY_API_TOKEN }} #verbose: true output: results.sarif format: sarif