e6-qwiet · e6-qwiet · Dec 23, 2024 · Dec 23, 2024
diff --git a/.github/workflows/qwiet-prezero-workflow.yml b/.github/workflows/qwiet-prezero-workflow.yml
@@ -38,3 +38,25 @@ jobs:
         SHIFTLEFT_API_HOST: www.shiftleft.io
         SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443
         SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443
+
+  Build-Rules:
+    runs-on: ubuntu-latest
+    permissions: write-all
+    needs: NextGen-Static-Analysis
+    steps:
+    - uses: actions/checkout@v3
+    - name: Download ShiftLeft CLI
+      run: |
+        curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl
+    - name: Validate Build Rules
+      run: |
+        ${GITHUB_WORKSPACE}/sl check-analysis  \
+            --github-pr-number=${{github.event.number}} \
+            --github-pr-user=${{ github.repository_owner }} \
+            --github-pr-repo=${{ github.event.repository.name }} \
+            --github-token=${{ secrets.GITHUB_TOKEN }}
+      env:
+        SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }}
+        SHIFTLEFT_API_HOST: www.shiftleft.io
+        SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443
+        SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443
diff --git a/shiftleft.yml b/shiftleft.yml
@@ -30,7 +30,8 @@ build_rules:
       - high
     threshold: 0
     options:
-      num_findings: 10 # Return 10 container findings
+      num_findings: 10 
+# Return 10 container findings
 # The above rule is perhaps the most common in that it
 # is designed to be used with Pull Request and to block
 # new vulns from being introduced that aren't already on