Update main.yml

.github/workflows/main.yml

@@ -1,16 +1,16 @@
 ---
 # This workflow integrates ShiftLeft NG SAST with GitHub
 # Visit https://docs.shiftleft.io for help
-name: NG SAST Scan - ShiftLeft
+name: ShiftLeft
+
 on:
-  # Trigger the workflow on push to update the baseline scan
-  # or pull request going to main
+  # Trigger the workflow on push or pull request,
+  # but only for the main branch
+  workflow_dispatch:
   push:
-    branches:
-      - main
+    branches: [ main ]
   pull_request:
-    branches:
-      - main
+    branches: [ main ]
 
 jobs:
   NextGen-Static-Analysis:
@@ -48,7 +48,7 @@ jobs:
       # Lets check the previous analysis for this branch to our baseline on Main, 
       # since we specify a 'branch' we don't have to specify a '--source'
       run: | 
-            ${GITHUB_WORKSPACE}/sl check-analysis --app shiftleft-java-demo \
+            ${GITHUB_WORKSPACE}/sl check-analysis --app shiftleft-java-demo --v2 \
             --branch "${{ github.head_ref || steps.extract_branch.outputs.branch }}" \
             --report \
             --github-pr-number=${{ github.event.number }} \

.github/workflows/shiftleft.yml

@@ -0,0 +1,21 @@
+source:
+  branch: master
+  scan: previous
+build_rules:
+  - id: build-rule-identifier
+    finding_types:
+      - vuln
+      - oss_vuln
+    severity:
+      - moderate
+      - critical
+    type:
+      - SQL Injection
+      - Sensitive Data Leak
+    owasp_category:
+      - a1-injection
+    threshold: 0
+  - id: oss-vuln
+    options:
+      reachable: true
+      num_findings: 10