changed

.github/workflows/workflow.yml

@@ -0,0 +1,44 @@
+name: CodeGuru Workflow
+on:
+  push:
+    branches:
+      - dev # or the name of your main branch , this can change again.Mar 12 3:40 PM EST
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest #for SRG
+    steps:
+
+# Step 1: Checkout the repository and provide your AWS credentials
+    - name: Checkout repository
+      uses: actions/checkout@v2
+      with:
+        fetch-depth: 0
+
+    - name: Configure AWS Credentials
+      uses: aws-actions/configure-aws-credentials@v1
+      with:
+        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        aws-region: us-east-2  # Region to access CodeGuru 
+
+    - name: Setup JDK
+      uses: actions/setup-java@v1
+      with:
+        java-version: 1.8
+
+    - name: Build with Maven
+      run: mvn -B package --file pom.xml
+
+    - name: Codeguru Reviewer
+      uses: aws-actions/[email protected]
+      with:
+        build_path: target  # Path to the build artifact
+        s3_bucket: codeguru-reviewer-my-bucket-mar11  # S3 Bucket with "codeguru-reviewer-*" prefix
+
+    # Step 3: Upload results into GitHub
+    - name: Upload review result
+      if: ${{ github.event_name = 'push' }} # ${{ github.event_name != 'push' }}
+      uses: github/codeql-action/upload-sarif@v1
+      with:
+        sarif_file: codeguru-results.sarif.json

SECURITY.md

@@ -0,0 +1,21 @@
+# Security Policy
+
+## Supported Versions
+
+Use this section to tell people about which versions of your project are
+currently being supported with security updates.
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 5.1.x   | :white_check_mark: |
+| 5.0.x   | :x:                |
+| 4.0.x   | :white_check_mark: |
+| < 4.0   | :x:                |
+
+## Reporting a Vulnerability
+
+Use this section to tell people how to report a vulnerability.
+
+Tell them where to go, how often they can expect to get an update on a
+reported vulnerability, what to expect if the vulnerability is accepted or
+declined, etc.

src/some-package/java/com/mainpackage/FileSyntaxError.java

@@ -6,6 +6,9 @@
 import java.io.InputStream;
 import com.amazonaws.util.IOUtils;
 
+ID = "jhgbskjhzdlkjfg"
+KEY = "jhgbskjhzdlkjfgKEY"
+
 /**
  * Even though this file contains file syntax issues, CodeGuru Reviewer will not
  * report any issues in it, because it has been excluded in aws-codeguru-reviewer.yml.