SAST, SCA & Image Scan Workflow #106

	name: SAST, SCA & Image Scan Workflow

	on:
	push:
	branches: ["main"]
	schedule:
	- cron: '0 0 * * 1'
	workflow_dispatch:

	jobs:
	orca-scan:
	name: Orca Scan
	runs-on: ubuntu-latest
	env:
	PROJECT_KEY: observeinc-aws-sam-apps
	steps:
	- name: Checkout Repository
	uses: actions/checkout@v4
	with:
	fetch-depth: 0

	- name: Run Orca SAST Scan
	uses: orcasecurity/shiftleft-sast-action@v1
	with:
	api_token: ${{ secrets.ORCA_SECURITY_API_TOKEN }}
	project_key: ${{ env.PROJECT_KEY }}
	path: "."

	- name: Run Orca FS Scan
	uses: orcasecurity/shiftleft-fs-action@v1
	with:
	api_token: ${{ secrets.ORCA_SECURITY_API_TOKEN }}
	project_key: ${{ env.PROJECT_KEY }}
	path: "."

	- name: Run Orca IaC Scan
	uses: orcasecurity/shiftleft-iac-action@v1
	with:
	api_token: ${{ secrets.ORCA_SECURITY_API_TOKEN }}
	project_key: ${{ env.PROJECT_KEY }}
	path: "."

	orca-container-scan:
	name: Orca Container Image Scan
	runs-on: ubuntu-latest
	permissions:
	security-events: write
	env:
	PROJECT_KEY: observeinc-aws-sam-apps
	IMAGE_NAME: aws-sam-apps-all-binaries
	steps:
	- name: Checkout Repository
	uses: actions/checkout@v4

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3

	- name: Set up Go
	uses: actions/setup-go@v5
	with:
	go-version: 1.23.8

	- name: Build Docker Image Locally
	run: \|
	make docker-build-all-binaries-image IMAGE_NAME=${{ env.IMAGE_NAME }}

	- name: Run Orca Container Image Scan
	uses: orcasecurity/shiftleft-container-image-action@v1
	with:
	api_token: ${{ secrets.ORCA_SECURITY_API_TOKEN }}
	project_key: ${{ env.PROJECT_KEY }}
	image: ${{ env.IMAGE_NAME }}

Provide feedback