Xygeni Scan with malicious package #5

	name: Xygeni Scan with malicious package
	on:
	workflow_dispatch: # Allows manual triggering
	# no push triggers
	# no pull request triggers
	# no schedule triggers

	jobs:
	xygeni-scan:
	name: Xygeni Scan
	runs-on: ubuntu-latest
	steps:
	- name: Set up JDK 21
	uses: actions/setup-java@v4
	with:
	java-version: '21'
	distribution: 'temurin'

	- uses: actions/checkout@v3
	with:
	fetch-depth: 0 # Shallow clones should be disabled for better relevancy of analysis

	- name: Copying malicious files
	#if: ${{ github.event.inputs.dep-malware == 'true' }}
	run: \|
	echo "Substituting package.json with package.json.unsafe !!!"
	cp package.json.unsafe package.json

	- name: Xygeni-Scanner
	uses: xygeni/[email protected]
	id: Xygeni-Scanner
	with:
	xygeni_url: https://api.xygeni.io
	token: ${{ secrets.XY_TOKEN_PRO_TRIAL3 }}
	gh_token: ${{ secrets.GH_PAT }}
	command: scan --run="deps,suspectdeps,misconf" -n ${{ github.event.repository.name }}-${{ github.ref_name }}

Provide feedback