From e850e8d3a8885a754e2cc24921179352b11081a8 Mon Sep 17 00:00:00 2001
From: Abraham Olaobaju <abraham@flutterwave.com>
Date: Mon, 19 May 2025 17:38:49 +0000
Subject: [PATCH] FTPI-1123: add security github workflow

---
 .github/workflows/security-scan.yml | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)
 create mode 100644 .github/workflows/security-scan.yml

diff --git a/.github/workflows/security-scan.yml b/.github/workflows/security-scan.yml
new file mode 100644
index 0000000..b46d569
--- /dev/null
+++ b/.github/workflows/security-scan.yml
@@ -0,0 +1,27 @@
+name: Security scan on all changes (Commits/PRs)
+
+on:
+  push:
+    branches: ['main', 'master', 'pilot', 'dev']
+  pull_request:
+    types:
+      - opened
+
+jobs:
+  code-check:
+    runs-on: ubuntu-latest
+    env:
+      OS: ubuntu-latest
+    steps:
+      - name: checkout code
+        uses: actions/checkout@v2
+
+      - name: Checkmarx One ClI Action
+        uses: checkmarx/ast-github-action@main
+        with:
+          project_name: WordPress
+          cx_tenant: Flutterwave
+          base_uri: https://eu.ast.checkmarx.net/
+          cx_client_id: ${{ secrets.CX_CLIENT_ID }}
+          cx_client_secret: ${{ secrets.CX_CLIENT_SECRET }}
+          additional_params: --scan-types sast,iac-security,api-security,sca,container-security
\ No newline at end of file