From e4689f8ca272f876e3154a380c227f22cfab549c Mon Sep 17 00:00:00 2001
From: Aravind Kumar <aravind.kumar@contentstack.com>
Date: Fri, 17 May 2024 20:48:14 +0530
Subject: [PATCH 1/4] sca-scan.yml

---
 .github/workflows/sca-scan.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/sca-scan.yml b/.github/workflows/sca-scan.yml
index a45fd65f..2296ece3 100644
--- a/.github/workflows/sca-scan.yml
+++ b/.github/workflows/sca-scan.yml
@@ -1,9 +1,9 @@
 name: Source Composition Analysis Scan
 on:
   pull_request:
-    types: [ opened, synchronize, reopened ]
+    types: [opened, synchronize, reopened]
 jobs:
-  security:
+  security-sca:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@master

From 2a3532a24acfe97ecbe4ec7b9d7e5a7568274907 Mon Sep 17 00:00:00 2001
From: Aravind Kumar <aravind.kumar@contentstack.com>
Date: Fri, 17 May 2024 20:48:25 +0530
Subject: [PATCH 2/4] jira.yml

---
 .github/workflows/jira.yml | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/jira.yml b/.github/workflows/jira.yml
index 5ddf87a6..caa4bbdf 100644
--- a/.github/workflows/jira.yml
+++ b/.github/workflows/jira.yml
@@ -3,7 +3,7 @@ on:
   pull_request:
     types: [opened]
 jobs:
-  security:
+  security-jira:
     if: ${{ github.actor == 'dependabot[bot]' || github.actor == 'snyk-bot' || contains(github.event.pull_request.head.ref, 'snyk-fix-')  || contains(github.event.pull_request.head.ref, 'snyk-upgrade-')}}
     runs-on: ubuntu-latest
     steps:
@@ -26,3 +26,8 @@ jobs:
             PR: ${{ github.event.pull_request.html_url }}
 
           fields: "${{ secrets.JIRA_FIELDS }}"
+      - name: Transition issue
+        uses: atlassian/gajira-transition@v3
+        with:
+          issue: ${{ steps.create.outputs.issue }}
+          transition: ${{ secrets.JIRA_TRANSITION }}

From 6a0dfeed9607b2fb383fa2949c6b7241a00e1f79 Mon Sep 17 00:00:00 2001
From: Aravind Kumar <aravind.kumar@contentstack.com>
Date: Fri, 17 May 2024 20:48:26 +0530
Subject: [PATCH 3/4] sast-scan.yml

---
 .github/workflows/sast-scan.yml | 11 +++++++++++
 1 file changed, 11 insertions(+)
 create mode 100644 .github/workflows/sast-scan.yml

diff --git a/.github/workflows/sast-scan.yml b/.github/workflows/sast-scan.yml
new file mode 100644
index 00000000..3b9521a5
--- /dev/null
+++ b/.github/workflows/sast-scan.yml
@@ -0,0 +1,11 @@
+name: SAST Scan
+on:
+  pull_request:
+    types: [opened, synchronize, reopened]
+jobs:
+  security-sast:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Semgrep Scan
+        run: docker run -v /var/run/docker.sock:/var/run/docker.sock -v "${PWD}:/src" returntocorp/semgrep semgrep scan --config auto
\ No newline at end of file

From 0eb8c147d80ca8f47ffd876eb7cc4cf5c38e1fc5 Mon Sep 17 00:00:00 2001
From: Aravind Kumar <aravind.kumar@contentstack.com>
Date: Fri, 17 May 2024 20:48:27 +0530
Subject: [PATCH 4/4] codeql-analysis.yml