From 59719b7317f6d685da0fb2e3d3891a669c10c564 Mon Sep 17 00:00:00 2001
From: Cornelius Ashley <korneliosyaovi@gmail.com>
Date: Mon, 19 May 2025 16:53:58 +0100
Subject: [PATCH] Add Checkmarx security scan job to deployment workflow

---
 .DS_Store                           | Bin 0 -> 6148 bytes
 .github/workflows/security-scan.yml |  29 ++++++++++++++++++++++++++++
 flutterwave_sdk.gemspec             |   8 ++++----
 3 files changed, 33 insertions(+), 4 deletions(-)
 create mode 100644 .DS_Store
 create mode 100644 .github/workflows/security-scan.yml

diff --git a/.DS_Store b/.DS_Store
new file mode 100644
index 0000000000000000000000000000000000000000..904f7564153be52ac8d6f38c05c7485326c20520
GIT binary patch
literal 6148
zcmeHKJxc>Y5S=ks9NMH15kxrD%0diS*a&Ah|A6@e;Sx#2#0!2D7Q$7ww*D0r8?mxV
znbv>e%+6?bxo9aWGcf!1_U-KBUbx*X0ATa7+W@EoKupOP%~LZYnCGm-oQ^CKBCj#%
zHCmlwII7IF0dv3{_>B(mw;RD0^xzmSg6|jCUVUy@WLZ8aavF=r#qQ(P#>;-lcfaLF
zeQ$4wwy6|qkdx|ZpbGdlWqi%`&h<@q#c68Yu$U@V*+35x(HoFn9_roQJ3YtvdP}9J
zr|eX($_9Ek7QGRiKrhrg^cY|7cJJx=OgycDtMlKl$_9GS=2as&r^+Mfgo>*VKIdyr
zcKVy~$M2}MzUnMK)J<8};%_=YXEsN?AZV>QU=ElApAPW;kWezFilw02I;e410K$ld
zT~MFz5?qrgri!H?F%&4Jgi?xn#Xu>i@kHmPilv~G1M1}iRT=e$f=->*Puz6CRM1*;
zz#Ir2sL5lU&;Nt3@Bd+uJ(&aMz`t?;qpX!R>6P?st-KtcwFzaLl7r`!g06%bJ&s+6
ekK$!Y7sMspAxsrZK^md3KLXAMYs`Tkb>JP70FB%L

literal 0
HcmV?d00001

diff --git a/.github/workflows/security-scan.yml b/.github/workflows/security-scan.yml
new file mode 100644
index 0000000..e158b9a
--- /dev/null
+++ b/.github/workflows/security-scan.yml
@@ -0,0 +1,29 @@
+name: Security scan on all changes (Commits/PRs)
+
+on:
+  push:
+    branches: ['main', 'master', 'pilot', 'dev']
+  pull_request:
+    types:
+      - opened
+
+jobs:
+  code-check:
+    runs-on: ubuntu-latest
+    env:
+      OS: ubuntu-latest
+      PYTHON: '3.7'
+    steps:
+    - name: checkout code
+      uses: actions/checkout@v2
+    
+
+    - name: Checkmarx One ClI Action
+      uses: checkmarx/ast-github-action@main
+      with:
+        project_name: Python-v2
+        cx_tenant: Flutterwave
+        base_uri: https://eu.ast.checkmarx.net/
+        cx_client_id: ${{ secrets.CX_CLIENT_ID }}
+        cx_client_secret: ${{ secrets.CX_CLIENT_SECRET }}
+        additional_params: --scan-types sast,iac-security,api-security,sca,container-security
\ No newline at end of file
diff --git a/flutterwave_sdk.gemspec b/flutterwave_sdk.gemspec
index c2b1b7f..a95988f 100644
--- a/flutterwave_sdk.gemspec
+++ b/flutterwave_sdk.gemspec
@@ -6,16 +6,16 @@ Gem::Specification.new do |spec|
   spec.authors       = ["Flutterwave Developers"]
   spec.email         = ["developers@flutterwavego.com"]
 
-spec.date        = '2020-05-10'
+  spec.date        = '2020-05-10'
   spec.summary       = %q{Official Ruby Gem For Flutterwave APIs.}
   spec.description   = %q{This is the official Ruby Gem For Flutterwave Payments which includes Card, Account, Transfer, Subaccount, Subscription, Mpesa, Ghana Mobile Money, Ussd, Payment Plans, and Transfer payment methods.}
-  spec.homepage      = "https://github.com/Flutterwave/Flutterwave-Ruby-v3."
+  spec.homepage      = "https://github.com/Flutterwave/Flutterwave-Ruby-v3"
   spec.license       = "MIT"
   spec.required_ruby_version = Gem::Requirement.new(">= 2.3.0")
 
-  spec.metadata["homepage_uri"] = spec.homepage
+  spec.metadata["homepage_uri"] = "https://developer.flutterwave.com"
   spec.metadata["source_code_uri"] = spec.homepage
-  spec.metadata["changelog_uri"] = spec.homepage
+  spec.metadata["changelog_uri"] = "https://github.com/Flutterwave/Flutterwave-Ruby-v3/blob/master/changelog.md"
 
   # Specify which files should be added to the gem when it is released.
   # The `git ls-files -z` loads the files in the RubyGem that have been added into git.