Files
starter-workflows/code-scanning/endorlabs.yml
T

52 lines
2.0 KiB
YAML
Raw Normal View History

2023-06-15 09:11:51 -07:00
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
2023-06-12 19:08:58 -07:00
name: Endor Labs
2023-06-06 16:22:48 -07:00
on:
push:
2023-06-15 09:11:51 -07:00
branches: [ $default-branch, $protected-branches ]
2023-06-06 16:22:48 -07:00
pull_request:
branches: [ $default-branch ]
schedule:
- cron: $cron-weekly
jobs:
scan:
permissions:
security-events: write # Used to upload sarif artifact to GitHub
2023-06-15 10:36:30 -07:00
contents: read # Used to checkout a private repository by actions/checkout.
2023-06-06 16:22:48 -07:00
actions: read # Required for private repositories to upload sarif files. GitHub Advanced Security licenses are required.
id-token: write # Used for keyless authentication to Endor Labs
runs-on: ubuntu-latest
steps:
2023-06-12 19:08:27 -07:00
- name: Checkout repository
uses: actions/checkout@v4
2023-06-06 16:22:48 -07:00
#### Package Build Instructions
2023-06-15 10:36:30 -07:00
### Use this section to define the build steps used by your software package.
### Endor Labs builds your software for you where possible but the required build tools must be made available.
2023-06-06 16:22:48 -07:00
# - name: Setup Java
# uses: actions/setup-java@v4
2023-06-06 16:22:48 -07:00
# with:
# distribution: 'microsoft'
# java-version: '17'
# - name: Build Package
# run: mvn clean install
2023-06-12 19:08:27 -07:00
- name: Endor Labs scan pull request
2023-06-06 16:22:48 -07:00
if: github.event_name == 'pull_request'
2023-06-06 20:22:38 -07:00
uses: endorlabs/github-action@b51bd06466b545f01a6ac788e3e1147695d3936c
2023-06-06 16:22:48 -07:00
with:
2023-06-15 10:36:30 -07:00
namespace: "example" # Modify the namespace to your Endor Labs tenant namespace.
2023-06-06 16:22:48 -07:00
sarif_file: findings.sarif
2023-06-12 19:08:27 -07:00
- name: Endor Labs scan monitor
2023-06-15 10:36:30 -07:00
if: github.event_name == 'push'
2023-06-06 20:22:38 -07:00
uses: endorlabs/github-action@b51bd06466b545f01a6ac788e3e1147695d3936c
2023-06-06 16:22:48 -07:00
with:
2023-06-15 10:36:30 -07:00
namespace: "example" # Modify the namespace to your Endor Labs tenant namespace.
2023-06-06 16:22:48 -07:00
ci_run: "false"
sarif_file: findings.sarif
- name: Upload SARIF to github
2024-07-29 14:37:50 -04:00
uses: github/codeql-action/upload-sarif@v3
2023-06-06 16:22:48 -07:00
with:
2023-06-06 20:20:00 -07:00
sarif_file: findings.sarif