From 437d407a8a0b4ff654b5ccc6f3ef59c946cb5210 Mon Sep 17 00:00:00 2001 From: Jamie Scott Date: Tue, 6 Jun 2023 16:22:48 -0700 Subject: [PATCH 1/9] add Endor Labs --- code-scanning/endorlabs.yml | 46 ++ .../properties/endorlabs.properties.json | 7 + icons/endorlabs.svg | 426 ++++++++++++++++++ 3 files changed, 479 insertions(+) create mode 100644 code-scanning/endorlabs.yml create mode 100644 code-scanning/properties/endorlabs.properties.json create mode 100644 icons/endorlabs.svg diff --git a/code-scanning/endorlabs.yml b/code-scanning/endorlabs.yml new file mode 100644 index 0000000..5f6e867 --- /dev/null +++ b/code-scanning/endorlabs.yml @@ -0,0 +1,46 @@ +name: Endor Labs Scan +on: + push: + branches: [ $default-branch ] + pull_request: + branches: [ $default-branch ] + schedule: + - cron: $cron-weekly +jobs: + scan: + permissions: + security-events: write # Used to upload sarif artifact to GitHub + contents: read # Used to checkout a private repository but actions/checkout. + actions: read # Required for private repositories to upload sarif files. GitHub Advanced Security licenses are required. + id-token: write # Used for keyless authentication to Endor Labs + runs-on: ubuntu-latest + steps: + - name: Checkout Repository + uses: actions/checkout@v3 + #### Package Build Instructions + ### Use this section to define the build steps used by your software package. + ### Endor Labs does this for you when possible. + # - name: Setup Java + # uses: actions/setup-java@v3 + # with: + # distribution: 'microsoft' + # java-version: '17' + # - name: Build Package + # run: mvn clean install + - name: Endor Labs Scan Pull Request + if: github.event_name == 'pull_request' + uses: endorlabs/github-action@main + with: + namespace: "example" # Modify the namespace to your Endor Labs tenant namespace. + sarif_file: findings.sarif + - name: Endor Labs Scan Push to main + if: github.event_name == 'push' + uses: endorlabs/github-action@main + with: + namespace: "example" # Modify the namespace to your Endor Labs tenant namespace. + ci_run: "false" + sarif_file: findings.sarif + - name: Upload SARIF to github + uses: github/codeql-action/upload-sarif@9885f86fab4879632b7e44514f19148225dfbdcd + with: + sarif_file: findings.sarif \ No newline at end of file diff --git a/code-scanning/properties/endorlabs.properties.json b/code-scanning/properties/endorlabs.properties.json new file mode 100644 index 0000000..8c4cbb0 --- /dev/null +++ b/code-scanning/properties/endorlabs.properties.json @@ -0,0 +1,7 @@ +{ + "name": "Endor Labs Scan", + "creator": "EndorLabs", + "description": "Identify, prioritize and address open source and code governance issues with Endor Labs.", + "iconName": "endorlabs", + "categories": ["Code Scanning", "javascript", "python", "java", "php", "c#", "ruby", "go", "kotlin", "scala" ] +} \ No newline at end of file diff --git a/icons/endorlabs.svg b/icons/endorlabs.svg new file mode 100644 index 0000000..04f1287 --- /dev/null +++ b/icons/endorlabs.svg @@ -0,0 +1,426 @@ + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file From 43f7851be318b6c6d3f53cc2dcc716304ce0b1f4 Mon Sep 17 00:00:00 2001 From: Jamie Scott Date: Tue, 6 Jun 2023 20:20:00 -0700 Subject: [PATCH 2/9] Change to specified version --- code-scanning/endorlabs.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/code-scanning/endorlabs.yml b/code-scanning/endorlabs.yml index 5f6e867..cc7ebaa 100644 --- a/code-scanning/endorlabs.yml +++ b/code-scanning/endorlabs.yml @@ -35,7 +35,7 @@ jobs: sarif_file: findings.sarif - name: Endor Labs Scan Push to main if: github.event_name == 'push' - uses: endorlabs/github-action@main + uses: endorlabs/github-action@v1.0.0 with: namespace: "example" # Modify the namespace to your Endor Labs tenant namespace. ci_run: "false" @@ -43,4 +43,4 @@ jobs: - name: Upload SARIF to github uses: github/codeql-action/upload-sarif@9885f86fab4879632b7e44514f19148225dfbdcd with: - sarif_file: findings.sarif \ No newline at end of file + sarif_file: findings.sarif From ea40b7a2671cddb7c82f6daf4ac2f299bd4ca475 Mon Sep 17 00:00:00 2001 From: Jamie Scott Date: Tue, 6 Jun 2023 20:22:38 -0700 Subject: [PATCH 3/9] Update to commit sha --- code-scanning/endorlabs.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/code-scanning/endorlabs.yml b/code-scanning/endorlabs.yml index cc7ebaa..b3d92c4 100644 --- a/code-scanning/endorlabs.yml +++ b/code-scanning/endorlabs.yml @@ -29,13 +29,13 @@ jobs: # run: mvn clean install - name: Endor Labs Scan Pull Request if: github.event_name == 'pull_request' - uses: endorlabs/github-action@main + uses: endorlabs/github-action@b51bd06466b545f01a6ac788e3e1147695d3936c with: namespace: "example" # Modify the namespace to your Endor Labs tenant namespace. sarif_file: findings.sarif - - name: Endor Labs Scan Push to main - if: github.event_name == 'push' - uses: endorlabs/github-action@v1.0.0 + - name: Endor Labs Scan Monitor + if: github.event_name == 'push' + uses: endorlabs/github-action@b51bd06466b545f01a6ac788e3e1147695d3936c with: namespace: "example" # Modify the namespace to your Endor Labs tenant namespace. ci_run: "false" From fae93dfd03b4d95ea199d016c0177a0e9acf5036 Mon Sep 17 00:00:00 2001 From: Jamie Scott Date: Mon, 12 Jun 2023 19:05:57 -0700 Subject: [PATCH 4/9] Update endorlabs.properties.json --- code-scanning/properties/endorlabs.properties.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/code-scanning/properties/endorlabs.properties.json b/code-scanning/properties/endorlabs.properties.json index 8c4cbb0..f251c7b 100644 --- a/code-scanning/properties/endorlabs.properties.json +++ b/code-scanning/properties/endorlabs.properties.json @@ -4,4 +4,4 @@ "description": "Identify, prioritize and address open source and code governance issues with Endor Labs.", "iconName": "endorlabs", "categories": ["Code Scanning", "javascript", "python", "java", "php", "c#", "ruby", "go", "kotlin", "scala" ] -} \ No newline at end of file +} From 9988e13794684252e6aed931cfe876d5eb0afdf4 Mon Sep 17 00:00:00 2001 From: Jamie Scott Date: Mon, 12 Jun 2023 19:08:27 -0700 Subject: [PATCH 5/9] Update endorlabs.yml --- code-scanning/endorlabs.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/code-scanning/endorlabs.yml b/code-scanning/endorlabs.yml index b3d92c4..cc9d71f 100644 --- a/code-scanning/endorlabs.yml +++ b/code-scanning/endorlabs.yml @@ -15,7 +15,7 @@ jobs: id-token: write # Used for keyless authentication to Endor Labs runs-on: ubuntu-latest steps: - - name: Checkout Repository + - name: Checkout repository uses: actions/checkout@v3 #### Package Build Instructions ### Use this section to define the build steps used by your software package. @@ -27,13 +27,13 @@ jobs: # java-version: '17' # - name: Build Package # run: mvn clean install - - name: Endor Labs Scan Pull Request + - name: Endor Labs scan pull request if: github.event_name == 'pull_request' uses: endorlabs/github-action@b51bd06466b545f01a6ac788e3e1147695d3936c with: namespace: "example" # Modify the namespace to your Endor Labs tenant namespace. sarif_file: findings.sarif - - name: Endor Labs Scan Monitor + - name: Endor Labs scan monitor if: github.event_name == 'push' uses: endorlabs/github-action@b51bd06466b545f01a6ac788e3e1147695d3936c with: From 018bc7064380b34483c023064f31435f65011ecd Mon Sep 17 00:00:00 2001 From: Jamie Scott Date: Mon, 12 Jun 2023 19:08:58 -0700 Subject: [PATCH 6/9] Update endorlabs.yml --- code-scanning/endorlabs.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/code-scanning/endorlabs.yml b/code-scanning/endorlabs.yml index cc9d71f..7c69cb4 100644 --- a/code-scanning/endorlabs.yml +++ b/code-scanning/endorlabs.yml @@ -1,4 +1,4 @@ -name: Endor Labs Scan +name: Endor Labs on: push: branches: [ $default-branch ] From c6e2cb88e6e745ed8ad5c23581c173668afb4319 Mon Sep 17 00:00:00 2001 From: Jamie Scott Date: Thu, 15 Jun 2023 09:11:51 -0700 Subject: [PATCH 7/9] Add comments header --- code-scanning/endorlabs.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/code-scanning/endorlabs.yml b/code-scanning/endorlabs.yml index 7c69cb4..59a9a29 100644 --- a/code-scanning/endorlabs.yml +++ b/code-scanning/endorlabs.yml @@ -1,7 +1,12 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + name: Endor Labs on: push: - branches: [ $default-branch ] + branches: [ $default-branch, $protected-branches ] pull_request: branches: [ $default-branch ] schedule: From 6da5a650b9818dfd8ecff77ba25ff5d79d0119fb Mon Sep 17 00:00:00 2001 From: Jamie Scott Date: Thu, 15 Jun 2023 09:13:08 -0700 Subject: [PATCH 8/9] Update case and spacing --- code-scanning/properties/endorlabs.properties.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/code-scanning/properties/endorlabs.properties.json b/code-scanning/properties/endorlabs.properties.json index f251c7b..4347f4c 100644 --- a/code-scanning/properties/endorlabs.properties.json +++ b/code-scanning/properties/endorlabs.properties.json @@ -1,6 +1,6 @@ { - "name": "Endor Labs Scan", - "creator": "EndorLabs", + "name": "Endor Labs scan", + "creator": "Endor Labs", "description": "Identify, prioritize and address open source and code governance issues with Endor Labs.", "iconName": "endorlabs", "categories": ["Code Scanning", "javascript", "python", "java", "php", "c#", "ruby", "go", "kotlin", "scala" ] From 03ce4e088fd4b766979b2642c82187dcff28b83c Mon Sep 17 00:00:00 2001 From: Jamie Scott Date: Thu, 15 Jun 2023 10:36:30 -0700 Subject: [PATCH 9/9] Fix Linter Issues --- code-scanning/endorlabs.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/code-scanning/endorlabs.yml b/code-scanning/endorlabs.yml index 59a9a29..1ad0e26 100644 --- a/code-scanning/endorlabs.yml +++ b/code-scanning/endorlabs.yml @@ -15,7 +15,7 @@ jobs: scan: permissions: security-events: write # Used to upload sarif artifact to GitHub - contents: read # Used to checkout a private repository but actions/checkout. + contents: read # Used to checkout a private repository by actions/checkout. actions: read # Required for private repositories to upload sarif files. GitHub Advanced Security licenses are required. id-token: write # Used for keyless authentication to Endor Labs runs-on: ubuntu-latest @@ -23,8 +23,8 @@ jobs: - name: Checkout repository uses: actions/checkout@v3 #### Package Build Instructions - ### Use this section to define the build steps used by your software package. - ### Endor Labs does this for you when possible. + ### Use this section to define the build steps used by your software package. + ### Endor Labs builds your software for you where possible but the required build tools must be made availible. # - name: Setup Java # uses: actions/setup-java@v3 # with: @@ -36,13 +36,13 @@ jobs: if: github.event_name == 'pull_request' uses: endorlabs/github-action@b51bd06466b545f01a6ac788e3e1147695d3936c with: - namespace: "example" # Modify the namespace to your Endor Labs tenant namespace. + namespace: "example" # Modify the namespace to your Endor Labs tenant namespace. sarif_file: findings.sarif - name: Endor Labs scan monitor - if: github.event_name == 'push' + if: github.event_name == 'push' uses: endorlabs/github-action@b51bd06466b545f01a6ac788e3e1147695d3936c with: - namespace: "example" # Modify the namespace to your Endor Labs tenant namespace. + namespace: "example" # Modify the namespace to your Endor Labs tenant namespace. ci_run: "false" sarif_file: findings.sarif - name: Upload SARIF to github