add_listing_to_github_ui
This commit is contained in:
@@ -0,0 +1,7 @@
|
||||
{
|
||||
"name": "Synopsys Intelligent Security Scan Action",
|
||||
"creator": "Synopsys",
|
||||
"description": "The Synopsys Intelligent Security Scan Action helps selectively perform SAST and SCA scans, triggered during a variety of GitHub Platform events for C, C++, C#, Java, JavaScript, TypeScript, Python, and Go developers.",
|
||||
"iconName": "synopsys",
|
||||
"categories": ["Code Scanning"]
|
||||
}
|
||||
@@ -0,0 +1,77 @@
|
||||
name: "Synopsys Intelligent Security Scan"
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ $default-branch, $protected-branches ]
|
||||
pull_request:
|
||||
# The branches below must be a subset of the branches above
|
||||
branches: [ $default-branch ]
|
||||
schedule:
|
||||
- cron: $cron-weekly
|
||||
|
||||
jobs:
|
||||
analyze:
|
||||
name: Analyze
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v2
|
||||
with:
|
||||
# We must fetch at least the immediate parents so that if this is
|
||||
# a pull request then we can checkout the head.
|
||||
fetch-depth: 2
|
||||
|
||||
# If this run was triggered by a pull request event, then checkout
|
||||
# the head of the pull request instead of the merge commit.
|
||||
- run: git checkout HEAD^2
|
||||
if: ${{ github.event_name == 'pull_request' }}
|
||||
|
||||
- name: Synopsys Intelligent Security Scan
|
||||
id: prescription
|
||||
uses: synopsys-sig/intelligent-security-scan@v1
|
||||
with:
|
||||
ioServerUrl: ${{secrets.IO_SERVER_URL}}
|
||||
ioServerToken: ${{secrets.IO_SERVER_TOKEN}}
|
||||
workflowServerUrl: ${{secrets.WORKFLOW_SERVER_URL}}
|
||||
additionalWorkflowArgs: --polaris.url=${{secrets.POLARIS_SERVER_URL}} --polaris.token=${{secrets.POLARIS_ACCESS_TOKEN}}
|
||||
stage: "IO"
|
||||
|
||||
# Please note that the ID in previous step was set to prescription
|
||||
# in order for this logic to work also make sure that POLARIS_ACCESS_TOKEN
|
||||
# is defined in settings
|
||||
- name: Static Analysis with Polaris
|
||||
if: ${{steps.prescription.outputs.sastScan == 'true' }}
|
||||
run: |
|
||||
export POLARIS_SERVER_URL=${{ secrets.POLARIS_SERVER_URL}}
|
||||
export POLARIS_ACCESS_TOKEN=${{ secrets.POLARIS_ACCESS_TOKEN}}
|
||||
wget -q ${{ secrets.POLARIS_SERVER_URL}}/api/tools/polaris_cli-linux64.zip
|
||||
unzip -j polaris_cli-linux64.zip -d /tmp
|
||||
/tmp/polaris analyze -w
|
||||
|
||||
# Please note that the ID in previous step was set to prescription
|
||||
# in order for this logic to work
|
||||
- name: Software Composition Analysis with Black Duck
|
||||
if: ${{steps.prescription.outputs.scaScan == 'true' }}
|
||||
uses: blackducksoftware/github-action@v2
|
||||
with:
|
||||
args: '--blackduck.url="${{ secrets.BLACKDUCK_URL}}" --blackduck.api.token="${{ secrets.BLACKDUCK_TOKEN}}" --detect.tools="SIGNATURE_SCAN,DETECTOR"'
|
||||
|
||||
- name: Synopsys Intelligent Security Scan
|
||||
if: ${{ steps.prescription.outputs.sastScan == 'true' || steps.prescription.outputs.scaScan == 'true' }}
|
||||
uses: synopsys-sig/intelligent-security-scan@v1
|
||||
with:
|
||||
ioServerUrl: ${{secrets.IO_SERVER_URL}}
|
||||
ioServerToken: ${{secrets.IO_SERVER_TOKEN}}
|
||||
workflowServerUrl: ${{secrets.WORKFLOW_SERVER_URL}}
|
||||
additionalWorkflowArgs: --IS_SAST_ENABLED=${{steps.prescription.outputs.sastScan}} --IS_SCA_ENABLED=${{steps.prescription.outputs.scaScan}}
|
||||
--polaris.project.name={{PROJECT_NAME}} --polaris.url=${{secrets.POLARIS_SERVER_URL}} --polaris.token=${{secrets.POLARIS_ACCESS_TOKEN}}
|
||||
--blackduck.project.name={{PROJECT_NAME}}:{{PROJECT_VERSION}} --blackduck.url=${{secrets.BLACKDUCK_URL}} --blackduck.api.token=${{secrets.BLACKDUCK_TOKEN}}
|
||||
stage: "WORKFLOW"
|
||||
|
||||
- name: Upload SARIF file
|
||||
if: ${{steps.prescription.outputs.sastScan == 'true' }}
|
||||
uses: github/codeql-action/upload-sarif@v1
|
||||
with:
|
||||
# Path to SARIF file relative to the root of the repository
|
||||
sarif_file: workflowengine-results.sarif.json
|
||||
File diff suppressed because one or more lines are too long
|
After Width: | Height: | Size: 55 KiB |
Reference in New Issue
Block a user