add Endor Labs

This commit is contained in:
Jamie Scott
2023-06-06 16:22:48 -07:00
parent 7b8ec19aaa
commit 437d407a8a
3 changed files with 479 additions and 0 deletions
+46
View File
@@ -0,0 +1,46 @@
name: Endor Labs Scan
on:
push:
branches: [ $default-branch ]
pull_request:
branches: [ $default-branch ]
schedule:
- cron: $cron-weekly
jobs:
scan:
permissions:
security-events: write # Used to upload sarif artifact to GitHub
contents: read # Used to checkout a private repository but actions/checkout.
actions: read # Required for private repositories to upload sarif files. GitHub Advanced Security licenses are required.
id-token: write # Used for keyless authentication to Endor Labs
runs-on: ubuntu-latest
steps:
- name: Checkout Repository
uses: actions/checkout@v3
#### Package Build Instructions
### Use this section to define the build steps used by your software package.
### Endor Labs does this for you when possible.
# - name: Setup Java
# uses: actions/setup-java@v3
# with:
# distribution: 'microsoft'
# java-version: '17'
# - name: Build Package
# run: mvn clean install
- name: Endor Labs Scan Pull Request
if: github.event_name == 'pull_request'
uses: endorlabs/github-action@main
with:
namespace: "example" # Modify the namespace to your Endor Labs tenant namespace.
sarif_file: findings.sarif
- name: Endor Labs Scan Push to main
if: github.event_name == 'push'
uses: endorlabs/github-action@main
with:
namespace: "example" # Modify the namespace to your Endor Labs tenant namespace.
ci_run: "false"
sarif_file: findings.sarif
- name: Upload SARIF to github
uses: github/codeql-action/upload-sarif@9885f86fab4879632b7e44514f19148225dfbdcd
with:
sarif_file: findings.sarif
@@ -0,0 +1,7 @@
{
"name": "Endor Labs Scan",
"creator": "EndorLabs",
"description": "Identify, prioritize and address open source and code governance issues with Endor Labs.",
"iconName": "endorlabs",
"categories": ["Code Scanning", "javascript", "python", "java", "php", "c#", "ruby", "go", "kotlin", "scala" ]
}