Merge branch 'main' into main

This commit is contained in:
Sadman Anik
2025-01-28 12:45:05 +06:00
committed by GitHub
25 changed files with 176 additions and 144 deletions
+1 -1
View File
@@ -31,7 +31,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout Code
uses: actions/checkout@v2
uses: actions/checkout@v4
- name: Grant execute permission for gradlew
run: chmod +x gradlew
+1 -1
View File
@@ -29,7 +29,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v4
- name: Bandit Scan
uses: shundor/python-bandit-scan@9cc5aa4a006482b8a7f91134412df6772dbda22c
with: # optional arguments
+1 -1
View File
@@ -27,7 +27,7 @@ jobs:
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
steps:
- name: Checkout code
uses: actions/checkout@v2
uses: actions/checkout@v4
- name: Scan code
uses: clj-holmes/clj-holmes-action@200d2d03900917d7eb3c24fc691ab83579a87fcb
+1 -1
View File
@@ -32,7 +32,7 @@ jobs:
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
steps:
- name: Checkout code
uses: actions/checkout@v2
uses: actions/checkout@v4
- name: Dependency scan
uses: clj-holmes/clj-watson-action@39b8ed306f2c125860cf6e69b6939363689f998c
+2 -2
View File
@@ -77,11 +77,11 @@ jobs:
contents: read # for actions/checkout to fetch code
security-events: write # for redhat-actions/crda to upload SARIF results
name: Scan project vulnerabilities with CRDA
runs-on: ubuntu-20.04
runs-on: ubuntu-latest
steps:
- name: Check out repository
uses: actions/checkout@v2
uses: actions/checkout@v4
# *******************************************************************
# Required: Instructions to setup project
+1 -1
View File
@@ -16,7 +16,7 @@ on:
jobs:
lint:
name: DevSkim
runs-on: ubuntu-20.04
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
+1 -1
View File
@@ -17,7 +17,7 @@ on:
jobs:
lint:
name: Kubesec
runs-on: ubuntu-20.04
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
+1 -1
View File
@@ -60,7 +60,7 @@ jobs:
# Upload SARIF file as an Artifact to download and view
# - name: Upload SARIF as an Artifact
# uses: actions/upload-artifact@v3
# uses: actions/upload-artifact@v4
# with:
# name: sarif-file
# path: ${{ steps.run-analysis.outputs.sarif }}
+1 -1
View File
@@ -162,7 +162,7 @@ jobs:
runs-on: ubuntu-18.04
name: A job to run a Nexploit scan
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v4
- name: Start Nexploit Scan 🏁
id: start
uses: NeuraLegion/run-scan@29ebd17b4fd6292ce7a238a59401668953b37fbe
+13 -3
View File
@@ -36,15 +36,25 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Run SOOS DAST Analysis
uses: soos-io/soos-dast-github-action@65d9878d77c8993f3db9e86a92bc2ad3a6e060af
uses: soos-io/soos-dast-github-action@a7eb40b94c1c81eb76b178ba1befdc21823f86fa
with:
client_id: ${{ secrets.SOOS_CLIENT_ID }}
api_key: ${{ secrets.SOOS_API_KEY }}
project_name: "<YOUR-PROJECT-NAME>"
scan_mode: "baseline"
target_url: "https://www.example.com/"
output_format: "sarif"
export_format: "Sarif"
export_file_type: "Json"
- name: Find and rename SARIF file since it is unique
run: |
file=$(find . -name "*.sarif.json" | head -n 1)
if [ -n "$file" ]; then
mv "$file" output.sarif.json
echo "Renamed $file to output.sarif.json"
else
echo "No SARIF file found" && exit 1
fi
- name: Upload SOOS DAST SARIF Report
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: results.sarif
sarif_file: output.sarif.json
+1 -1
View File
@@ -46,7 +46,7 @@ jobs:
contents: read # for actions/checkout to fetch code
security-events: write # for stackhawk/hawkscan-action to upload code scanning alert info
name: StackHawk
runs-on: ubuntu-20.04
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
+1 -1
View File
@@ -24,7 +24,7 @@ jobs:
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
name: Build
runs-on: "ubuntu-20.04"
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
+1 -1
View File
@@ -87,7 +87,7 @@ jobs:
license: ${{ secrets.XANITIZER_LICENSE }}
# Archiving the findings list reports
- uses: actions/upload-artifact@v3
- uses: actions/upload-artifact@v4
with:
name: Xanitizer-Reports
path: |