Merge branch 'main' into main

This commit is contained in:
Jeevan Reddy Ragula
2022-09-30 17:11:26 +05:30
committed by GitHub
5 changed files with 162 additions and 0 deletions
+55
View File
@@ -0,0 +1,55 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
#
# NowSecure: The Mobile Security Experts <https://www.nowsecure.com/>.
#
# To use this workflow, you must have a token for NowSecure Platform. If you are a NowSecure customer,
# you can find it in NowSecure Platform.
#
# If you *are not* a NowSecure customer, click here to sign up for a free trial to get access:
# <https://bit.ly/ns-git-sbom>.
#
# Instructions:
#
# 1. In the settings for your repository, click "Secrets" then "New repository secret". Name the secret "NS_TOKEN" and
# paste in your Platform token. If you do not have a Platform token, or wish to create a new one for GitHub, visit
# NowSecure Platform and go to "Profile & Preferences" then create a token labelled "GitHub".
#
# 2. Follow the annotated workflow below and make any necessary modifications then save the workflow to your repository
# and review the "Dependency graph" tab in the "Insights" pane once the action has run.
name: "NowSecure Mobile SBOM"
on:
push:
branches: [ $default-branch, $protected-branches ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ $default-branch ]
schedule:
- cron: $cron-weekly
permissions:
contents: read
jobs:
nowsecure:
name: NowSecure Mobile SBOM
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Build your application
run: ./gradlew assembleDebug # Update this to build your Android or iOS application
- name: NowSecure upload app
uses: nowsecure/nowsecure-sbom-action@ecb731b6f17a83fa53f756f9dae2ec7034c5ed7c
with:
token: ${{ secrets.NS_TOKEN }}
app_file: app-debug.apk # Update this to a path to your .ipa or .apk
group_id: {{ groupId }} # Update this to your desired Platform group ID
@@ -0,0 +1,21 @@
{
"name": "NowSecure Mobile SBOM",
"creator": "NowSecure",
"description": "Generate a Mobile SBOM for an application and submit to Dependency Graph",
"iconName": "nowsecure",
"categories": [
"Code Scanning",
"Java",
"Kotlin",
"Scala",
"Swift",
"Objective C",
"C",
"C++",
"C#",
"Rust",
"JavaScript",
"TypeScript",
"Node"
]
}
@@ -0,0 +1,14 @@
{
"name": "zScan",
"creator": "Zimperium",
"description": "The zimperium-zscan GitHub action scans your mobile app binary (iOS or Android) and identifies security, privacy, and compliance-related vulnerabilities. ",
"iconName": "zscan",
"categories": [
"Code Scanning",
"Java",
"Kotlin",
"Scala",
"Swift",
"Objective C"
]
}
+61
View File
@@ -0,0 +1,61 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
#
# The zimperium-zscan GitHub action scans your mobile app binary (iOS or Android)
# and identifies security, privacy, and compliance-related vulnerabilities.
#
# Prerequisites:
# * An active Zimperium zScan account is required. If you are not an existing Zimperium
# zScan customer, please request a zSCAN demo by visiting https://www.zimperium.com/contact-us.
# * Either GitHub Advanced Security (GHAS) or a public repository is required to display
# issues and view the remediation information inside of GitHub code scanning alerts.
#
# For additional information and setup instructions
# please visit: https://github.com/Zimperium/zScanMarketplace#readme
name: "Zimperium zScan"
on:
push:
branches: [ $default-branch, $protected-branches ]
pull_request:
branches: [ $default-branch ]
permissions:
contents: read
jobs:
zscan:
name: zScan
runs-on: ubuntu-latest
permissions:
contents: read # for actions/checkout to fetch code
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Execute gradle build
run: ./gradlew build # Change this to build your mobile application
- name: Run Zimperium zScan
uses: zimperium/zscanmarketplace@bfc6670f6648d796098c251ccefcfdb98983174d
timeout-minutes: 60
with:
# REPLACE: Zimperium Client Environment Name
client_env: env_string
# REPLACE: Zimperium Client ID
client_id: id_string
# REPLACE: Zimperium Client Secret
client_secret: ${{ secrets.ZSCAN_CLIENT_SECRET }}
# REPLACE: The path to an .ipa or .apk
app_file: app-release-unsigned.apk
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: Zimperium.sarif