Merge branch 'main' into main
This commit is contained in:
@@ -0,0 +1,55 @@
|
||||
# This workflow uses actions that are not certified by GitHub.
|
||||
# They are provided by a third-party and are governed by
|
||||
# separate terms of service, privacy policy, and support
|
||||
# documentation.
|
||||
#
|
||||
# NowSecure: The Mobile Security Experts <https://www.nowsecure.com/>.
|
||||
#
|
||||
# To use this workflow, you must have a token for NowSecure Platform. If you are a NowSecure customer,
|
||||
# you can find it in NowSecure Platform.
|
||||
#
|
||||
# If you *are not* a NowSecure customer, click here to sign up for a free trial to get access:
|
||||
# <https://bit.ly/ns-git-sbom>.
|
||||
#
|
||||
# Instructions:
|
||||
#
|
||||
# 1. In the settings for your repository, click "Secrets" then "New repository secret". Name the secret "NS_TOKEN" and
|
||||
# paste in your Platform token. If you do not have a Platform token, or wish to create a new one for GitHub, visit
|
||||
# NowSecure Platform and go to "Profile & Preferences" then create a token labelled "GitHub".
|
||||
#
|
||||
# 2. Follow the annotated workflow below and make any necessary modifications then save the workflow to your repository
|
||||
# and review the "Dependency graph" tab in the "Insights" pane once the action has run.
|
||||
|
||||
name: "NowSecure Mobile SBOM"
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ $default-branch, $protected-branches ]
|
||||
pull_request:
|
||||
# The branches below must be a subset of the branches above
|
||||
branches: [ $default-branch ]
|
||||
schedule:
|
||||
- cron: $cron-weekly
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
nowsecure:
|
||||
name: NowSecure Mobile SBOM
|
||||
runs-on: ubuntu-latest
|
||||
permissions:
|
||||
contents: read
|
||||
steps:
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v3
|
||||
|
||||
- name: Build your application
|
||||
run: ./gradlew assembleDebug # Update this to build your Android or iOS application
|
||||
|
||||
- name: NowSecure upload app
|
||||
uses: nowsecure/nowsecure-sbom-action@ecb731b6f17a83fa53f756f9dae2ec7034c5ed7c
|
||||
with:
|
||||
token: ${{ secrets.NS_TOKEN }}
|
||||
app_file: app-debug.apk # Update this to a path to your .ipa or .apk
|
||||
group_id: {{ groupId }} # Update this to your desired Platform group ID
|
||||
@@ -0,0 +1,21 @@
|
||||
{
|
||||
"name": "NowSecure Mobile SBOM",
|
||||
"creator": "NowSecure",
|
||||
"description": "Generate a Mobile SBOM for an application and submit to Dependency Graph",
|
||||
"iconName": "nowsecure",
|
||||
"categories": [
|
||||
"Code Scanning",
|
||||
"Java",
|
||||
"Kotlin",
|
||||
"Scala",
|
||||
"Swift",
|
||||
"Objective C",
|
||||
"C",
|
||||
"C++",
|
||||
"C#",
|
||||
"Rust",
|
||||
"JavaScript",
|
||||
"TypeScript",
|
||||
"Node"
|
||||
]
|
||||
}
|
||||
@@ -0,0 +1,14 @@
|
||||
{
|
||||
"name": "zScan",
|
||||
"creator": "Zimperium",
|
||||
"description": "The zimperium-zscan GitHub action scans your mobile app binary (iOS or Android) and identifies security, privacy, and compliance-related vulnerabilities. ",
|
||||
"iconName": "zscan",
|
||||
"categories": [
|
||||
"Code Scanning",
|
||||
"Java",
|
||||
"Kotlin",
|
||||
"Scala",
|
||||
"Swift",
|
||||
"Objective C"
|
||||
]
|
||||
}
|
||||
@@ -0,0 +1,61 @@
|
||||
# This workflow uses actions that are not certified by GitHub.
|
||||
# They are provided by a third-party and are governed by
|
||||
# separate terms of service, privacy policy, and support
|
||||
# documentation.
|
||||
#
|
||||
# The zimperium-zscan GitHub action scans your mobile app binary (iOS or Android)
|
||||
# and identifies security, privacy, and compliance-related vulnerabilities.
|
||||
#
|
||||
# Prerequisites:
|
||||
# * An active Zimperium zScan account is required. If you are not an existing Zimperium
|
||||
# zScan customer, please request a zSCAN demo by visiting https://www.zimperium.com/contact-us.
|
||||
# * Either GitHub Advanced Security (GHAS) or a public repository is required to display
|
||||
# issues and view the remediation information inside of GitHub code scanning alerts.
|
||||
#
|
||||
# For additional information and setup instructions
|
||||
# please visit: https://github.com/Zimperium/zScanMarketplace#readme
|
||||
|
||||
name: "Zimperium zScan"
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ $default-branch, $protected-branches ]
|
||||
pull_request:
|
||||
branches: [ $default-branch ]
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
zscan:
|
||||
name: zScan
|
||||
runs-on: ubuntu-latest
|
||||
permissions:
|
||||
contents: read # for actions/checkout to fetch code
|
||||
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
|
||||
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v3
|
||||
|
||||
- name: Execute gradle build
|
||||
run: ./gradlew build # Change this to build your mobile application
|
||||
|
||||
- name: Run Zimperium zScan
|
||||
uses: zimperium/zscanmarketplace@bfc6670f6648d796098c251ccefcfdb98983174d
|
||||
timeout-minutes: 60
|
||||
with:
|
||||
# REPLACE: Zimperium Client Environment Name
|
||||
client_env: env_string
|
||||
# REPLACE: Zimperium Client ID
|
||||
client_id: id_string
|
||||
# REPLACE: Zimperium Client Secret
|
||||
client_secret: ${{ secrets.ZSCAN_CLIENT_SECRET }}
|
||||
# REPLACE: The path to an .ipa or .apk
|
||||
app_file: app-release-unsigned.apk
|
||||
|
||||
- name: Upload SARIF file
|
||||
uses: github/codeql-action/upload-sarif@v2
|
||||
with:
|
||||
sarif_file: Zimperium.sarif
|
||||
|
||||
Reference in New Issue
Block a user