From 14ce90e99f9db28d05cc0a81e2b63370e034db38 Mon Sep 17 00:00:00 2001 From: h0x0er <84621253+h0x0er@users.noreply.github.com> Date: Mon, 14 Feb 2022 11:13:30 +0530 Subject: [PATCH 1/9] added github_token permissions --- code-scanning/semgrep.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/code-scanning/semgrep.yml b/code-scanning/semgrep.yml index 827387b..f99d441 100644 --- a/code-scanning/semgrep.yml +++ b/code-scanning/semgrep.yml @@ -19,8 +19,14 @@ on: schedule: - cron: $cron-weekly +permissions: + contents: read + jobs: semgrep: + permissions: + contents: read # for actions/checkout to fetch code + security-events: write # for github/codeql-action/upload-sarif to upload SARIF results name: Scan runs-on: ubuntu-latest steps: From d8a2673986720cf4f579448519c77a37d861d53e Mon Sep 17 00:00:00 2001 From: arjundashrath <54043589+arjundashrath@users.noreply.github.com> Date: Mon, 14 Feb 2022 12:59:51 +0530 Subject: [PATCH 2/9] Update prisma.yml --- code-scanning/prisma.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/code-scanning/prisma.yml b/code-scanning/prisma.yml index 5323d1b..5b11482 100644 --- a/code-scanning/prisma.yml +++ b/code-scanning/prisma.yml @@ -21,8 +21,14 @@ on: schedule: - cron: $cron-weekly +permissions: + contents: read + jobs: prisma_cloud_iac_scan: + permissions: + contents: read # for actions/checkout to fetch code + security-events: write # for github/codeql-action/upload-sarif to upload SARIF results runs-on: ubuntu-latest name: Run Prisma Cloud IaC Scan to check steps: From 4333c79965dc3415883fbb3d4c4b2d4e6d6f2e3f Mon Sep 17 00:00:00 2001 From: arjundashrath <54043589+arjundashrath@users.noreply.github.com> Date: Mon, 14 Feb 2022 13:08:08 +0530 Subject: [PATCH 3/9] Update codacy.yml --- code-scanning/codacy.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/code-scanning/codacy.yml b/code-scanning/codacy.yml index 50185ad..4892930 100644 --- a/code-scanning/codacy.yml +++ b/code-scanning/codacy.yml @@ -22,8 +22,14 @@ on: schedule: - cron: $cron-weekly +permissions: + contents: read + jobs: codacy-security-scan: + permissions: + contents: read # for actions/checkout to fetch code + security-events: write # for github/codeql-action/upload-sarif to upload SARIF results name: Codacy Security Scan runs-on: ubuntu-latest steps: From aa4aa29543b6a72c397d9285abd94d91c41984fd Mon Sep 17 00:00:00 2001 From: Shubham malik Date: Mon, 14 Feb 2022 15:51:06 +0530 Subject: [PATCH 4/9] Update stackhawk.yml --- code-scanning/stackhawk.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/code-scanning/stackhawk.yml b/code-scanning/stackhawk.yml index 9701b1f..af220c0 100644 --- a/code-scanning/stackhawk.yml +++ b/code-scanning/stackhawk.yml @@ -37,8 +37,14 @@ on: schedule: - cron: $cron-weekly +permissions: + contents: read + jobs: stackhawk: + permissions: + contents: read # for actions/checkout to fetch code + security-events: write # for stackhawk/hawkscan-action to upload code scanning alert info name: StackHawk runs-on: ubuntu-20.04 steps: From 6706b36121ab6c4b497c145160f85b056fe12347 Mon Sep 17 00:00:00 2001 From: Shubham malik Date: Tue, 15 Feb 2022 16:04:39 +0530 Subject: [PATCH 5/9] Update njsscan.yml --- code-scanning/njsscan.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/code-scanning/njsscan.yml b/code-scanning/njsscan.yml index 8077f76..a6da087 100644 --- a/code-scanning/njsscan.yml +++ b/code-scanning/njsscan.yml @@ -17,8 +17,14 @@ on: schedule: - cron: $cron-weekly +permissions: + contents: read + jobs: njsscan: + permissions: + contents: read # for actions/checkout to fetch code + security-events: write # for github/codeql-action/upload-sarif to upload SARIF results runs-on: ubuntu-latest name: njsscan code scanning steps: From 3394a8e62f54f84b23c843b970d4ca143013db12 Mon Sep 17 00:00:00 2001 From: Shubham malik Date: Tue, 15 Feb 2022 16:38:05 +0530 Subject: [PATCH 6/9] Update mobsf.yml --- code-scanning/mobsf.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/code-scanning/mobsf.yml b/code-scanning/mobsf.yml index 689a1a0..d8eaa92 100644 --- a/code-scanning/mobsf.yml +++ b/code-scanning/mobsf.yml @@ -13,8 +13,14 @@ on: schedule: - cron: $cron-weekly +permissions: + contents: read + jobs: mobile-security: + permissions: + contents: read # for actions/checkout to fetch code + security-events: write # for github/codeql-action/upload-sarif to upload SARIF results runs-on: ubuntu-latest steps: @@ -33,4 +39,4 @@ jobs: - name: Upload mobsfscan report uses: github/codeql-action/upload-sarif@v1 with: - sarif_file: results.sarif \ No newline at end of file + sarif_file: results.sarif From 6a5dc3a7538ff504a39f33cc73855ad4dedcf3e0 Mon Sep 17 00:00:00 2001 From: arjundashrath <54043589+arjundashrath@users.noreply.github.com> Date: Thu, 17 Feb 2022 08:50:23 +0530 Subject: [PATCH 7/9] Update sysdig-scan.yml --- code-scanning/sysdig-scan.yml | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/code-scanning/sysdig-scan.yml b/code-scanning/sysdig-scan.yml index 49841d7..f9b29fc 100644 --- a/code-scanning/sysdig-scan.yml +++ b/code-scanning/sysdig-scan.yml @@ -13,10 +13,17 @@ on: schedule: - cron: $cron-weekly +permissions: + contents: read + jobs: build: + permissions: + checks: write # for sysdiglabs/scan-action to publish the checks + contents: read # for actions/checkout to fetch code + security-events: write # for github/codeql-action/upload-sarif to upload SARIF results runs-on: ubuntu-latest steps: @@ -51,4 +58,4 @@ jobs: #Upload SARIF file if: always() with: - sarif_file: ${{ steps.scan.outputs.sarifReport }} \ No newline at end of file + sarif_file: ${{ steps.scan.outputs.sarifReport }} From ed9202263d2954cd84dc11e0068ea5744268e8ab Mon Sep 17 00:00:00 2001 From: laurentsimon Date: Fri, 18 Feb 2022 01:00:27 +0000 Subject: [PATCH 8/9] Update hash for scorecard's v1.0.4 release --- code-scanning/scorecards.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/code-scanning/scorecards.yml b/code-scanning/scorecards.yml index 618ce28..d63b462 100644 --- a/code-scanning/scorecards.yml +++ b/code-scanning/scorecards.yml @@ -27,7 +27,7 @@ jobs: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@c8416b0b2bf627c349ca92fc8e3de51a64b005cf # v1.0.2 + uses: ossf/scorecard-action@c1aec4ac820532bab364f02a81873c555a0ba3a1 # v1.0.4 with: results_file: results.sarif results_format: sarif From 300f303442f956de563b7f301f652d94acb60cde Mon Sep 17 00:00:00 2001 From: Atul Malaviya Date: Sun, 20 Feb 2022 02:18:18 -0600 Subject: [PATCH 9/9] Added PR trigger (#1448) --- ci/msbuild.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/ci/msbuild.yml b/ci/msbuild.yml index 29b6ace..e650e2a 100644 --- a/ci/msbuild.yml +++ b/ci/msbuild.yml @@ -1,6 +1,10 @@ name: MSBuild -on: [push] +on: + push: + branches: [ $default-branch ] + pull_request: + branches: [ $default-branch ] env: # Path to the solution file relative to the root of the project.