Merge branch 'main' into main
This commit is contained in:
@@ -49,6 +49,7 @@ jobs:
|
||||
Trigger APIsec scan:
|
||||
permissions:
|
||||
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
|
||||
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
|
||||
@@ -25,6 +25,7 @@ jobs:
|
||||
permissions:
|
||||
contents: read # for actions/checkout to fetch code
|
||||
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
|
||||
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
|
||||
name: Brakeman Scan
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
|
||||
@@ -29,6 +29,7 @@ jobs:
|
||||
issues: write # for checkmarx-ts/checkmarx-cxflow-github-action to write feedback to github issues
|
||||
pull-requests: write # for checkmarx-ts/checkmarx-cxflow-github-action to write feedback to PR
|
||||
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
|
||||
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
# Steps require - checkout code, run CxFlow Action, Upload SARIF report (optional)
|
||||
|
||||
@@ -24,6 +24,7 @@ jobs:
|
||||
permissions:
|
||||
contents: read
|
||||
security-events: write
|
||||
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
|
||||
steps:
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v2
|
||||
|
||||
@@ -29,6 +29,7 @@ jobs:
|
||||
permissions:
|
||||
contents: read
|
||||
security-events: write
|
||||
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
|
||||
steps:
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v2
|
||||
|
||||
@@ -30,6 +30,7 @@ jobs:
|
||||
permissions:
|
||||
contents: read # for actions/checkout to fetch code
|
||||
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
|
||||
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
|
||||
name: Codacy Security Scan
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
|
||||
@@ -70,3 +70,5 @@ jobs:
|
||||
|
||||
- name: Perform CodeQL Analysis
|
||||
uses: github/codeql-action/analyze@v2
|
||||
with:
|
||||
category: "/language:${{matrix.language}}"
|
||||
|
||||
@@ -25,6 +25,7 @@ jobs:
|
||||
permissions:
|
||||
contents: read # for actions/checkout to fetch code
|
||||
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
|
||||
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
|
||||
@@ -30,6 +30,7 @@ jobs:
|
||||
permissions:
|
||||
contents: read # for actions/checkout
|
||||
security-events: write # for github/codeql-action/upload-sarif
|
||||
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
|
||||
runs-on: ubuntu-latest
|
||||
# check out project
|
||||
steps:
|
||||
|
||||
@@ -25,6 +25,7 @@ jobs:
|
||||
permissions:
|
||||
contents: read
|
||||
security-events: write
|
||||
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
|
||||
steps:
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v3
|
||||
|
||||
@@ -37,7 +37,7 @@ jobs:
|
||||
# node-version: "16.x"
|
||||
|
||||
|
||||
- uses: jfrog/frogbot@34759934930c177bdefba6ca3a417589d4db6cab
|
||||
- uses: jfrog/frogbot@9304d3b1d8e05a1b5fc0ba9ebf9ffbd495386250
|
||||
env:
|
||||
# [Mandatory]
|
||||
# JFrog platform URL (This functionality requires version 3.29.0 or above of Xray)
|
||||
|
||||
@@ -42,7 +42,7 @@ jobs:
|
||||
|
||||
# The full template list with the required GitHub Actions can be found at https://github.com/jfrog/frogbot/tree/master/templates/github-actions/scan-pull-request
|
||||
|
||||
- uses: jfrog/frogbot@34759934930c177bdefba6ca3a417589d4db6cab
|
||||
- uses: jfrog/frogbot@9304d3b1d8e05a1b5fc0ba9ebf9ffbd495386250
|
||||
env:
|
||||
# [Mandatory]
|
||||
# JFrog platform URL (This functionality requires version 3.29.0 or above of Xray)
|
||||
|
||||
@@ -27,7 +27,7 @@ jobs:
|
||||
permissions:
|
||||
contents: read # for actions/checkout to fetch code
|
||||
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
|
||||
|
||||
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
|
||||
steps:
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v3
|
||||
|
||||
@@ -29,6 +29,7 @@ jobs:
|
||||
permissions:
|
||||
contents: read # for checkout to fetch code
|
||||
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
|
||||
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
|
||||
|
||||
steps:
|
||||
- name: Checkout code
|
||||
|
||||
@@ -21,6 +21,7 @@ jobs:
|
||||
permissions:
|
||||
contents: read # for actions/checkout to fetch code
|
||||
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
|
||||
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
|
||||
@@ -28,6 +28,7 @@ jobs:
|
||||
permissions:
|
||||
contents: read # for actions/checkout to fetch code
|
||||
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
|
||||
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
|
||||
name: Analyze
|
||||
runs-on: windows-latest
|
||||
|
||||
|
||||
@@ -25,6 +25,7 @@ jobs:
|
||||
permissions:
|
||||
contents: read # for actions/checkout to fetch code
|
||||
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
|
||||
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
|
||||
runs-on: ubuntu-latest
|
||||
name: njsscan code scanning
|
||||
steps:
|
||||
|
||||
@@ -27,6 +27,7 @@ jobs:
|
||||
permissions:
|
||||
contents: read # for actions/checkout to fetch code
|
||||
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
|
||||
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
|
||||
runs-on: windows-latest
|
||||
|
||||
steps:
|
||||
|
||||
@@ -34,6 +34,7 @@ jobs:
|
||||
permissions:
|
||||
contents: read # for checkout to fetch code
|
||||
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
|
||||
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
|
||||
|
||||
steps:
|
||||
- name: Checkout code
|
||||
|
||||
@@ -21,6 +21,7 @@ jobs:
|
||||
permissions:
|
||||
contents: read # for actions/checkout to fetch code
|
||||
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
|
||||
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
|
||||
@@ -25,13 +25,14 @@ jobs:
|
||||
permissions:
|
||||
contents: read # for actions/checkout to fetch code
|
||||
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
|
||||
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
|
||||
name: PSScriptAnalyzer
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
|
||||
- name: Run PSScriptAnalyzer
|
||||
uses: microsoft/psscriptanalyzer-action@2044ae068e37d0161fa2127de04c19633882f061
|
||||
uses: microsoft/psscriptanalyzer-action@6b2948b1944407914a58661c49941824d149734f
|
||||
with:
|
||||
# Check https://github.com/microsoft/action-psscriptanalyzer for more info about the options.
|
||||
# The below set up runs PSScriptAnalyzer to your entire repository and runs some basic security rules.
|
||||
|
||||
@@ -29,6 +29,7 @@ jobs:
|
||||
permissions:
|
||||
contents: read # for actions/checkout to fetch code
|
||||
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
|
||||
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
|
||||
runs-on: ubuntu-latest
|
||||
name: Run Prisma Cloud IaC Scan to check
|
||||
steps:
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
{
|
||||
"name": "CodeQL Analysis",
|
||||
"creator": "GitHub",
|
||||
"enterprise": true,
|
||||
"description": "Security analysis from GitHub for C, C++, C#, Go, Java, JavaScript, TypeScript, Python, and Ruby developers.",
|
||||
"iconName": "octicon mark-github",
|
||||
"categories": ["Code Scanning", "C", "C++", "C#", "Go", "Java", "JavaScript", "TypeScript", "Python", "Ruby"]
|
||||
|
||||
@@ -2,10 +2,11 @@
|
||||
"name": "ESLint",
|
||||
"description": "A tool for identifying and reporting the problems found in ECMAScript/JavaScript code.",
|
||||
"iconName": "eslint",
|
||||
"enterprise": false,
|
||||
"categories": [
|
||||
"Code Scanning",
|
||||
"JavaScript",
|
||||
"EcmaScript",
|
||||
"TypeScript"
|
||||
]
|
||||
}
|
||||
}
|
||||
|
||||
@@ -29,6 +29,7 @@ jobs:
|
||||
permissions:
|
||||
contents: read # for checkout to fetch code
|
||||
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
|
||||
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
|
||||
|
||||
steps:
|
||||
- name: Checkout code
|
||||
|
||||
@@ -25,6 +25,7 @@ jobs:
|
||||
permissions:
|
||||
contents: read
|
||||
security-events: write
|
||||
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
|
||||
steps:
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v2
|
||||
|
||||
@@ -17,12 +17,12 @@ jobs:
|
||||
permissions:
|
||||
# Needed to upload the results to code-scanning dashboard.
|
||||
security-events: write
|
||||
# Used to receive a badge. (Upcoming feature)
|
||||
# Used to receive a badge.
|
||||
id-token: write
|
||||
# Needs for private repositories.
|
||||
contents: read
|
||||
actions: read
|
||||
|
||||
|
||||
steps:
|
||||
- name: "Checkout code"
|
||||
uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # tag=v3.0.0
|
||||
@@ -30,7 +30,7 @@ jobs:
|
||||
persist-credentials: false
|
||||
|
||||
- name: "Run analysis"
|
||||
uses: ossf/scorecard-action@3e15ea8318eee9b333819ec77a36aca8d39df13e # tag=v1.1.1
|
||||
uses: ossf/scorecard-action@865b4092859256271290c77adbd10a43f4779972 # tag=v2.0.3
|
||||
with:
|
||||
results_file: results.sarif
|
||||
results_format: sarif
|
||||
@@ -41,8 +41,8 @@ jobs:
|
||||
# repo_token: ${{ secrets.SCORECARD_READ_TOKEN }}
|
||||
|
||||
# Publish the results for public repositories to enable scorecard badges. For more details, see
|
||||
# https://github.com/ossf/scorecard-action#publishing-results.
|
||||
# For private repositories, `publish_results` will automatically be set to `false`, regardless
|
||||
# https://github.com/ossf/scorecard-action#publishing-results.
|
||||
# For private repositories, `publish_results` will automatically be set to `false`, regardless
|
||||
# of the value entered here.
|
||||
publish_results: true
|
||||
|
||||
@@ -54,7 +54,7 @@ jobs:
|
||||
name: SARIF file
|
||||
path: results.sarif
|
||||
retention-days: 5
|
||||
|
||||
|
||||
# Upload the results to GitHub's code scanning dashboard.
|
||||
- name: "Upload to code-scanning"
|
||||
uses: github/codeql-action/upload-sarif@5f532563584d71fdef14ee64d17bafb34f751ce5 # tag=v1.0.26
|
||||
|
||||
@@ -27,6 +27,7 @@ jobs:
|
||||
permissions:
|
||||
contents: read # for actions/checkout to fetch code
|
||||
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
|
||||
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
|
||||
name: Scan
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
|
||||
@@ -30,6 +30,7 @@ jobs:
|
||||
permissions:
|
||||
contents: read # for actions/checkout to fetch code
|
||||
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
|
||||
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
|
||||
@@ -29,6 +29,7 @@ jobs:
|
||||
permissions:
|
||||
contents: read # for actions/checkout to fetch code
|
||||
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
|
||||
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
|
||||
@@ -28,6 +28,7 @@ jobs:
|
||||
permissions:
|
||||
contents: read # for actions/checkout to fetch code
|
||||
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
|
||||
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
|
||||
@@ -3,13 +3,18 @@
|
||||
# separate terms of service, privacy policy, and support
|
||||
# documentation.
|
||||
#
|
||||
# SOOS is the easy-to-integrate software security solution for your whole team, learn more at https://soos.io/
|
||||
# SOOS is the easy-to-integrate and affordable software security solution for your whole team.
|
||||
# Learn more at https://soos.io/
|
||||
#
|
||||
# To use this action you need to fill the following requirements:
|
||||
# To use this action, perform the following steps:
|
||||
#
|
||||
# 1. Create an account on https://app.soos.io to obtain a Client ID and API Key (Free 30 days trials for both our SCA/DAST product).
|
||||
# 1. Create an account on https://app.soos.io. SOOS offers a free 30 day trial for our SCA and DAST products.
|
||||
#
|
||||
# 2. Set up your API KEY/Client ID as Github Secrets named SOOS_CLIENT_ID & SOOS_API_KEY. (Also set SOOS_GITHUB_PAT with your Github Personal Access Token if you're going to use sarif upload)
|
||||
# 2. Navigate to the "Integrate" page in the SOOS app (https://app.soos.io/integrate). Note the "API Credentials" section of this page; the keys you will need for the next step are here.
|
||||
#
|
||||
# 3. Set up your SOOS API Key and SOOS Client Id as Github Secrets named SOOS_API_KEY and SOOS_CLIENT_ID.
|
||||
#
|
||||
# 4. (Optional) If you'd like to upload SARIF results of DAST scans to GitHub, set SOOS_GITHUB_PAT with your Github Personal Access Token.
|
||||
#
|
||||
|
||||
name: "SOOS DAST Scan"
|
||||
|
||||
@@ -24,6 +24,7 @@ jobs:
|
||||
checks: write # for sysdiglabs/scan-action to publish the checks
|
||||
contents: read # for actions/checkout to fetch code
|
||||
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
|
||||
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
|
||||
@@ -22,6 +22,7 @@ jobs:
|
||||
permissions:
|
||||
contents: read # for actions/checkout to fetch code
|
||||
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
|
||||
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
|
||||
name: Build
|
||||
runs-on: "ubuntu-18.04"
|
||||
steps:
|
||||
|
||||
@@ -27,6 +27,7 @@ jobs:
|
||||
permissions:
|
||||
contents: read # for actions/checkout to fetch code
|
||||
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
|
||||
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
|
||||
|
||||
@@ -51,6 +51,7 @@ jobs:
|
||||
permissions:
|
||||
contents: read # for actions/checkout to fetch code
|
||||
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
|
||||
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
|
||||
Reference in New Issue
Block a user