From 6daaf84bb339a571defa58852159d40c88d94f1c Mon Sep 17 00:00:00 2001 From: Zachary Conger Date: Thu, 17 Jun 2021 06:40:39 -0600 Subject: [PATCH] update everything to emphasize stackhawk not hawkscan --- .../properties/stackhawk.properties.json | 24 ++++++++ code-scanning/stackhawk.yml | 57 +++++++++++++++++++ icons/stackhawk.svg | 17 ++++++ 3 files changed, 98 insertions(+) create mode 100644 code-scanning/properties/stackhawk.properties.json create mode 100644 code-scanning/stackhawk.yml create mode 100644 icons/stackhawk.svg diff --git a/code-scanning/properties/stackhawk.properties.json b/code-scanning/properties/stackhawk.properties.json new file mode 100644 index 0000000..de29b7a --- /dev/null +++ b/code-scanning/properties/stackhawk.properties.json @@ -0,0 +1,24 @@ +{ + "name": "StackHawk", + "creator": "StackHawk", + "description": "Integrate dynamic application security testing (DAST) into your CI pipeline with StackHawk", + "iconName": "stackhawk", + "categories": [ + "Code Scanning", + "C", + "C#", + "C++", + "Go", + "Java", + "JavaScript", + "Kotlin", + "Objective C", + "PHP", + "Python", + "Ruby", + "Rust", + "Scala", + "Swift", + "TypeScript" + ] +} diff --git a/code-scanning/stackhawk.yml b/code-scanning/stackhawk.yml new file mode 100644 index 0000000..e445bb4 --- /dev/null +++ b/code-scanning/stackhawk.yml @@ -0,0 +1,57 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +# 🦅 STACKHAWK https://stackhawk.com + +# The StackHawk HawkScan action makes it easy to integrate dynamic application security testing (DAST) into your +# CI pipeline. See the Getting Started guide (https://docs.stackhawk.com/hawkscan/) to get up and running with +# StackHawk quickly. + +# To use this workflow, you must: +# +# 1. Create an API Key and Application: Sign up for a free StackHawk account to obtain an API Key and +# create your first app and configuration file at https://app.stackhawk.com. +# +# 2. Save your API Key as a Secret: Save your API key as a GitHub Secret named HAWK_API_KEY. +# +# 3. Add your Config File: Add your stackhawk.yml configuration file to the base of your repository directory. +# +# 4. Set the Scan Failure Threshold: Add the hawk.failureThreshold configuration option +# (https://docs.stackhawk.com/hawkscan/configuration/#hawk) to your stackhawk.yml configuration file. If your scan +# produces alerts that meet or exceed the hawk.failureThreshold alert level, the scan will return exit code 42 +# and trigger a Code Scanning alert with a link to your scan results. +# +# 5. Update the "Start your service" Step: Update the "Start your service" step in the StackHawk workflow below to +# start your service so that it can be scanned with the "Run HawkScan" step. + + +name: "StackHawk" + +on: + push: + branches: [ $default-branch, $protected-branches ] + pull_request: + branches: [ $default-branch ] + schedule: + - cron: $cron-weekly + +jobs: + stackhawk: + name: StackHawk + runs-on: ubuntu-20.04 + steps: + - name: Checkout code + uses: actions/checkout@v2 + + - name: Start your service + run: ./your-service.sh & # ✏️ Update this to run your own service to be scanned + + - name: Run HawkScan + uses: stackhawk/hawkscan-action@v1.3.0 + continue-on-error: true # ✏️ Set to false to break your build on scan errors + with: + apiKey: ${{ secrets.HAWK_API_KEY }} + codeScanningAlerts: true + githubToken: ${{ github.token }} diff --git a/icons/stackhawk.svg b/icons/stackhawk.svg new file mode 100644 index 0000000..6b47520 --- /dev/null +++ b/icons/stackhawk.svg @@ -0,0 +1,17 @@ + + + + + + + + + + + + + + + + +