From 1c4f13f8814ed74b3bd7e63b864c65bde209dd52 Mon Sep 17 00:00:00 2001 From: Gabe Stocco <98900+gfs@users.noreply.github.com> Date: Tue, 25 May 2021 17:32:21 -0700 Subject: [PATCH 01/10] Adds DevSkim example file --- code-scanning/devskim.yml | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 code-scanning/devskim.yml diff --git a/code-scanning/devskim.yml b/code-scanning/devskim.yml new file mode 100644 index 0000000..b668b14 --- /dev/null +++ b/code-scanning/devskim.yml @@ -0,0 +1,35 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +name: DevSkim + +on: + push: + branches: [ $default-branch, $protected-branches ] + pull_request: + # The branches below must be a subset of the branches above + branches: [ $default-branch ] + schedule: + - cron: $cron-weekly + +jobs: + lint: + name: DevSkim + runs-on: ubuntu-20.04 + permissions: + actions: read + contents: read + security-events: write + steps: + - name: Checkout code + uses: actions/checkout@v2 + + - name: Run DevSkim scanner + uses: microsoft/DevSkim-Action@v1 + + - name: Upload DevSkim scan results to GitHub Security tab + uses: github/codeql-action/upload-sarif@v1 + with: + sarif_file: devskim-results.sarif \ No newline at end of file From d0779b618fe7a8b89791a2d154b2633f6cbae869 Mon Sep 17 00:00:00 2001 From: Gabe Stocco <98900+gfs@users.noreply.github.com> Date: Tue, 25 May 2021 17:32:55 -0700 Subject: [PATCH 02/10] Update devskim.yml --- code-scanning/devskim.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/code-scanning/devskim.yml b/code-scanning/devskim.yml index b668b14..0aae4e8 100644 --- a/code-scanning/devskim.yml +++ b/code-scanning/devskim.yml @@ -32,4 +32,5 @@ jobs: - name: Upload DevSkim scan results to GitHub Security tab uses: github/codeql-action/upload-sarif@v1 with: - sarif_file: devskim-results.sarif \ No newline at end of file + sarif_file: devskim-results.sarif + should-scan-archives: false \ No newline at end of file From 98db90085801aaada3adad829688e454f93d044f Mon Sep 17 00:00:00 2001 From: Gabe Stocco <98900+gfs@users.noreply.github.com> Date: Tue, 25 May 2021 17:36:54 -0700 Subject: [PATCH 03/10] Add logo and properties.json --- code-scanning/properties/devskim.properties.json | 7 +++++++ icons/cst-logo.svg | 11 +++++++++++ 2 files changed, 18 insertions(+) create mode 100644 code-scanning/properties/devskim.properties.json create mode 100644 icons/cst-logo.svg diff --git a/code-scanning/properties/devskim.properties.json b/code-scanning/properties/devskim.properties.json new file mode 100644 index 0000000..1dcc121 --- /dev/null +++ b/code-scanning/properties/devskim.properties.json @@ -0,0 +1,7 @@ +{ + "name": "DevSkim", + "creator": "Microsoft CST-E", + "description": "Security issue linter.", + "iconName": "cst-logo", + "categories": ["Code Scanning"] +} diff --git a/icons/cst-logo.svg b/icons/cst-logo.svg new file mode 100644 index 0000000..7ecffdd --- /dev/null +++ b/icons/cst-logo.svg @@ -0,0 +1,11 @@ + + + + + + From c0f3fd1127961fb342c5d7de96a849ce55b556a5 Mon Sep 17 00:00:00 2001 From: Gabe Stocco <98900+gfs@users.noreply.github.com> Date: Tue, 25 May 2021 17:39:15 -0700 Subject: [PATCH 04/10] Update devskim.properties.json --- code-scanning/properties/devskim.properties.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/code-scanning/properties/devskim.properties.json b/code-scanning/properties/devskim.properties.json index 1dcc121..6412a17 100644 --- a/code-scanning/properties/devskim.properties.json +++ b/code-scanning/properties/devskim.properties.json @@ -3,5 +3,5 @@ "creator": "Microsoft CST-E", "description": "Security issue linter.", "iconName": "cst-logo", - "categories": ["Code Scanning"] + "categories": ["Code Scanning", "C", "C#", "C++", "Go", "Java", "JavaScript", "TypeScript", "Python", "Powershell", "Cobol", "Objective C", "PHP", "Ruby", "Rust", "SQL", "Swift", "Visual Basic"] } From 72fb7d83894441f62267c599709be21a03978bbc Mon Sep 17 00:00:00 2001 From: Gabe Stocco <98900+gfs@users.noreply.github.com> Date: Tue, 25 May 2021 17:44:51 -0700 Subject: [PATCH 05/10] Update devskim.yml --- code-scanning/devskim.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/code-scanning/devskim.yml b/code-scanning/devskim.yml index 0aae4e8..1b6ea44 100644 --- a/code-scanning/devskim.yml +++ b/code-scanning/devskim.yml @@ -26,11 +26,13 @@ jobs: - name: Checkout code uses: actions/checkout@v2 + # Enable Should Scan Archives to scan all files inside archives as well - name: Run DevSkim scanner uses: microsoft/DevSkim-Action@v1 + with: + should-scan-archives: false - name: Upload DevSkim scan results to GitHub Security tab uses: github/codeql-action/upload-sarif@v1 with: sarif_file: devskim-results.sarif - should-scan-archives: false \ No newline at end of file From 1f734b1213323fba15a97c3b4892963046d4a087 Mon Sep 17 00:00:00 2001 From: Gabe Stocco <98900+gfs@users.noreply.github.com> Date: Wed, 26 May 2021 05:08:44 -0700 Subject: [PATCH 06/10] Update devskim.properties.json --- code-scanning/properties/devskim.properties.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/code-scanning/properties/devskim.properties.json b/code-scanning/properties/devskim.properties.json index 6412a17..377b1da 100644 --- a/code-scanning/properties/devskim.properties.json +++ b/code-scanning/properties/devskim.properties.json @@ -1,7 +1,7 @@ { "name": "DevSkim", "creator": "Microsoft CST-E", - "description": "Security issue linter.", + "description": "DevSkim is a security linter for multiple programming languages which indicates potentially unsafe code patterns.", "iconName": "cst-logo", "categories": ["Code Scanning", "C", "C#", "C++", "Go", "Java", "JavaScript", "TypeScript", "Python", "Powershell", "Cobol", "Objective C", "PHP", "Ruby", "Rust", "SQL", "Swift", "Visual Basic"] } From 16a4b621815b3abd69039707eb45aa358d1c7459 Mon Sep 17 00:00:00 2001 From: Gabe Stocco <98900+gfs@users.noreply.github.com> Date: Wed, 26 May 2021 08:26:56 -0700 Subject: [PATCH 07/10] Update cst-logo.svg --- icons/cst-logo.svg | 20 +++++++++----------- 1 file changed, 9 insertions(+), 11 deletions(-) diff --git a/icons/cst-logo.svg b/icons/cst-logo.svg index 7ecffdd..6b0ed78 100644 --- a/icons/cst-logo.svg +++ b/icons/cst-logo.svg @@ -1,11 +1,9 @@ - - - - - - + + + + + + + + + \ No newline at end of file From 0fdd36cae158e489dd50164ba6bd1de28b4211dd Mon Sep 17 00:00:00 2001 From: Gabe Stocco <98900+gfs@users.noreply.github.com> Date: Wed, 26 May 2021 08:36:28 -0700 Subject: [PATCH 08/10] Update devskim.properties.json --- code-scanning/properties/devskim.properties.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/code-scanning/properties/devskim.properties.json b/code-scanning/properties/devskim.properties.json index 377b1da..0eab5c6 100644 --- a/code-scanning/properties/devskim.properties.json +++ b/code-scanning/properties/devskim.properties.json @@ -1,7 +1,7 @@ { "name": "DevSkim", "creator": "Microsoft CST-E", - "description": "DevSkim is a security linter for multiple programming languages which indicates potentially unsafe code patterns.", + "description": "DevSkim is security linter that highlights common security issues in source code.", "iconName": "cst-logo", "categories": ["Code Scanning", "C", "C#", "C++", "Go", "Java", "JavaScript", "TypeScript", "Python", "Powershell", "Cobol", "Objective C", "PHP", "Ruby", "Rust", "SQL", "Swift", "Visual Basic"] } From 9c10407107c689af9fdfb0a434317af52a565144 Mon Sep 17 00:00:00 2001 From: Gabe Stocco <98900+gfs@users.noreply.github.com> Date: Wed, 26 May 2021 08:37:19 -0700 Subject: [PATCH 09/10] Update devskim.yml --- code-scanning/devskim.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/code-scanning/devskim.yml b/code-scanning/devskim.yml index 1b6ea44..3a5c45f 100644 --- a/code-scanning/devskim.yml +++ b/code-scanning/devskim.yml @@ -9,7 +9,6 @@ on: push: branches: [ $default-branch, $protected-branches ] pull_request: - # The branches below must be a subset of the branches above branches: [ $default-branch ] schedule: - cron: $cron-weekly @@ -26,11 +25,8 @@ jobs: - name: Checkout code uses: actions/checkout@v2 - # Enable Should Scan Archives to scan all files inside archives as well - name: Run DevSkim scanner uses: microsoft/DevSkim-Action@v1 - with: - should-scan-archives: false - name: Upload DevSkim scan results to GitHub Security tab uses: github/codeql-action/upload-sarif@v1 From ef2ae0412b4176c94dfb3abdd6495402623ca5bc Mon Sep 17 00:00:00 2001 From: Gabe Stocco <98900+gfs@users.noreply.github.com> Date: Wed, 9 Jun 2021 08:24:51 -0700 Subject: [PATCH 10/10] Update cst-logo.svg --- icons/cst-logo.svg | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/icons/cst-logo.svg b/icons/cst-logo.svg index 6b0ed78..a7beb3d 100644 --- a/icons/cst-logo.svg +++ b/icons/cst-logo.svg @@ -1,9 +1,5 @@ - - - - - \ No newline at end of file +