From 1c4f13f8814ed74b3bd7e63b864c65bde209dd52 Mon Sep 17 00:00:00 2001
From: Gabe Stocco <98900+gfs@users.noreply.github.com>
Date: Tue, 25 May 2021 17:32:21 -0700
Subject: [PATCH 01/10] Adds DevSkim example file
---
code-scanning/devskim.yml | 35 +++++++++++++++++++++++++++++++++++
1 file changed, 35 insertions(+)
create mode 100644 code-scanning/devskim.yml
diff --git a/code-scanning/devskim.yml b/code-scanning/devskim.yml
new file mode 100644
index 0000000..b668b14
--- /dev/null
+++ b/code-scanning/devskim.yml
@@ -0,0 +1,35 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+name: DevSkim
+
+on:
+ push:
+ branches: [ $default-branch, $protected-branches ]
+ pull_request:
+ # The branches below must be a subset of the branches above
+ branches: [ $default-branch ]
+ schedule:
+ - cron: $cron-weekly
+
+jobs:
+ lint:
+ name: DevSkim
+ runs-on: ubuntu-20.04
+ permissions:
+ actions: read
+ contents: read
+ security-events: write
+ steps:
+ - name: Checkout code
+ uses: actions/checkout@v2
+
+ - name: Run DevSkim scanner
+ uses: microsoft/DevSkim-Action@v1
+
+ - name: Upload DevSkim scan results to GitHub Security tab
+ uses: github/codeql-action/upload-sarif@v1
+ with:
+ sarif_file: devskim-results.sarif
\ No newline at end of file
From d0779b618fe7a8b89791a2d154b2633f6cbae869 Mon Sep 17 00:00:00 2001
From: Gabe Stocco <98900+gfs@users.noreply.github.com>
Date: Tue, 25 May 2021 17:32:55 -0700
Subject: [PATCH 02/10] Update devskim.yml
---
code-scanning/devskim.yml | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/code-scanning/devskim.yml b/code-scanning/devskim.yml
index b668b14..0aae4e8 100644
--- a/code-scanning/devskim.yml
+++ b/code-scanning/devskim.yml
@@ -32,4 +32,5 @@ jobs:
- name: Upload DevSkim scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v1
with:
- sarif_file: devskim-results.sarif
\ No newline at end of file
+ sarif_file: devskim-results.sarif
+ should-scan-archives: false
\ No newline at end of file
From 98db90085801aaada3adad829688e454f93d044f Mon Sep 17 00:00:00 2001
From: Gabe Stocco <98900+gfs@users.noreply.github.com>
Date: Tue, 25 May 2021 17:36:54 -0700
Subject: [PATCH 03/10] Add logo and properties.json
---
code-scanning/properties/devskim.properties.json | 7 +++++++
icons/cst-logo.svg | 11 +++++++++++
2 files changed, 18 insertions(+)
create mode 100644 code-scanning/properties/devskim.properties.json
create mode 100644 icons/cst-logo.svg
diff --git a/code-scanning/properties/devskim.properties.json b/code-scanning/properties/devskim.properties.json
new file mode 100644
index 0000000..1dcc121
--- /dev/null
+++ b/code-scanning/properties/devskim.properties.json
@@ -0,0 +1,7 @@
+{
+ "name": "DevSkim",
+ "creator": "Microsoft CST-E",
+ "description": "Security issue linter.",
+ "iconName": "cst-logo",
+ "categories": ["Code Scanning"]
+}
diff --git a/icons/cst-logo.svg b/icons/cst-logo.svg
new file mode 100644
index 0000000..7ecffdd
--- /dev/null
+++ b/icons/cst-logo.svg
@@ -0,0 +1,11 @@
+
From c0f3fd1127961fb342c5d7de96a849ce55b556a5 Mon Sep 17 00:00:00 2001
From: Gabe Stocco <98900+gfs@users.noreply.github.com>
Date: Tue, 25 May 2021 17:39:15 -0700
Subject: [PATCH 04/10] Update devskim.properties.json
---
code-scanning/properties/devskim.properties.json | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/code-scanning/properties/devskim.properties.json b/code-scanning/properties/devskim.properties.json
index 1dcc121..6412a17 100644
--- a/code-scanning/properties/devskim.properties.json
+++ b/code-scanning/properties/devskim.properties.json
@@ -3,5 +3,5 @@
"creator": "Microsoft CST-E",
"description": "Security issue linter.",
"iconName": "cst-logo",
- "categories": ["Code Scanning"]
+ "categories": ["Code Scanning", "C", "C#", "C++", "Go", "Java", "JavaScript", "TypeScript", "Python", "Powershell", "Cobol", "Objective C", "PHP", "Ruby", "Rust", "SQL", "Swift", "Visual Basic"]
}
From 72fb7d83894441f62267c599709be21a03978bbc Mon Sep 17 00:00:00 2001
From: Gabe Stocco <98900+gfs@users.noreply.github.com>
Date: Tue, 25 May 2021 17:44:51 -0700
Subject: [PATCH 05/10] Update devskim.yml
---
code-scanning/devskim.yml | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/code-scanning/devskim.yml b/code-scanning/devskim.yml
index 0aae4e8..1b6ea44 100644
--- a/code-scanning/devskim.yml
+++ b/code-scanning/devskim.yml
@@ -26,11 +26,13 @@ jobs:
- name: Checkout code
uses: actions/checkout@v2
+ # Enable Should Scan Archives to scan all files inside archives as well
- name: Run DevSkim scanner
uses: microsoft/DevSkim-Action@v1
+ with:
+ should-scan-archives: false
- name: Upload DevSkim scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: devskim-results.sarif
- should-scan-archives: false
\ No newline at end of file
From 1f734b1213323fba15a97c3b4892963046d4a087 Mon Sep 17 00:00:00 2001
From: Gabe Stocco <98900+gfs@users.noreply.github.com>
Date: Wed, 26 May 2021 05:08:44 -0700
Subject: [PATCH 06/10] Update devskim.properties.json
---
code-scanning/properties/devskim.properties.json | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/code-scanning/properties/devskim.properties.json b/code-scanning/properties/devskim.properties.json
index 6412a17..377b1da 100644
--- a/code-scanning/properties/devskim.properties.json
+++ b/code-scanning/properties/devskim.properties.json
@@ -1,7 +1,7 @@
{
"name": "DevSkim",
"creator": "Microsoft CST-E",
- "description": "Security issue linter.",
+ "description": "DevSkim is a security linter for multiple programming languages which indicates potentially unsafe code patterns.",
"iconName": "cst-logo",
"categories": ["Code Scanning", "C", "C#", "C++", "Go", "Java", "JavaScript", "TypeScript", "Python", "Powershell", "Cobol", "Objective C", "PHP", "Ruby", "Rust", "SQL", "Swift", "Visual Basic"]
}
From 16a4b621815b3abd69039707eb45aa358d1c7459 Mon Sep 17 00:00:00 2001
From: Gabe Stocco <98900+gfs@users.noreply.github.com>
Date: Wed, 26 May 2021 08:26:56 -0700
Subject: [PATCH 07/10] Update cst-logo.svg
---
icons/cst-logo.svg | 20 +++++++++-----------
1 file changed, 9 insertions(+), 11 deletions(-)
diff --git a/icons/cst-logo.svg b/icons/cst-logo.svg
index 7ecffdd..6b0ed78 100644
--- a/icons/cst-logo.svg
+++ b/icons/cst-logo.svg
@@ -1,11 +1,9 @@
-
+
+
+
\ No newline at end of file
From 0fdd36cae158e489dd50164ba6bd1de28b4211dd Mon Sep 17 00:00:00 2001
From: Gabe Stocco <98900+gfs@users.noreply.github.com>
Date: Wed, 26 May 2021 08:36:28 -0700
Subject: [PATCH 08/10] Update devskim.properties.json
---
code-scanning/properties/devskim.properties.json | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/code-scanning/properties/devskim.properties.json b/code-scanning/properties/devskim.properties.json
index 377b1da..0eab5c6 100644
--- a/code-scanning/properties/devskim.properties.json
+++ b/code-scanning/properties/devskim.properties.json
@@ -1,7 +1,7 @@
{
"name": "DevSkim",
"creator": "Microsoft CST-E",
- "description": "DevSkim is a security linter for multiple programming languages which indicates potentially unsafe code patterns.",
+ "description": "DevSkim is security linter that highlights common security issues in source code.",
"iconName": "cst-logo",
"categories": ["Code Scanning", "C", "C#", "C++", "Go", "Java", "JavaScript", "TypeScript", "Python", "Powershell", "Cobol", "Objective C", "PHP", "Ruby", "Rust", "SQL", "Swift", "Visual Basic"]
}
From 9c10407107c689af9fdfb0a434317af52a565144 Mon Sep 17 00:00:00 2001
From: Gabe Stocco <98900+gfs@users.noreply.github.com>
Date: Wed, 26 May 2021 08:37:19 -0700
Subject: [PATCH 09/10] Update devskim.yml
---
code-scanning/devskim.yml | 4 ----
1 file changed, 4 deletions(-)
diff --git a/code-scanning/devskim.yml b/code-scanning/devskim.yml
index 1b6ea44..3a5c45f 100644
--- a/code-scanning/devskim.yml
+++ b/code-scanning/devskim.yml
@@ -9,7 +9,6 @@ on:
push:
branches: [ $default-branch, $protected-branches ]
pull_request:
- # The branches below must be a subset of the branches above
branches: [ $default-branch ]
schedule:
- cron: $cron-weekly
@@ -26,11 +25,8 @@ jobs:
- name: Checkout code
uses: actions/checkout@v2
- # Enable Should Scan Archives to scan all files inside archives as well
- name: Run DevSkim scanner
uses: microsoft/DevSkim-Action@v1
- with:
- should-scan-archives: false
- name: Upload DevSkim scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v1
From ef2ae0412b4176c94dfb3abdd6495402623ca5bc Mon Sep 17 00:00:00 2001
From: Gabe Stocco <98900+gfs@users.noreply.github.com>
Date: Wed, 9 Jun 2021 08:24:51 -0700
Subject: [PATCH 10/10] Update cst-logo.svg
---
icons/cst-logo.svg | 6 +-----
1 file changed, 1 insertion(+), 5 deletions(-)
diff --git a/icons/cst-logo.svg b/icons/cst-logo.svg
index 6b0ed78..a7beb3d 100644
--- a/icons/cst-logo.svg
+++ b/icons/cst-logo.svg
@@ -1,9 +1,5 @@
-
-
\ No newline at end of file
+