From 1716d2dcd64d64e5a33a6f72146ebc51010a7d6d Mon Sep 17 00:00:00 2001 From: Sampark Sharma Date: Wed, 30 Nov 2022 10:21:45 +0000 Subject: [PATCH 1/7] Fix whitespace lint --- .github/workflows/lint.yaml | 2 +- code-scanning/checkmarx-one.yml | 12 ++++++------ .../properties/dependency-review.properties.json | 2 +- code-scanning/properties/mobsf.properties.json | 8 ++++---- code-scanning/properties/pmd.properties.json | 12 ++++++------ code-scanning/properties/semgrep.properties.json | 2 +- code-scanning/properties/sobelow.properties.json | 1 - code-scanning/properties/sonarcloud.properties.json | 2 +- 8 files changed, 20 insertions(+), 21 deletions(-) diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index 76c82c2..2bb90ed 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -1,7 +1,7 @@ name: Lint on: - pull_request: + pull_request_target: branches: - main diff --git a/code-scanning/checkmarx-one.yml b/code-scanning/checkmarx-one.yml index d85c0c5..6214ab1 100644 --- a/code-scanning/checkmarx-one.yml +++ b/code-scanning/checkmarx-one.yml @@ -3,12 +3,12 @@ # separate terms of service, privacy policy, and support # documentation. -# The Checkmarx One GitHub Action enables you to trigger SAST, SCA, and KICS scans directly from the GitHub workflow. -# It provides a wrapper around the Checkmarx One CLI Tool which creates a zip archive from your source code repository -# and uploads it to Checkmarx One for scanning. The Github Action provides easy integration with GitHub while enabling +# The Checkmarx One GitHub Action enables you to trigger SAST, SCA, and KICS scans directly from the GitHub workflow. +# It provides a wrapper around the Checkmarx One CLI Tool which creates a zip archive from your source code repository +# and uploads it to Checkmarx One for scanning. The Github Action provides easy integration with GitHub while enabling # scan customization using the full functionality and flexibility of the CLI tool. -# This is a basic workflow to help you get started with Using Checkmarx One Action, +# This is a basic workflow to help you get started with Using Checkmarx One Action, # documentation can be found here : https://checkmarx.com/resource/documents/en/34965-68702-checkmarx-one-github-actions.html name: Checkmarx Scan @@ -30,7 +30,7 @@ jobs: contents: read # for actions/checkout to fetch code security-events: write # for github/codeql-action/upload-sarif to upload SARIF results actions: read # only required for a private repository by github/codeql-action/upload-sarif - + # The type of runner that the job will run on runs-on: ubuntu-latest @@ -39,7 +39,7 @@ jobs: # This step checks out a copy of your repository. - name: Checkout repository uses: actions/checkout@v3 - # This step creates the Checkmarx One scan + # This step creates the Checkmarx One scan - name: Checkmarx One scan uses: checkmarx/ast-github-action@8e887bb93dacc44e0f5b64ee2b06d5815f89d4fc with: diff --git a/code-scanning/properties/dependency-review.properties.json b/code-scanning/properties/dependency-review.properties.json index c195c73..f76aacd 100644 --- a/code-scanning/properties/dependency-review.properties.json +++ b/code-scanning/properties/dependency-review.properties.json @@ -13,4 +13,4 @@ "Ruby", "Actions", "PHP"] -} +} diff --git a/code-scanning/properties/mobsf.properties.json b/code-scanning/properties/mobsf.properties.json index a6afbfa..fb5d65b 100644 --- a/code-scanning/properties/mobsf.properties.json +++ b/code-scanning/properties/mobsf.properties.json @@ -4,10 +4,10 @@ "description": "Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.", "iconName": "mobsf", "categories": [ - "Code Scanning", - "Java", - "Swift", - "Objective-C", + "Code Scanning", + "Java", + "Swift", + "Objective-C", "Kotlin" ] } \ No newline at end of file diff --git a/code-scanning/properties/pmd.properties.json b/code-scanning/properties/pmd.properties.json index b96ecb7..7b79709 100644 --- a/code-scanning/properties/pmd.properties.json +++ b/code-scanning/properties/pmd.properties.json @@ -4,12 +4,12 @@ "description": "PMD is a static source code analyzer. It supports Java, JavaScript, Apex and Visualforce, Modelica, PLSQL, Apache Velocity, XML, XSL, Scala.", "iconName": "pmd", "categories": [ - "Code Scanning", - "Java", - "JavaScript", - "Apex", - "Modelica", - "PLSQL", + "Code Scanning", + "Java", + "JavaScript", + "Apex", + "Modelica", + "PLSQL", "Apache Velocity", "XML", "XSl", diff --git a/code-scanning/properties/semgrep.properties.json b/code-scanning/properties/semgrep.properties.json index 5f74ed5..c694b38 100644 --- a/code-scanning/properties/semgrep.properties.json +++ b/code-scanning/properties/semgrep.properties.json @@ -4,4 +4,4 @@ "description": "Continuously run Semgrep to find bugs and enforce secure code standards. Start with 1k+ community rules or write your own in a few minutes.", "iconName": "semgrep", "categories": ["Code Scanning", "Go", "Java", "JavaScript", "JSON", "Python", "Ruby", "TypeScript", "JSX", "TSX"] -} \ No newline at end of file +} \ No newline at end of file diff --git a/code-scanning/properties/sobelow.properties.json b/code-scanning/properties/sobelow.properties.json index 163e866..960ac8a 100644 --- a/code-scanning/properties/sobelow.properties.json +++ b/code-scanning/properties/sobelow.properties.json @@ -8,4 +8,3 @@ "Elixir" ] } - \ No newline at end of file diff --git a/code-scanning/properties/sonarcloud.properties.json b/code-scanning/properties/sonarcloud.properties.json index 9b88a78..0f4e151 100644 --- a/code-scanning/properties/sonarcloud.properties.json +++ b/code-scanning/properties/sonarcloud.properties.json @@ -3,5 +3,5 @@ "creator": "Sonar", "description": "Static analysis of code for vulnerability detection, covering 26+ languages. Start cleaning your code in minutes!", "iconName": "sonarcloud", - "categories": ["Code Scanning","abap","apex","c","cobol","cpp","cloudformation","csharp","css","flex","go","java","javascript","kotlin","objectivec","php","plsql","ruby","scala","swift","terraform","tsql","typescript","vb","vba","xml"] + "categories": ["Code Scanning","abap","apex","c","cobol","cpp","cloudformation","csharp","css","flex","go","java","javascript","kotlin","objectivec","php","plsql","ruby","scala","swift","terraform","tsql","typescript","vb","vba","xml"] } From 6adaff50c1b390ca04c9c668f07e996dee1a25ac Mon Sep 17 00:00:00 2001 From: Sampark Sharma Date: Wed, 30 Nov 2022 10:26:21 +0000 Subject: [PATCH 2/7] Fix no newline at EOF --- code-scanning/properties/semgrep.properties.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/code-scanning/properties/semgrep.properties.json b/code-scanning/properties/semgrep.properties.json index c694b38..f1fffe3 100644 --- a/code-scanning/properties/semgrep.properties.json +++ b/code-scanning/properties/semgrep.properties.json @@ -4,4 +4,4 @@ "description": "Continuously run Semgrep to find bugs and enforce secure code standards. Start with 1k+ community rules or write your own in a few minutes.", "iconName": "semgrep", "categories": ["Code Scanning", "Go", "Java", "JavaScript", "JSON", "Python", "Ruby", "TypeScript", "JSX", "TSX"] -} \ No newline at end of file +} From f53db96ce1ca57bf1214bda95a59f2a7ec45d8b8 Mon Sep 17 00:00:00 2001 From: Sampark Sharma Date: Wed, 30 Nov 2022 11:04:14 +0000 Subject: [PATCH 3/7] Add supported tech stack list --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 7ff406f..fc1bd90 100644 --- a/README.md +++ b/README.md @@ -29,7 +29,7 @@ For example: `ci/django.yml` and `ci/properties/django.properties.json`. * `description`: the description shown in onboarding * `iconName`: the icon name in the relevant folder, for example, `django` should have an icon `icons/django.svg`. Only SVG is supported at this time. Another option is to use [octicon](https://primer.style/octicons/). The format to use an octicon is `octicon <>`. Example: `octicon person` * `creator`: creator of the template shown in onboarding. All the workflow templates from an author will have the same `creator` field. -* `categories`: the categories that it will be shown under. Choose at least one category from the list [here](#categories). Further, choose the categories from the list of languages available [here](https://github.com/github/linguist/blob/master/lib/linguist/languages.yml). When a user views the available templates, those templates that match the same language will feature more prominently. +* `categories`: the categories that it will be shown under. Choose at least one category from the list [here](#categories). Further, choose the categories from the list of languages available [here](https://github.com/github/linguist/blob/master/lib/linguist/languages.yml) and the list of tech stacks available [here](https://github.com/github-starter-workflows/repo-analysis-partner/blob/main/tech_stacks.yml). When a user views the available templates, those templates that match the same language will feature more prominently. ### Categories * continuous-integration From fe2a38622547802426adddc16f8a700ac2ed0edc Mon Sep 17 00:00:00 2001 From: Sampark Sharma Date: Thu, 8 Dec 2022 11:35:13 +0530 Subject: [PATCH 4/7] Update README.md Co-authored-by: Anurag Chauhan <44864882+anuragc617@users.noreply.github.com> --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index fc1bd90..cc272b5 100644 --- a/README.md +++ b/README.md @@ -29,7 +29,7 @@ For example: `ci/django.yml` and `ci/properties/django.properties.json`. * `description`: the description shown in onboarding * `iconName`: the icon name in the relevant folder, for example, `django` should have an icon `icons/django.svg`. Only SVG is supported at this time. Another option is to use [octicon](https://primer.style/octicons/). The format to use an octicon is `octicon <>`. Example: `octicon person` * `creator`: creator of the template shown in onboarding. All the workflow templates from an author will have the same `creator` field. -* `categories`: the categories that it will be shown under. Choose at least one category from the list [here](#categories). Further, choose the categories from the list of languages available [here](https://github.com/github/linguist/blob/master/lib/linguist/languages.yml) and the list of tech stacks available [here](https://github.com/github-starter-workflows/repo-analysis-partner/blob/main/tech_stacks.yml). When a user views the available templates, those templates that match the same language will feature more prominently. +* `categories`: the categories that it will be shown under. Choose at least one category from the list [here](#categories). Further, choose the categories from the list of languages available [here](https://github.com/github/linguist/blob/master/lib/linguist/languages.yml) and the list of tech stacks available [here](https://github.com/github-starter-workflows/repo-analysis-partner/blob/main/tech_stacks.yml). When a user views the available templates, those templates that match the language and tech stacks will feature more prominently. ### Categories * continuous-integration From 1899cb68914da2e7df727fdabfc8f4277c76463d Mon Sep 17 00:00:00 2001 From: Sampark Sharma Date: Thu, 8 Dec 2022 06:10:22 +0000 Subject: [PATCH 5/7] Fix whitespaces --- code-scanning/properties/sonarqube.properties.json | 2 +- code-scanning/sonarqube.yml | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/code-scanning/properties/sonarqube.properties.json b/code-scanning/properties/sonarqube.properties.json index 9912c51..009602b 100644 --- a/code-scanning/properties/sonarqube.properties.json +++ b/code-scanning/properties/sonarqube.properties.json @@ -3,5 +3,5 @@ "creator": "Sonar", "description": "Static analysis of code for vulnerability detection, covering 26+ languages. Start cleaning your code in minutes!", "iconName": "sonarqube", - "categories": ["Code Scanning","abap","apex","c","cobol","cpp","cloudformation","csharp","css","flex","go","java","javascript","kotlin","objectivec","php","plsql","ruby","scala","swift","terraform","tsql","typescript","vb","vba","xml"] + "categories": ["Code Scanning","abap","apex","c","cobol","cpp","cloudformation","csharp","css","flex","go","java","javascript","kotlin","objectivec","php","plsql","ruby","scala","swift","terraform","tsql","typescript","vb","vba","xml"] } diff --git a/code-scanning/sonarqube.yml b/code-scanning/sonarqube.yml index f01b9dc..220e43a 100644 --- a/code-scanning/sonarqube.yml +++ b/code-scanning/sonarqube.yml @@ -3,7 +3,7 @@ # separate terms of service, privacy policy, and support # documentation. -# This workflow helps you trigger a SonarQube analysis of your code and populates +# This workflow helps you trigger a SonarQube analysis of your code and populates # GitHub Code Scanning alerts with the vulnerabilities found. # (this feature is available starting from SonarQube 9.7, Developer Edition and above) @@ -11,7 +11,7 @@ # 2. Import your project on SonarQube # * Add your repository as a new project by clicking "Create project" from your homepage. -# +# # 3. Select GitHub Actions as your CI and follow the tutorial # * a. Generate a new token and add it to your GitHub repository's secrets using the name SONAR_TOKEN # (On SonarQube, click on your avatar on top-right > My account > Security or ask your administrator) @@ -39,7 +39,7 @@ permissions: jobs: Analysis: runs-on: ubuntu-latest - + steps: - name: Analyze with SonarQube From a2fbfc40767ff866fed3e15b2123cf514445cf24 Mon Sep 17 00:00:00 2001 From: Sampark Sharma Date: Tue, 13 Dec 2022 17:58:04 +0530 Subject: [PATCH 6/7] Update lint.yaml --- .github/workflows/lint.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index 2bb90ed..a76800c 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -1,7 +1,7 @@ name: Lint on: - pull_request_target: + pull_request: branches: - main @@ -28,4 +28,4 @@ jobs: run: pip3 install pre-commit - name: Run pre-commit - run: pre-commit run --all-files --show-diff-on-failure --color always \ No newline at end of file + run: pre-commit run --all-files --show-diff-on-failure --color always From ef331a6ad4a8dcd60a1eb62f2e7ebc150d967e91 Mon Sep 17 00:00:00 2001 From: Sampark Sharma Date: Tue, 13 Dec 2022 18:02:56 +0530 Subject: [PATCH 7/7] Update lint.yaml --- .github/workflows/lint.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index a76800c..737e69c 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -1,7 +1,7 @@ name: Lint on: - pull_request: + pull_request_target: branches: - main