From a4fc6b086e1052d83b7b3a6bae14aca6c055d20a Mon Sep 17 00:00:00 2001 From: SOOS-JAlvarez <92373106+SOOS-JAlvarez@users.noreply.github.com> Date: Tue, 24 May 2022 16:52:04 -0300 Subject: [PATCH] SOOS DAST starter action submission --- .../properties/soos-dast-scan.properties.json | 8 ++++ code-scanning/soos-dast-scan.yml | 41 +++++++++++++++++++ icons/soos.svg | 17 ++++++++ 3 files changed, 66 insertions(+) create mode 100644 code-scanning/properties/soos-dast-scan.properties.json create mode 100644 code-scanning/soos-dast-scan.yml create mode 100644 icons/soos.svg diff --git a/code-scanning/properties/soos-dast-scan.properties.json b/code-scanning/properties/soos-dast-scan.properties.json new file mode 100644 index 0000000..b2834df --- /dev/null +++ b/code-scanning/properties/soos-dast-scan.properties.json @@ -0,0 +1,8 @@ +{ + "name": "SOOS DAST Scan", + "creator": "SOOS", + "description": "Integrate dynamic application security testing (DAST) and API security testing into your CI pipeline with StackHawk", + "iconName": "soos", + "categories": ["Code Scanning"] + } + \ No newline at end of file diff --git a/code-scanning/soos-dast-scan.yml b/code-scanning/soos-dast-scan.yml new file mode 100644 index 0000000..a16ed9e --- /dev/null +++ b/code-scanning/soos-dast-scan.yml @@ -0,0 +1,41 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. +# +# SOOS is the easy-to-integrate software security solution for your whole team we currently, learn more at https://soos.io/ +# +# To use this action you need to fill the following requirements: +# +# 1. Create an account on https://app.soos.io to obtain a Client ID and API Key (Free 30 days trials for both our SCA/DAST product). +# +# 2. Set up your API KEY/Client ID as Github Secrets named SOOS_CLIENT_ID & SOOS_API_KEY. (Also set SOOS_GITHUB_PAT with your Github Personal Access Token if you're going to use sarif upload) +# + +name: "SOOS DAST Scan" + +on: + push: + branches: [ $default-branch, $protected-branches ] + pull_request: + branches: [ $default-branch ] + +jobs: + soos: + permissions: + security-events: write # for uploading code scanning alert info + name: SOOS DAST Scan + runs-on: ubuntu-latest + steps: + - name: Run SOOS DAST Scan + uses: soos-io/soos-dast-github-action@c32a9d22e9af91ccace86aa7e76673b89c6256fd + with: + client_id: ${{ secrets.SOOS_CLIENT_ID }} + api_key: ${{ secrets.SOOS_API_KEY }} + project_name: "DAST-GitHub-Action-Test" # If you're going to use SARIF the project name should be on the form of `repoowner/reponame` or use the token github.repository + scan_mode: "baseline" + target_url: "https://www.example.com/" + sarif: true # Only set to true if you want to upload the SARIF report to Github + gpat: ${{ secrets.SOOS_GITHUB_PAT }} + + diff --git a/icons/soos.svg b/icons/soos.svg new file mode 100644 index 0000000..17a31fc --- /dev/null +++ b/icons/soos.svg @@ -0,0 +1,17 @@ + + + + + + + + + + +