From 5f8fa2190b68e24e1922720865c66a10c9739525 Mon Sep 17 00:00:00 2001 From: SOOS-JAlvarez <92373106+SOOS-JAlvarez@users.noreply.github.com> Date: Fri, 10 Jun 2022 15:31:19 -0300 Subject: [PATCH 1/2] use codeql upload sarif action --- code-scanning/soos-dast-scan.yml | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/code-scanning/soos-dast-scan.yml b/code-scanning/soos-dast-scan.yml index 47f6c48..8969db0 100644 --- a/code-scanning/soos-dast-scan.yml +++ b/code-scanning/soos-dast-scan.yml @@ -24,18 +24,22 @@ jobs: soos: permissions: security-events: write # for uploading code scanning alert info + actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status name: SOOS DAST Scan runs-on: ubuntu-latest steps: - name: Run SOOS DAST Scan - uses: soos-io/soos-dast-github-action@5f8e2a1994d618e6ac9902e0f491fd1656b698e6 + uses: soos-io/soos-dast-github-action@5f8c23ccf8366ea0a58deeb5c804e0524267df43 with: client_id: ${{ secrets.SOOS_CLIENT_ID }} api_key: ${{ secrets.SOOS_API_KEY }} - project_name: ${{ github.repository }} # If you're going to use SARIF the project name should be on the form of `repoowner/reponame` or use the token github.repository + project_name: "" scan_mode: "baseline" target_url: "https://www.example.com/" - sarif: true # Only set to true if you want to upload the SARIF report to Github - gpat: ${{ secrets.SOOS_GITHUB_PAT }} + output_format: "sarif" + - name: Upload SOOS DAST SARIF Report + uses: github/codeql-action/upload-sarif@v2 + with: + sarif_file: results.sarif From 66d01dd6da6cc6d7770d1c579799dd00b2259cc6 Mon Sep 17 00:00:00 2001 From: SOOS-JAlvarez <92373106+SOOS-JAlvarez@users.noreply.github.com> Date: Mon, 13 Jun 2022 08:50:37 -0300 Subject: [PATCH 2/2] code review - put exact hash of release --- code-scanning/soos-dast-scan.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/code-scanning/soos-dast-scan.yml b/code-scanning/soos-dast-scan.yml index 8969db0..cf3b1b7 100644 --- a/code-scanning/soos-dast-scan.yml +++ b/code-scanning/soos-dast-scan.yml @@ -29,7 +29,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Run SOOS DAST Scan - uses: soos-io/soos-dast-github-action@5f8c23ccf8366ea0a58deeb5c804e0524267df43 + uses: soos-io/soos-dast-github-action@b524e2cfbc4f4a5733153a7e624f569913f6c6e9 with: client_id: ${{ secrets.SOOS_CLIENT_ID }} api_key: ${{ secrets.SOOS_API_KEY }}