From ad064a4af4a41be5048d447468dc06ef59b4036d Mon Sep 17 00:00:00 2001 From: Noah Irwin Date: Fri, 10 Jun 2022 11:35:06 +0100 Subject: [PATCH] Updates from PR feedback --- code-scanning/contrast-scan.yml | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/code-scanning/contrast-scan.yml b/code-scanning/contrast-scan.yml index 0c8fe6b..e822508 100644 --- a/code-scanning/contrast-scan.yml +++ b/code-scanning/contrast-scan.yml @@ -4,6 +4,9 @@ # documentation. # This workflow will initiate a Contrast Scan on your built artifact, and subsequently upload the results SARIF to Github. +# Because Contrast Scan is designed to run against your deployable artifact, you need to build an artifact that will be passed to the Contrast Scan Action. +# Contrast Scan currently supports Java, JavaScript and .NET artifacts. +# For more information about the Contrast Scan GitHub Action see here: https://github.com/Contrast-Security-OSS/contrastscan-action # Pre-requisites: # All Contrast related account secrets should be configured as GitHub secrets to be passed as inputs to the Contrast Scan Action. @@ -21,6 +24,9 @@ on: name: Scan analyze workflow jobs: build-and-scan: + permissions: + contents: read # for actions/checkout + security-events: write # for github/codeql-action/upload-sarif runs-on: ubuntu-latest # check out project steps: @@ -30,12 +36,12 @@ jobs: # ... # Scan Artifact - name: Contrast Scan Action - uses: Contrast-Security-OSS/contrastscan-action@092c4e12ee0ee37b6116275f06efea84b2fe9d1a - with: - artifact: mypath/target/myartifact.jar # replace this path with the path to your built artifact - apiKey: ${{ secrets.CONTRAST_API_KEY }} - orgId: ${{ secrets.CONTRAST_ORGANIZATION_ID }} - authHeader: ${{ secrets.CONTRAST_AUTH_HEADER }} + uses: Contrast-Security-OSS/contrastscan-action@7352a45d9678ec8a434cf061b07ffb51c1e351a1 + with: + artifact: mypath/target/myartifact.jar # replace this path with the path to your built artifact + apiKey: ${{ secrets.CONTRAST_API_KEY }} + orgId: ${{ secrets.CONTRAST_ORGANIZATION_ID }} + authHeader: ${{ secrets.CONTRAST_AUTH_HEADER }} #Upload the results to GitHub - name: Upload SARIF file uses: github/codeql-action/upload-sarif@v2