Merge branch 'main' into zscan-workflow

This commit is contained in:
Sampark Sharma
2022-09-26 12:07:47 +05:30
committed by GitHub
5 changed files with 14 additions and 9 deletions
+1 -2
View File
@@ -2,8 +2,7 @@ name: Sync workflows for GHES
on:
push:
branches: [ $default-branch ]
workflow_dispatch:
branches: [ main ]
jobs:
sync:
+2 -2
View File
@@ -41,9 +41,9 @@ jobs:
# https://github.com/sigstore/cosign-installer
- name: Install cosign
if: github.event_name != 'pull_request'
uses: sigstore/cosign-installer@7e0881f8fe90b25e305bbf0309761e9314607e25
uses: sigstore/cosign-installer@f3c664df7af409cb4873aa5068053ba9d61a57b6 #v2.6.0
with:
cosign-release: 'v1.9.0'
cosign-release: 'v1.11.0'
# Workaround: https://github.com/docker/build-push-action/issues/461
@@ -1,6 +1,7 @@
{
"name": "CodeQL Analysis",
"creator": "GitHub",
"enterprise": true,
"description": "Security analysis from GitHub for C, C++, C#, Go, Java, JavaScript, TypeScript, Python, and Ruby developers.",
"iconName": "octicon mark-github",
"categories": ["Code Scanning", "C", "C++", "C#", "Go", "Java", "JavaScript", "TypeScript", "Python", "Ruby"]
+9 -4
View File
@@ -3,13 +3,18 @@
# separate terms of service, privacy policy, and support
# documentation.
#
# SOOS is the easy-to-integrate software security solution for your whole team, learn more at https://soos.io/
# SOOS is the easy-to-integrate and affordable software security solution for your whole team.
# Learn more at https://soos.io/
#
# To use this action you need to fill the following requirements:
# To use this action, perform the following steps:
#
# 1. Create an account on https://app.soos.io to obtain a Client ID and API Key (Free 30 days trials for both our SCA/DAST product).
# 1. Create an account on https://app.soos.io. SOOS offers a free 30 day trial for our SCA and DAST products.
#
# 2. Set up your API KEY/Client ID as Github Secrets named SOOS_CLIENT_ID & SOOS_API_KEY. (Also set SOOS_GITHUB_PAT with your Github Personal Access Token if you're going to use sarif upload)
# 2. Navigate to the "Integrate" page in the SOOS app (https://app.soos.io/integrate). Note the "API Credentials" section of this page; the keys you will need for the next step are here.
#
# 3. Set up your SOOS API Key and SOOS Client Id as Github Secrets named SOOS_API_KEY and SOOS_CLIENT_ID.
#
# 4. (Optional) If you'd like to upload SARIF results of DAST scans to GitHub, set SOOS_GITHUB_PAT with your Github Personal Access Token.
#
name: "SOOS DAST Scan"
+1 -1
View File
@@ -61,7 +61,7 @@ async function checkWorkflows(
const enabled =
!isPartnerWorkflow &&
workflowProperties.enterprise !== false &&
(workflowProperties.enterprise === true || folder !== 'code-scanning') &&
(await checkWorkflow(workflowFilePath, enabledActions));
const workflowDesc: WorkflowDesc = {