Compare commits
117 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 200b0c34b1 | |||
| 0debae5ec7 | |||
| 52edf1b580 | |||
| da223f8a03 | |||
| f61ca9907b | |||
| 56c93ff752 | |||
| 1d8891efc2 | |||
| 93ee3d86f6 | |||
| 97d8c1c765 | |||
| 1b52eb3e6f | |||
| 216dc929eb | |||
| ef1ebb2538 | |||
| 440e8daf05 | |||
| 0f5b68ee4f | |||
| d9dc2c2f72 | |||
| 83bdb0fcd6 | |||
| ed8c87df74 | |||
| 09b078fd76 | |||
| 4a9a12a099 | |||
| 3a3f99717d | |||
| 281a35c5ef | |||
| dcdce00205 | |||
| 8a8c5b274c | |||
| 149db50d43 | |||
| c3de16f318 | |||
| 40f0709bd6 | |||
| 9fccb15dc6 | |||
| bafed29a86 | |||
| 042eac3858 | |||
| e3fc80f30e | |||
| c765d6316f | |||
| e6620ddc5b | |||
| 6e44c89176 | |||
| ffef54a02c | |||
| 700743e332 | |||
| a857e4e5a6 | |||
| 6b14bf21cb | |||
| ad91ff259d | |||
| 2e38bc8da2 | |||
| 5b659e82b4 | |||
| 764ebceaf5 | |||
| 122f83ece7 | |||
| 6a1dba2d71 | |||
| a95943d406 | |||
| d07ff38b96 | |||
| 3c200bdb21 | |||
| b258b33234 | |||
| c342a0c6e3 | |||
| b55a65157e | |||
| b7d9f15826 | |||
| 2a1abda503 | |||
| 85d2a866f0 | |||
| 5d273fbcb3 | |||
| d4dccf0b1e | |||
| c705225b8f | |||
| 596b345944 | |||
| 7b9e3b6858 | |||
| 13f632a90b | |||
| 65fef9614f | |||
| 02d91c6ccf | |||
| 6b053712be | |||
| 8c91a4c02f | |||
| 15daabeaa4 | |||
| 4087ed4594 | |||
| 7f30309cce | |||
| f0b8c8ad72 | |||
| 70655750b2 | |||
| cb6678504a | |||
| fd79bd4838 | |||
| b5a43f8049 | |||
| 9426610033 | |||
| b58a4e21c6 | |||
| 4a9a1680df | |||
| 5a1343bb22 | |||
| 97de22b47c | |||
| 835899e531 | |||
| 55f65bcc15 | |||
| 9b4fcbf911 | |||
| 7d41cdb581 | |||
| e4091f2f55 | |||
| 38d4e3bfd2 | |||
| 6dfa11d0c4 | |||
| 45ae2e08fc | |||
| 5e116cb9e8 | |||
| c36ea2c560 | |||
| 59daabb07b | |||
| 9095e7c9d5 | |||
| 1cb322141e | |||
| df5ac56102 | |||
| dda42cb8f2 | |||
| 3175118151 | |||
| 238e55b9b4 | |||
| 149cf11287 | |||
| 48e2865d35 | |||
| 30715e86a4 | |||
| ddf7fe1e94 | |||
| 6d89fb8045 | |||
| 028df69d88 | |||
| 99fae1ecb1 | |||
| b671ee6c7b | |||
| b33f57dde1 | |||
| 84a9757692 | |||
| 29e8b6c38a | |||
| c2cc54a69e | |||
| 7aa1944311 | |||
| e6aff964db | |||
| ff4d33e44b | |||
| 41e3bc11ea | |||
| 79ff92ef6d | |||
| e9f0116056 | |||
| 237e7737ce | |||
| fc748cc482 | |||
| 7b64f44165 | |||
| ac64f9caf5 | |||
| 98bde3b31e | |||
| 188b52b51c | |||
| 69184c7484 |
@@ -5,6 +5,8 @@ on:
|
||||
|
||||
jobs:
|
||||
build:
|
||||
permissions:
|
||||
issues: write
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Close Issue
|
||||
|
||||
@@ -5,6 +5,8 @@ on:
|
||||
|
||||
jobs:
|
||||
build:
|
||||
permissions:
|
||||
issues: write
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Close Issue
|
||||
|
||||
@@ -7,6 +7,9 @@ on:
|
||||
jobs:
|
||||
stale:
|
||||
|
||||
permissions:
|
||||
issues: write
|
||||
pull-requests: write
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
|
||||
@@ -7,6 +7,8 @@ on:
|
||||
|
||||
jobs:
|
||||
sync:
|
||||
permissions:
|
||||
contents: write
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
|
||||
@@ -6,6 +6,8 @@ on:
|
||||
|
||||
jobs:
|
||||
validate-data:
|
||||
permissions:
|
||||
contents: read
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
|
||||
@@ -12,7 +12,8 @@ These are the workflow files for helping people get started with GitHub Actions.
|
||||
|
||||
### Directory structure
|
||||
|
||||
* [ci](ci): solutions for Continuous Integration and Deployments
|
||||
* [ci](ci): solutions for Continuous Integration workflows.
|
||||
* [deployments](deployments): solutions for Deployment workflows.
|
||||
* [automation](automation): solutions for automating workflows.
|
||||
* [code-scanning](code-scanning): starter workflows for [Code Scanning](https://github.com/features/security)
|
||||
* [icons](icons): svg icons for the relevant template
|
||||
@@ -44,5 +45,5 @@ For example: `ci/django.yml` and `ci/properties/django.properties.json`.
|
||||
These variables can be placed in the starter workflow and will be substituted as detailed below:
|
||||
|
||||
* `$default-branch`: will substitute the branch from the repository, for example `main` and `master`
|
||||
* `$protected-branches`: will substitue any protected branches from the repository.
|
||||
* `$protected-branches`: will substitute any protected branches from the repository
|
||||
* `$cron-daily`: will substitute a valid but random time within the day
|
||||
|
||||
@@ -107,7 +107,7 @@ jobs:
|
||||
- name: Remove the pfx
|
||||
run: Remove-Item -path $env:Wap_Project_Directory\$env:Signing_Certificate
|
||||
|
||||
# Upload the MSIX package: https://github.com/marketplace/actions/upload-artifact
|
||||
# Upload the MSIX package: https://github.com/marketplace/actions/upload-a-build-artifact
|
||||
- name: Upload build artifacts
|
||||
uses: actions/upload-artifact@v2
|
||||
with:
|
||||
|
||||
+3
-3
@@ -15,10 +15,10 @@ jobs:
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- name: Set up Elixir
|
||||
uses: erlef/setup-elixir@885971a72ed1f9240973bd92ab57af8c1aa68f24
|
||||
uses: erlef/setup-beam@988e02bfe678367a02564f65ca2e37726dc0268f
|
||||
with:
|
||||
elixir-version: '1.10.3' # Define the elixir version [required]
|
||||
otp-version: '22.3' # Define the OTP version [required]
|
||||
elixir-version: '1.12.3' # Define the elixir version [required]
|
||||
otp-version: '24.1' # Define the OTP version [required]
|
||||
- name: Restore dependencies cache
|
||||
uses: actions/cache@v2
|
||||
with:
|
||||
|
||||
@@ -0,0 +1,27 @@
|
||||
name: Makefile CI
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ $default-branch ]
|
||||
pull_request:
|
||||
branches: [ $default-branch ]
|
||||
|
||||
jobs:
|
||||
build:
|
||||
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
|
||||
- name: configure
|
||||
run: ./configure
|
||||
|
||||
- name: Install dependencies
|
||||
run: make
|
||||
|
||||
- name: Run check
|
||||
run: make check
|
||||
|
||||
- name: Run distcheck
|
||||
run: make distcheck
|
||||
@@ -0,0 +1,30 @@
|
||||
name: Xcode - Build and Analyze
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ $default-branch ]
|
||||
pull_request:
|
||||
branches: [ $default-branch ]
|
||||
|
||||
jobs:
|
||||
build:
|
||||
name: Build and analyse default scheme using xcodebuild command
|
||||
runs-on: macos-latest
|
||||
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v2
|
||||
- name: Set Default Scheme
|
||||
run: |
|
||||
scheme_list=$(xcodebuild -list -json | tr -d "\n")
|
||||
default=$(echo $scheme_list | ruby -e "require 'json'; puts JSON.parse(STDIN.gets)['project']['targets'][0]")
|
||||
echo $default | cat >default
|
||||
echo Using default scheme: $default
|
||||
- name: Build
|
||||
env:
|
||||
scheme: ${{ 'default' }}
|
||||
run: |
|
||||
if [ $scheme = default ]; then scheme=$(cat default); fi
|
||||
if [ "`ls -A | grep -i \\.xcworkspace\$`" ]; then filetype_parameter="workspace" && file_to_build="`ls -A | grep -i \\.xcworkspace\$`"; else filetype_parameter="project" && file_to_build="`ls -A | grep -i \\.xcodeproj\$`"; fi
|
||||
file_to_build=`echo $file_to_build | awk '{$1=$1;print}'`
|
||||
xcodebuild clean build analyze -scheme "$scheme" -"$filetype_parameter" "$file_to_build" | xcpretty && exit ${PIPESTATUS[0]}
|
||||
@@ -1,180 +0,0 @@
|
||||
# This workflow uses actions that are not certified by GitHub.
|
||||
# They are provided by a third-party and are governed by
|
||||
# separate terms of service, privacy policy, and support
|
||||
# documentation.
|
||||
|
||||
### The OpenShift Starter workflow will:
|
||||
# - Checkout your repository
|
||||
# - Perform a Docker build
|
||||
# - Push the built image to an image registry
|
||||
# - Log in to your OpenShift cluster
|
||||
# - Create an OpenShift app from the image and expose it to the internet.
|
||||
|
||||
### Before you begin:
|
||||
# - Have write access to a container image registry such as quay.io or Dockerhub.
|
||||
# - Have access to an OpenShift cluster.
|
||||
# - For instructions to get started with OpenShift see https://www.openshift.com/try
|
||||
# - The project you wish to add this workflow to should have a Dockerfile.
|
||||
# - If you don't have a Dockerfile at the repository root, see the buildah-build step.
|
||||
# - Builds from scratch are also available, but require more configuration.
|
||||
|
||||
### To get the workflow running:
|
||||
# 1. Add this workflow to your repository.
|
||||
# 2. Edit the top-level 'env' section, which contains a list of environment variables that must be configured.
|
||||
# 3. Create the secrets referenced in the 'env' section under your repository Settings.
|
||||
# 4. Edit the 'branches' in the 'on' section to trigger the workflow on a push to your branch.
|
||||
# 5. Commit and push your changes.
|
||||
|
||||
# For a more sophisticated example, see https://github.com/redhat-actions/spring-petclinic/blob/main/.github/workflows/petclinic-sample.yaml
|
||||
# Also see our GitHub organization, https://github.com/redhat-actions/
|
||||
# ▶️ See a video of how to set up this workflow at https://www.youtube.com/watch?v=6hgBO-1pKho
|
||||
|
||||
name: OpenShift
|
||||
|
||||
# ⬇️ Modify the fields marked with ⬇️ to fit your project, and create any secrets that are referenced.
|
||||
# https://docs.github.com/en/free-pro-team@latest/actions/reference/encrypted-secrets
|
||||
env:
|
||||
# ⬇️ EDIT with your registry and registry path.
|
||||
REGISTRY: quay.io/<username>
|
||||
# ⬇️ EDIT with your registry username.
|
||||
REGISTRY_USER: <username>
|
||||
REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
|
||||
|
||||
# ⬇️ EDIT to log into your OpenShift cluster and set up the context.
|
||||
# See https://github.com/redhat-actions/oc-login#readme for how to retrieve these values.
|
||||
OPENSHIFT_SERVER: ${{ secrets.OPENSHIFT_SERVER }}
|
||||
OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN }}
|
||||
|
||||
# ⬇️ EDIT with any additional port your application should expose.
|
||||
# By default, oc new-app action creates a service to the image's lowest numeric exposed port.
|
||||
APP_PORT: ""
|
||||
|
||||
# ⬇️ EDIT if you wish to set the kube context's namespace after login. Leave blank to use the default namespace.
|
||||
OPENSHIFT_NAMESPACE: ""
|
||||
|
||||
# If you wish to manually provide the APP_NAME and TAG, set them here, otherwise they will be auto-detected.
|
||||
APP_NAME: ""
|
||||
TAG: ""
|
||||
|
||||
on:
|
||||
# https://docs.github.com/en/free-pro-team@latest/actions/reference/events-that-trigger-workflows
|
||||
push:
|
||||
# Edit to the branch(es) you want to build and deploy on each push.
|
||||
branches: [ $default-branch ]
|
||||
|
||||
jobs:
|
||||
openshift-ci-cd:
|
||||
name: Build and deploy to OpenShift
|
||||
runs-on: ubuntu-18.04
|
||||
environment: production
|
||||
|
||||
outputs:
|
||||
ROUTE: ${{ steps.deploy-and-expose.outputs.route }}
|
||||
SELECTOR: ${{ steps.deploy-and-expose.outputs.selector }}
|
||||
|
||||
steps:
|
||||
- name: Check if secrets exists
|
||||
uses: actions/github-script@v3
|
||||
with:
|
||||
script: |
|
||||
const secrets = {
|
||||
REGISTRY_PASSWORD: `${{ secrets.REGISTRY_PASSWORD }}`,
|
||||
OPENSHIFT_SERVER: `${{ secrets.OPENSHIFT_SERVER }}`,
|
||||
OPENSHIFT_TOKEN: `${{ secrets.OPENSHIFT_TOKEN }}`,
|
||||
};
|
||||
|
||||
const missingSecrets = Object.entries(secrets).filter(([ name, value ]) => {
|
||||
if (value.length === 0) {
|
||||
core.warning(`Secret "${name}" is not set`);
|
||||
return true;
|
||||
}
|
||||
core.info(`✔️ Secret "${name}" is set`);
|
||||
return false;
|
||||
|
||||
});
|
||||
|
||||
if (missingSecrets.length > 0) {
|
||||
core.setFailed(`❌ At least one required secret is not set in the repository. \n` +
|
||||
"You can add it using:\n" +
|
||||
"GitHub UI: https://docs.github.com/en/actions/reference/encrypted-secrets#creating-encrypted-secrets-for-a-repository \n" +
|
||||
"GitHub CLI: https://cli.github.com/manual/gh_secret_set \n" +
|
||||
"Also, refer to https://github.com/redhat-actions/oc-login#getting-started-with-the-action-or-see-example");
|
||||
}
|
||||
else {
|
||||
core.info(`✅ All the required secrets are set`);
|
||||
}
|
||||
|
||||
- uses: actions/checkout@v2
|
||||
|
||||
- name: Determine app name
|
||||
if: env.APP_NAME == ''
|
||||
run: |
|
||||
echo "APP_NAME=$(basename $PWD)" | tee -a $GITHUB_ENV
|
||||
|
||||
- name: Determine tag
|
||||
if: env.TAG == ''
|
||||
run: |
|
||||
echo "TAG=${GITHUB_SHA::7}" | tee -a $GITHUB_ENV
|
||||
|
||||
# https://github.com/redhat-actions/buildah-build#readme
|
||||
- name: Build from Dockerfile
|
||||
id: image-build
|
||||
uses: redhat-actions/buildah-build@v2
|
||||
with:
|
||||
image: ${{ env.APP_NAME }}
|
||||
tags: ${{ env.TAG }}
|
||||
# If you don't have a dockerfile, see:
|
||||
# https://github.com/redhat-actions/buildah-build#scratch-build-inputs
|
||||
# Otherwise, point this to your Dockerfile relative to the repository root.
|
||||
dockerfiles: |
|
||||
./Dockerfile
|
||||
|
||||
# https://github.com/redhat-actions/push-to-registry#readme
|
||||
- name: Push to registry
|
||||
id: push-to-registry
|
||||
uses: redhat-actions/push-to-registry@v2
|
||||
with:
|
||||
image: ${{ steps.image-build.outputs.image }}
|
||||
tags: ${{ steps.image-build.outputs.tags }}
|
||||
registry: ${{ env.REGISTRY }}
|
||||
username: ${{ env.REGISTRY_USER }}
|
||||
password: ${{ env.REGISTRY_PASSWORD }}
|
||||
|
||||
# The path the image was pushed to is now stored in ${{ steps.push-to-registry.outputs.registry-path }}
|
||||
|
||||
# oc-login works on all platforms, but oc must be installed first.
|
||||
# The GitHub Ubuntu runner already includes oc.
|
||||
# Otherwise, https://github.com/redhat-actions/openshift-tools-installer can be used to install oc,
|
||||
# as well as many other tools.
|
||||
|
||||
# https://github.com/redhat-actions/oc-login#readme
|
||||
- name: Log in to OpenShift
|
||||
uses: redhat-actions/oc-login@v1
|
||||
with:
|
||||
openshift_server_url: ${{ env.OPENSHIFT_SERVER }}
|
||||
openshift_token: ${{ env.OPENSHIFT_TOKEN }}
|
||||
insecure_skip_tls_verify: true
|
||||
namespace: ${{ env.OPENSHIFT_NAMESPACE }}
|
||||
|
||||
# This step should create a deployment, service, and route to run your app and expose it to the internet.
|
||||
# https://github.com/redhat-actions/oc-new-app#readme
|
||||
- name: Create and expose app
|
||||
id: deploy-and-expose
|
||||
uses: redhat-actions/oc-new-app@v1
|
||||
with:
|
||||
app_name: ${{ env.APP_NAME }}
|
||||
image: ${{ steps.push-to-registry.outputs.registry-path }}
|
||||
namespace: ${{ env.OPENSHIFT_NAMESPACE }}
|
||||
port: ${{ env.APP_PORT }}
|
||||
|
||||
- name: View application route
|
||||
run: |
|
||||
[[ -n ${{ env.ROUTE }} ]] || (echo "Determining application route failed in previous step"; exit 1)
|
||||
echo "======================== Your application is available at: ========================"
|
||||
echo ${{ env.ROUTE }}
|
||||
echo "==================================================================================="
|
||||
echo
|
||||
echo "Your app can be taken down with: \"oc delete all --selector='${{ env.SELECTOR }}'\""
|
||||
env:
|
||||
ROUTE: ${{ steps.deploy-and-expose.outputs.route }}
|
||||
SELECTOR: ${{ steps.deploy-and-expose.outputs.selector }}
|
||||
@@ -2,5 +2,5 @@
|
||||
"name": "Ada",
|
||||
"description": "Build Ada project with GPRbuild.",
|
||||
"iconName": "ada",
|
||||
"categories": ["Ada"]
|
||||
"categories": ["Continuous integration", "Ada"]
|
||||
}
|
||||
|
||||
@@ -2,5 +2,5 @@
|
||||
"name": "Android CI",
|
||||
"description": "Build an Android project with Gradle.",
|
||||
"iconName": "android",
|
||||
"categories": ["Java", "Mobile"]
|
||||
"categories": ["Continuous integration", "Java", "Mobile"]
|
||||
}
|
||||
|
||||
@@ -2,5 +2,5 @@
|
||||
"name": "Java with Ant",
|
||||
"description": "Build and test a Java project with Apache Ant.",
|
||||
"iconName": "ant",
|
||||
"categories": ["Ant", "Java"]
|
||||
"categories": ["Continuous integration", "Ant", "Java"]
|
||||
}
|
||||
|
||||
@@ -2,5 +2,5 @@
|
||||
"name": "C/C++ with Make",
|
||||
"description": "Build and test a C/C++ project using Make.",
|
||||
"iconName": "c-cpp",
|
||||
"categories": ["C", "C++"]
|
||||
"categories": ["Continuous integration", "C", "C++"]
|
||||
}
|
||||
|
||||
@@ -2,5 +2,5 @@
|
||||
"name": "Clojure",
|
||||
"description": "Build and test a Clojure project with Leiningen.",
|
||||
"iconName": "clojure",
|
||||
"categories": ["Clojure", "Java"]
|
||||
"categories": ["Continuous integration", "Clojure", "Java"]
|
||||
}
|
||||
|
||||
@@ -2,5 +2,5 @@
|
||||
"name": "CMake based projects",
|
||||
"description": "Build and test a CMake based project.",
|
||||
"iconName": "cmake",
|
||||
"categories": ["C", "C++"]
|
||||
"categories": ["Continuous integration", "C", "C++"]
|
||||
}
|
||||
@@ -2,5 +2,5 @@
|
||||
"name": "Crystal",
|
||||
"description": "Build and test a Crystal project.",
|
||||
"iconName": "crystal",
|
||||
"categories": ["Crystal"]
|
||||
"categories": ["Continuous integration", "Crystal"]
|
||||
}
|
||||
|
||||
@@ -2,5 +2,5 @@
|
||||
"name": "D",
|
||||
"description": "Build and test a D project with dub.",
|
||||
"iconName": "d",
|
||||
"categories": [ "D" ]
|
||||
"categories": ["Continuous integration", "D"]
|
||||
}
|
||||
|
||||
@@ -2,5 +2,5 @@
|
||||
"name": "Dart",
|
||||
"description": "Build and test a Dart project with Pub.",
|
||||
"iconName": "dart",
|
||||
"categories": ["Dart"]
|
||||
"categories": ["Continuous integration", "Dart"]
|
||||
}
|
||||
|
||||
@@ -2,5 +2,5 @@
|
||||
"name": "Deno",
|
||||
"description": "Test your Deno project",
|
||||
"iconName": "deno",
|
||||
"categories": ["JavaScript", "TypeScript", "Deno"]
|
||||
"categories": ["Continuous integration", "JavaScript", "TypeScript", "Deno"]
|
||||
}
|
||||
|
||||
@@ -2,5 +2,5 @@
|
||||
"name": "Django",
|
||||
"description": "Build and Test a Django Project",
|
||||
"iconName": "django",
|
||||
"categories": ["Python", "Django"]
|
||||
"categories": ["Continuous integration", "Python", "Django"]
|
||||
}
|
||||
|
||||
@@ -2,5 +2,5 @@
|
||||
"name": "Docker image",
|
||||
"description": "Build a Docker image to deploy, run, or push to a registry.",
|
||||
"iconName": "docker",
|
||||
"categories": ["Dockerfile"]
|
||||
"categories": ["Continuous integration", "Dockerfile"]
|
||||
}
|
||||
|
||||
@@ -2,5 +2,5 @@
|
||||
"name": "Publish Docker Container",
|
||||
"description": "Build, test and push Docker image to GitHub Packages.",
|
||||
"iconName": "docker",
|
||||
"categories": ["Dockerfile"]
|
||||
"categories": ["Continuous integration", "Dockerfile"]
|
||||
}
|
||||
|
||||
@@ -2,5 +2,5 @@
|
||||
"name": ".NET Desktop",
|
||||
"description": "Build, test, sign and publish a desktop application built on .NET.",
|
||||
"iconName": "dotnet",
|
||||
"categories": ["C#", "Visual Basic", "WPF", ".NET"]
|
||||
"categories": ["Continuous integration", "C#", "Visual Basic", "WPF", ".NET"]
|
||||
}
|
||||
@@ -2,5 +2,5 @@
|
||||
"name": ".NET",
|
||||
"description": "Build and test a .NET or ASP.NET Core project.",
|
||||
"iconName": "dotnet",
|
||||
"categories": ["C#", "F#", "Visual Basic", "ASP", "ASP.NET", ".NET"]
|
||||
"categories": ["Continuous integration", "C#", "F#", "Visual Basic", "ASP", "ASP.NET", ".NET", "AspNetCore", "DotNetConsole"]
|
||||
}
|
||||
|
||||
@@ -2,5 +2,5 @@
|
||||
"name": "Elixir",
|
||||
"description": "Build and test an Elixir project with Mix.",
|
||||
"iconName": "elixir",
|
||||
"categories": ["Elixir", "Erlang"]
|
||||
"categories": ["Continuous integration", "Elixir", "Erlang"]
|
||||
}
|
||||
|
||||
@@ -2,5 +2,5 @@
|
||||
"name": "Erlang",
|
||||
"description": "Build and test an Erlang project with rebar.",
|
||||
"iconName": "erlang",
|
||||
"categories": ["Erlang"]
|
||||
"categories": ["Continuous integration", "Erlang"]
|
||||
}
|
||||
|
||||
@@ -2,5 +2,5 @@
|
||||
"name": "Ruby Gem",
|
||||
"description": "Pushes a Ruby Gem to RubyGems and GitHub Package Registry.",
|
||||
"iconName": "ruby-gems",
|
||||
"categories": ["Ruby"]
|
||||
"categories": ["Continuous integration", "Ruby"]
|
||||
}
|
||||
|
||||
@@ -2,5 +2,5 @@
|
||||
"name": "Go",
|
||||
"description": "Build a Go project.",
|
||||
"iconName": "go",
|
||||
"categories": ["Go"]
|
||||
"categories": ["Continuous integration", "Go"]
|
||||
}
|
||||
|
||||
@@ -2,5 +2,5 @@
|
||||
"name": "Publish Java Package with Gradle",
|
||||
"description": "Build a Java Package using Gradle and publish to GitHub Packages.",
|
||||
"iconName": "gradle",
|
||||
"categories": ["Java", "Gradle"]
|
||||
"categories": ["Continuous integration", "Java", "Gradle", "Spring", "JSF"]
|
||||
}
|
||||
@@ -2,5 +2,5 @@
|
||||
"name": "Java with Gradle",
|
||||
"description": "Build and test a Java project using a Gradle wrapper script.",
|
||||
"iconName": "gradle",
|
||||
"categories": ["Java", "Gradle"]
|
||||
"categories": ["Continuous integration", "Java", "Gradle", "Spring", "JSF"]
|
||||
}
|
||||
|
||||
@@ -2,5 +2,5 @@
|
||||
"name": "Haskell",
|
||||
"description": "Build and test a Haskell project with Cabal.",
|
||||
"iconName": "haskell",
|
||||
"categories": ["Haskell"]
|
||||
"categories": ["Continuous integration", "Haskell"]
|
||||
}
|
||||
|
||||
@@ -3,6 +3,7 @@
|
||||
"description": "Build and test an iOS application using xcodebuild and any available iPhone simulator.",
|
||||
"iconName": "xcode",
|
||||
"categories": [
|
||||
"Continuous integration",
|
||||
"iOS",
|
||||
"Xcode"
|
||||
]
|
||||
|
||||
@@ -2,5 +2,5 @@
|
||||
"name": "Jekyll",
|
||||
"description": "Package a Jekyll site using the jekyll/builder Docker image.",
|
||||
"iconName": "jekyll",
|
||||
"categories": ["HTML"]
|
||||
"categories": ["Continuous integration", "HTML"]
|
||||
}
|
||||
|
||||
@@ -3,6 +3,7 @@
|
||||
"description": "Test a Laravel project.",
|
||||
"iconName": "php",
|
||||
"categories": [
|
||||
"Continuous integration",
|
||||
"PHP",
|
||||
"Laravel"
|
||||
]
|
||||
|
||||
@@ -0,0 +1,6 @@
|
||||
{
|
||||
"name": "Build projects with Make",
|
||||
"description": "Build and test a project using Make.",
|
||||
"iconName": "makefile",
|
||||
"categories": ["Continuous integration", "Makefile"]
|
||||
}
|
||||
@@ -2,5 +2,5 @@
|
||||
"name": "Publish Java Package with Maven",
|
||||
"description": "Build a Java Package using Maven and publish to GitHub Packages.",
|
||||
"iconName": "maven",
|
||||
"categories": ["Java", "Maven"]
|
||||
"categories": ["Continuous integration", "Java", "Maven", "Spring", "JSF"]
|
||||
}
|
||||
@@ -2,5 +2,5 @@
|
||||
"name": "Java with Maven",
|
||||
"description": "Build and test a Java project with Apache Maven.",
|
||||
"iconName": "maven",
|
||||
"categories": ["Java", "Maven"]
|
||||
"categories": ["Continuous integration", "Java", "Maven", "Spring", "JSF"]
|
||||
}
|
||||
|
||||
@@ -2,5 +2,5 @@
|
||||
"name": "MSBuild based projects",
|
||||
"description": "Build a MSBuild based project.",
|
||||
"iconName": "c-cpp",
|
||||
"categories": ["C", "C++"]
|
||||
"categories": ["Continuous integration", "C", "C++"]
|
||||
}
|
||||
@@ -2,5 +2,5 @@
|
||||
"name": "Node.js",
|
||||
"description": "Build and test a Node.js project with npm.",
|
||||
"iconName": "nodejs",
|
||||
"categories": ["JavaScript", "npm"]
|
||||
"categories": ["Continuous integration", "JavaScript", "npm", "React", "Angular", "Vue"]
|
||||
}
|
||||
|
||||
@@ -2,5 +2,5 @@
|
||||
"name": "Grunt",
|
||||
"description": "Build a NodeJS project with npm and grunt.",
|
||||
"iconName": "grunt",
|
||||
"categories": ["JavaScript", "TypeScript", "npm", "Grunt"]
|
||||
"categories": ["Continuous integration", "JavaScript", "TypeScript", "npm", "Grunt"]
|
||||
}
|
||||
@@ -2,5 +2,5 @@
|
||||
"name": "Gulp",
|
||||
"description": "Build a NodeJS project with npm and gulp.",
|
||||
"iconName": "gulp",
|
||||
"categories": ["JavaScript", "TypeScript", "npm", "Gulp"]
|
||||
"categories": ["Continuous integration", "JavaScript", "TypeScript", "npm", "Gulp"]
|
||||
}
|
||||
@@ -2,5 +2,5 @@
|
||||
"name": "Publish Node.js Package",
|
||||
"description": "Publishes a Node.js package to npm and GitHub Packages.",
|
||||
"iconName": "node-package-transparent",
|
||||
"categories": ["JavaScript", "npm"]
|
||||
"categories": ["Continuous integration", "JavaScript", "npm"]
|
||||
}
|
||||
|
||||
@@ -0,0 +1,6 @@
|
||||
{
|
||||
"name": "Xcode - Build and Analyze",
|
||||
"description": "Build Xcode project using xcodebuild",
|
||||
"iconName": "xcode",
|
||||
"categories": ["Continuous integration", "Xcode", "Objective-C"]
|
||||
}
|
||||
@@ -2,5 +2,5 @@
|
||||
"name": "PHP",
|
||||
"description": "Build and test a PHP application using Composer",
|
||||
"iconName": "php",
|
||||
"categories": ["PHP", "Composer"]
|
||||
"categories": ["Continuous integration", "PHP", "Composer"]
|
||||
}
|
||||
@@ -2,5 +2,5 @@
|
||||
"name": "Pylint",
|
||||
"description": "Lint a Python application with pylint.",
|
||||
"iconName": "python",
|
||||
"categories": ["Python"]
|
||||
"categories": ["Continuous integration", "Python", "Bottle", "Flask"]
|
||||
}
|
||||
|
||||
@@ -2,5 +2,5 @@
|
||||
"name": "Python application",
|
||||
"description": "Create and test a Python application.",
|
||||
"iconName": "python",
|
||||
"categories": ["Python"]
|
||||
"categories": ["Continuous integration", "Python", "Bottle", "Flask"]
|
||||
}
|
||||
|
||||
@@ -2,5 +2,5 @@
|
||||
"name": "Python Package using Anaconda",
|
||||
"description": "Create and test a Python package on multiple Python versions using Anaconda for package management.",
|
||||
"iconName": "python",
|
||||
"categories": ["Python"]
|
||||
"categories": ["Continuous integration", "Python"]
|
||||
}
|
||||
|
||||
@@ -2,5 +2,5 @@
|
||||
"name": "Python package",
|
||||
"description": "Create and test a Python package on multiple Python versions.",
|
||||
"iconName": "python",
|
||||
"categories": ["Python"]
|
||||
"categories": ["Continuous integration", "Python", "Bottle", "Flask"]
|
||||
}
|
||||
|
||||
@@ -2,5 +2,5 @@
|
||||
"name": "Publish Python Package",
|
||||
"description": "Publish a Python Package to PyPI on release.",
|
||||
"iconName": "python",
|
||||
"categories": ["Python"]
|
||||
"categories": ["Continuous integration", "Python"]
|
||||
}
|
||||
|
||||
@@ -2,5 +2,5 @@
|
||||
"name": "R package",
|
||||
"description": "Create and test an R package on multiple R versions.",
|
||||
"iconName": "r",
|
||||
"categories": ["R"]
|
||||
"categories": ["Continuous integration", "R"]
|
||||
}
|
||||
|
||||
@@ -2,5 +2,5 @@
|
||||
"name": "Ruby",
|
||||
"description": "Build and test a Ruby project with Rake.",
|
||||
"iconName": "ruby",
|
||||
"categories": ["Ruby"]
|
||||
"categories": ["Continuous integration", "Ruby"]
|
||||
}
|
||||
|
||||
@@ -0,0 +1,6 @@
|
||||
{
|
||||
"name": "Rails - Install Dependencies and Run Linters",
|
||||
"description": "Install dependencies and run linters on Rails application",
|
||||
"iconName": "ruby",
|
||||
"categories": ["Continuous integration", "Ruby", "Rails"]
|
||||
}
|
||||
@@ -2,5 +2,5 @@
|
||||
"name": "Rust",
|
||||
"description": "Build and test a Rust project with Cargo.",
|
||||
"iconName": "rust",
|
||||
"categories": ["Rust"]
|
||||
"categories": ["Continuous integration", "Rust"]
|
||||
}
|
||||
@@ -2,5 +2,5 @@
|
||||
"name": "Scala",
|
||||
"description": "Build and test a Scala project with SBT.",
|
||||
"iconName": "scala",
|
||||
"categories": ["Scala", "Java"]
|
||||
"categories": ["Continuous integration", "Scala", "Java"]
|
||||
}
|
||||
|
||||
@@ -0,0 +1,6 @@
|
||||
{
|
||||
"name": "Super Linter - Run Linters for several languages",
|
||||
"description": "Run linters for several languages on your code base for changed files",
|
||||
"iconName": "octicon check-circle",
|
||||
"categories": ["Continuous integration", "code-quality", "code-review"]
|
||||
}
|
||||
@@ -2,5 +2,5 @@
|
||||
"name": "Swift",
|
||||
"description": "Build and test a Swift Package.",
|
||||
"iconName": "swift",
|
||||
"categories": ["Swift"]
|
||||
"categories": ["Continuous integration", "Swift"]
|
||||
}
|
||||
|
||||
@@ -0,0 +1,10 @@
|
||||
{
|
||||
"name": "Symfony",
|
||||
"description": "Test a Symfony project.",
|
||||
"iconName": "php",
|
||||
"categories": [
|
||||
"Continuous integration",
|
||||
"PHP",
|
||||
"Symfony"
|
||||
]
|
||||
}
|
||||
@@ -2,5 +2,5 @@
|
||||
"name": "Webpack",
|
||||
"description": "Build a NodeJS project with npm and webpack.",
|
||||
"iconName": "webpack",
|
||||
"categories": ["JavaScript", "TypeScript", "npm", "Webpack"]
|
||||
"categories": ["Continuous integration", "JavaScript", "TypeScript", "npm", "Webpack"]
|
||||
}
|
||||
|
||||
+5
-4
@@ -4,15 +4,16 @@ on: [push]
|
||||
|
||||
jobs:
|
||||
build:
|
||||
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
strategy:
|
||||
matrix:
|
||||
python-version: ["3.8", "3.9", "3.10"]
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- name: Set up Python 3.9
|
||||
- name: Set up Python ${{ matrix.python-version }}
|
||||
uses: actions/setup-python@v2
|
||||
with:
|
||||
python-version: 3.9
|
||||
python-version: ${{ matrix.python-version }}
|
||||
- name: Install dependencies
|
||||
run: |
|
||||
python -m pip install --upgrade pip
|
||||
|
||||
+2
-2
@@ -16,10 +16,10 @@ jobs:
|
||||
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- name: Set up Python 3.9
|
||||
- name: Set up Python 3.10
|
||||
uses: actions/setup-python@v2
|
||||
with:
|
||||
python-version: 3.9
|
||||
python-version: "3.10"
|
||||
- name: Install dependencies
|
||||
run: |
|
||||
python -m pip install --upgrade pip
|
||||
|
||||
@@ -10,10 +10,10 @@ jobs:
|
||||
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- name: Set up Python 3.8
|
||||
- name: Set up Python 3.10
|
||||
uses: actions/setup-python@v2
|
||||
with:
|
||||
python-version: 3.8
|
||||
python-version: 3.10
|
||||
- name: Add conda to system path
|
||||
run: |
|
||||
# $CONDA is an environment variable pointing to the root of the miniconda directory
|
||||
|
||||
@@ -16,7 +16,7 @@ jobs:
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
python-version: [3.7, 3.8, 3.9]
|
||||
python-version: ["3.8", "3.9", "3.10"]
|
||||
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
|
||||
@@ -19,12 +19,12 @@ jobs:
|
||||
runs-on: macos-latest
|
||||
strategy:
|
||||
matrix:
|
||||
r-version: [3.5, 3.6]
|
||||
r-version: ['3.6.3', '4.1.1']
|
||||
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- name: Set up R ${{ matrix.r-version }}
|
||||
uses: r-lib/actions/setup-r@ffe45a39586f073cc2e9af79c4ba563b657dc6e3
|
||||
uses: r-lib/actions/setup-r@f57f1301a053485946083d7a45022b278929a78a
|
||||
with:
|
||||
r-version: ${{ matrix.r-version }}
|
||||
- name: Install dependencies
|
||||
|
||||
@@ -0,0 +1,32 @@
|
||||
# This workflow uses actions that are not certified by GitHub.
|
||||
# They are provided by a third-party and are governed by
|
||||
# separate terms of service, privacy policy, and support
|
||||
# documentation.
|
||||
# This workflow will download a prebuilt Ruby version, install dependencies, and run linters
|
||||
name: Rails - Install dependencies and run linters
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ $default-branch ]
|
||||
pull_request:
|
||||
branches: [ $default-branch ]
|
||||
jobs:
|
||||
run-lint:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v2
|
||||
|
||||
- name: Setup Ruby and install gems
|
||||
uses: ruby/setup-ruby@473e4d8fe5dd94ee328fdfca9f8c9c7afc9dae5e
|
||||
with:
|
||||
bundler-cache: true
|
||||
# Add or Replace any other security checks here
|
||||
- name: Run security checks
|
||||
run: |
|
||||
bin/bundler-audit --update
|
||||
bin/brakeman -q -w2
|
||||
# Add or Replace any other Linters here
|
||||
- name: Run linters
|
||||
run: |
|
||||
bin/rubocop --parallel
|
||||
@@ -0,0 +1,29 @@
|
||||
# This workflow executes several linters on changed files based on languages used in your code base whenever
|
||||
# you push a code or open a pull request.
|
||||
#
|
||||
# You can adjust the behavior by modifying this file.
|
||||
# For more information, see:
|
||||
# https://github.com/github/super-linter
|
||||
name: Lint Code Base
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ $default-branch ]
|
||||
pull_request:
|
||||
branches: [ $default-branch ]
|
||||
jobs:
|
||||
run-lint:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v2
|
||||
with:
|
||||
# Full git history is needed to get a proper list of changed files within `super-linter`
|
||||
fetch-depth: 0
|
||||
|
||||
- name: Lint Code Base
|
||||
uses: github/super-linter@v4
|
||||
env:
|
||||
VALIDATE_ALL_CODEBASE: false
|
||||
DEFAULT_BRANCH: $default-branch
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
@@ -0,0 +1,39 @@
|
||||
name: Symfony
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ $default-branch ]
|
||||
pull_request:
|
||||
branches: [ $default-branch ]
|
||||
|
||||
jobs:
|
||||
symfony-tests:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
# To automatically get bug fixes and new Php versions for shivammathur/setup-php,
|
||||
# change this to (see https://github.com/shivammathur/setup-php#bookmark-versioning):
|
||||
# uses: shivammathur/setup-php@v2
|
||||
- uses: shivammathur/setup-php@2cb9b829437ee246e9b3cac53555a39208ca6d28
|
||||
with:
|
||||
php-version: '8.0'
|
||||
- uses: actions/checkout@v2
|
||||
- name: Copy .env.test.local
|
||||
run: php -r "file_exists('.env.test.local') || copy('.env.test', '.env.test.local');"
|
||||
- name: Cache Composer packages
|
||||
id: composer-cache
|
||||
uses: actions/cache@v2
|
||||
with:
|
||||
path: vendor
|
||||
key: ${{ runner.os }}-php-${{ hashFiles('**/composer.lock') }}
|
||||
restore-keys: |
|
||||
${{ runner.os }}-php-
|
||||
- name: Install Dependencies
|
||||
run: composer install -q --no-ansi --no-interaction --no-scripts --no-progress --prefer-dist
|
||||
- name: Create Database
|
||||
run: |
|
||||
mkdir -p data
|
||||
touch data/database.sqlite
|
||||
- name: Execute tests (Unit and Feature tests) via PHPUnit
|
||||
env:
|
||||
DATABASE_URL: sqlite:///%kernel.project_dir%/data/database.sqlite
|
||||
run: vendor/bin/phpunit
|
||||
@@ -0,0 +1,39 @@
|
||||
# This workflow uses actions that are not certified by GitHub.
|
||||
# They are provided by a third-party and are governed by
|
||||
# separate terms of service, privacy policy, and support
|
||||
# documentation.
|
||||
|
||||
# This workflow checks out code, builds an image, performs a container image
|
||||
# vulnerability scan with Anchore's Grype tool, and integrates the results with GitHub Advanced Security
|
||||
# code scanning feature. For more information on the Anchore scan action usage
|
||||
# and parameters, see https://github.com/anchore/scan-action. For more
|
||||
# information on Anchore's container image scanning tool Grype, see
|
||||
# https://github.com/anchore/grype
|
||||
name: Anchore Container Scan
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ $default-branch, $protected-branches ]
|
||||
pull_request:
|
||||
# The branches below must be a subset of the branches above
|
||||
branches: [ $default-branch ]
|
||||
schedule:
|
||||
- cron: $cron-weekly
|
||||
|
||||
jobs:
|
||||
Anchore-Build-Scan:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout the code
|
||||
uses: actions/checkout@v2
|
||||
- name: Build the Docker image
|
||||
run: docker build . --file Dockerfile --tag localbuild/testimage:latest
|
||||
- name: Run the Anchore scan action itself with GitHub Advanced Security code scanning integration enabled
|
||||
uses: anchore/scan-action@b08527d5ae7f7dc76f9621edb6e49eaf47933ccd
|
||||
with:
|
||||
image: "localbuild/testimage:latest"
|
||||
acs-report-enable: true
|
||||
- name: Upload Anchore Scan Report
|
||||
uses: github/codeql-action/upload-sarif@v1
|
||||
with:
|
||||
sarif_file: results.sarif
|
||||
@@ -0,0 +1,51 @@
|
||||
# This workflow uses actions that are not certified by GitHub.
|
||||
# They are provided by a third-party and are governed by
|
||||
# separate terms of service, privacy policy, and support
|
||||
# documentation.
|
||||
|
||||
# This workflow integrates Brakeman with GitHub's Code Scanning feature
|
||||
# Brakeman is a static analysis security vulnerability scanner for Ruby on Rails applications
|
||||
|
||||
name: Brakeman Scan
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ $default-branch, $protected-branches ]
|
||||
pull_request:
|
||||
# The branches below must be a subset of the branches above
|
||||
branches: [ $default-branch ]
|
||||
schedule:
|
||||
- cron: $cron-weekly
|
||||
|
||||
jobs:
|
||||
brakeman-scan:
|
||||
name: Brakeman Scan
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
# Checkout the repository to the GitHub Actions runner
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v2
|
||||
|
||||
# Customize the ruby version depending on your needs
|
||||
- name: Setup Ruby
|
||||
uses: ruby/setup-ruby@f20f1eae726df008313d2e0d78c5e602562a1bcf
|
||||
with:
|
||||
ruby-version: '2.7'
|
||||
|
||||
- name: Setup Brakeman
|
||||
env:
|
||||
BRAKEMAN_VERSION: '4.10' # SARIF support is provided in Brakeman version 4.10+
|
||||
run: |
|
||||
gem install brakeman --version $BRAKEMAN_VERSION
|
||||
|
||||
# Execute Brakeman CLI and generate a SARIF output with the security issues identified during the analysis
|
||||
- name: Scan
|
||||
continue-on-error: true
|
||||
run: |
|
||||
brakeman -f sarif -o output.sarif.json .
|
||||
|
||||
# Upload the SARIF file generated in the previous step
|
||||
- name: Upload SARIF
|
||||
uses: github/codeql-action/upload-sarif@v1
|
||||
with:
|
||||
sarif_file: output.sarif.json
|
||||
@@ -0,0 +1,44 @@
|
||||
# This workflow uses actions that are not certified by GitHub.
|
||||
# They are provided by a third-party and are governed by
|
||||
# separate terms of service, privacy policy, and support
|
||||
# documentation.
|
||||
|
||||
# This is a basic workflow to help you get started with Using Checkmarx CxFlow Action
|
||||
|
||||
name: CxFlow
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ $default-branch, $protected-branches ]
|
||||
pull_request:
|
||||
# The branches below must be a subset of the branches above
|
||||
branches: [ $default-branch ]
|
||||
schedule:
|
||||
- cron: $cron-weekly
|
||||
|
||||
# A workflow run is made up of one or more jobs that can run sequentially or in parallel - this job is specifically configured to use the Checkmarx CxFlow Action
|
||||
jobs:
|
||||
# This workflow contains a single job called "build"
|
||||
build:
|
||||
# The type of runner that the job will run on - Ubuntu is required as Docker is leveraged for the action
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
# Steps require - checkout code, run CxFlow Action, Upload SARIF report (optional)
|
||||
steps:
|
||||
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
|
||||
- uses: actions/checkout@v2
|
||||
# Runs the Checkmarx Scan leveraging the latest version of CxFlow - REFER to Action README for list of inputs
|
||||
- name: Checkmarx CxFlow Action
|
||||
uses: checkmarx-ts/checkmarx-cxflow-github-action@04e6403dbbfee0fd3fb076e5791202c31c54fe6b
|
||||
with:
|
||||
project: GithubActionTest
|
||||
team: '\CxServer\SP\Checkmarx'
|
||||
checkmarx_url: ${{ secrets.CHECKMARX_URL }}
|
||||
checkmarx_username: ${{ secrets.CHECKMARX_USERNAME }}
|
||||
checkmarx_password: ${{ secrets.CHECKMARX_PASSWORD }}
|
||||
checkmarx_client_secret: ${{ secrets.CHECKMARX_CLIENT_SECRET }}
|
||||
# Upload the Report for CodeQL/Security Alerts
|
||||
- name: Upload SARIF file
|
||||
uses: github/codeql-action/upload-sarif@v1
|
||||
with:
|
||||
sarif_file: cx.sarif
|
||||
@@ -0,0 +1,58 @@
|
||||
# This workflow uses actions that are not certified by GitHub.
|
||||
# They are provided by a third-party and are governed by
|
||||
# separate terms of service, privacy policy, and support
|
||||
# documentation.
|
||||
|
||||
name: Cloudrail
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ $default-branch, $protected-branches ]
|
||||
pull_request:
|
||||
branches: [ $default-branch ]
|
||||
schedule:
|
||||
- cron: $cron-weekly
|
||||
|
||||
jobs:
|
||||
cloudrail:
|
||||
name: Run Indeni Cloudrail on Terraform code with SARIF output
|
||||
runs-on: ubuntu-latest
|
||||
permissions:
|
||||
actions: read
|
||||
contents: read
|
||||
security-events: write
|
||||
|
||||
steps:
|
||||
- name: Clone repo
|
||||
uses: actions/checkout@v2
|
||||
|
||||
# For Terraform, Cloudrail requires the plan as input. So we generate it using
|
||||
# the Terraform core binary.
|
||||
- uses: hashicorp/setup-terraform@v1
|
||||
with:
|
||||
terraform_version: v0.13.2
|
||||
|
||||
- run: terraform init
|
||||
|
||||
- run: terraform plan -out=plan.out
|
||||
env:
|
||||
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
|
||||
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
|
||||
|
||||
# Confirm we have the plan file
|
||||
- run: stat plan.out
|
||||
|
||||
- name: Run Cloudrail
|
||||
uses: indeni/cloudrail-run-ga@b56ed2d30913c975b36df231adc2eabf05523622
|
||||
with:
|
||||
tf-plan-file: plan.out # This was created in a "terraform plan" step
|
||||
cloudrail-api-key: ${{ secrets.CLOUDRAIL_API_KEY }} # This requires registration to Indeni Cloudrail's SaaS at https://web.cloudrail.app
|
||||
cloud-account-id: # Leave this empty for Static Analaysis, or provide an account ID for Dynamic Analysis, see instructions in Cloudrail SaaS
|
||||
|
||||
- name: Upload SARIF file
|
||||
uses: github/codeql-action/upload-sarif@v1
|
||||
# Remember that if issues are found, Cloudrail return non-zero exit code, so the if: always()
|
||||
# is needed to ensure the SARIF file is uploaded
|
||||
if: always()
|
||||
with:
|
||||
sarif_file: cloudrail_results.sarif
|
||||
@@ -0,0 +1,54 @@
|
||||
# This workflow uses actions that are not certified by GitHub.
|
||||
# They are provided by a third-party and are governed by
|
||||
# separate terms of service, privacy policy, and support
|
||||
# documentation.
|
||||
|
||||
# This workflow checks out code, performs a Codacy security scan
|
||||
# and integrates the results with the
|
||||
# GitHub Advanced Security code scanning feature. For more information on
|
||||
# the Codacy security scan action usage and parameters, see
|
||||
# https://github.com/codacy/codacy-analysis-cli-action.
|
||||
# For more information on Codacy Analysis CLI in general, see
|
||||
# https://github.com/codacy/codacy-analysis-cli.
|
||||
|
||||
name: Codacy Security Scan
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ $default-branch, $protected-branches ]
|
||||
pull_request:
|
||||
# The branches below must be a subset of the branches above
|
||||
branches: [ $default-branch ]
|
||||
schedule:
|
||||
- cron: $cron-weekly
|
||||
|
||||
jobs:
|
||||
codacy-security-scan:
|
||||
name: Codacy Security Scan
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
# Checkout the repository to the GitHub Actions runner
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v2
|
||||
|
||||
# Execute Codacy Analysis CLI and generate a SARIF output with the security issues identified during the analysis
|
||||
- name: Run Codacy Analysis CLI
|
||||
uses: codacy/codacy-analysis-cli-action@d840f886c4bd4edc059706d09c6a1586111c540b
|
||||
with:
|
||||
# Check https://github.com/codacy/codacy-analysis-cli#project-token to get your project token from your Codacy repository
|
||||
# You can also omit the token and run the tools that support default configurations
|
||||
project-token: ${{ secrets.CODACY_PROJECT_TOKEN }}
|
||||
verbose: true
|
||||
output: results.sarif
|
||||
format: sarif
|
||||
# Adjust severity of non-security issues
|
||||
gh-code-scanning-compat: true
|
||||
# Force 0 exit code to allow SARIF file generation
|
||||
# This will handover control about PR rejection to the GitHub side
|
||||
max-allowed-issues: 2147483647
|
||||
|
||||
# Upload the SARIF file generated in the previous step
|
||||
- name: Upload SARIF results file
|
||||
uses: github/codeql-action/upload-sarif@v1
|
||||
with:
|
||||
sarif_file: results.sarif
|
||||
@@ -34,8 +34,7 @@ jobs:
|
||||
matrix:
|
||||
language: [ $detected-codeql-languages ]
|
||||
# CodeQL supports [ $supported-codeql-languages ]
|
||||
# Learn more:
|
||||
# https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed
|
||||
# Learn more about CodeQL language support at https://git.io/codeql-language-support
|
||||
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
|
||||
@@ -0,0 +1,42 @@
|
||||
# This workflow uses actions that are not certified by GitHub.
|
||||
# They are provided by a third-party and are governed by
|
||||
# separate terms of service, privacy policy, and support
|
||||
# documentation.
|
||||
|
||||
# This workflow requires that you have an existing account with codescan.io
|
||||
# For more information about configuring your workflow,
|
||||
# read our documentation at https://github.com/codescan-io/codescan-scanner-action
|
||||
name: CodeScan
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ $default-branch, $protected-branches ]
|
||||
pull_request:
|
||||
# The branches below must be a subset of the branches above
|
||||
branches: [ $default-branch ]
|
||||
schedule:
|
||||
- cron: $cron-weekly
|
||||
|
||||
jobs:
|
||||
CodeScan:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v2
|
||||
- name: Cache files
|
||||
uses: actions/cache@v2
|
||||
with:
|
||||
path: |
|
||||
~/.sonar
|
||||
key: ${{ runner.os }}-sonar
|
||||
restore-keys: ${{ runner.os }}-sonar
|
||||
- name: Run Analysis
|
||||
uses: codescan-io/codescan-scanner-action@5b2e8c5683ef6a5adc8fa3b7950bb07debccce12
|
||||
with:
|
||||
login: ${{ secrets.CODESCAN_AUTH_TOKEN }}
|
||||
organization: ${{ secrets.CODESCAN_ORGANIZATION_KEY }}
|
||||
projectKey: ${{ secrets.CODESCAN_PROJECT_KEY }}
|
||||
- name: Upload SARIF file
|
||||
uses: github/codeql-action/upload-sarif@v1
|
||||
with:
|
||||
sarif_file: codescan.sarif
|
||||
@@ -0,0 +1,53 @@
|
||||
# This workflow uses actions that are not certified by GitHub.
|
||||
# They are provided by a third-party and are governed by
|
||||
# separate terms of service, privacy policy, and support
|
||||
# documentation.
|
||||
|
||||
# This workflow locates REST API file contracts
|
||||
# (Swagger or OpenAPI format, v2 and v3, JSON and YAML)
|
||||
# and runs 200+ security checks on them using 42Crunch Security Audit technology.
|
||||
#
|
||||
# Documentation is located here: https://docs.42crunch.com/latest/content/tasks/integrate_github_actions.htm
|
||||
#
|
||||
# To use this workflow, you will need to complete the following setup steps.
|
||||
#
|
||||
# 1. Create a free 42Crunch account at https://platform.42crunch.com/register
|
||||
#
|
||||
# 2. Follow steps at https://docs.42crunch.com/latest/content/tasks/integrate_github_actions.htm
|
||||
# to create an API Token on the 42Crunch platform
|
||||
#
|
||||
# 3. Add a secret in GitHub as explained in https://docs.42crunch.com/latest/content/tasks/integrate_github_actions.htm,
|
||||
# store the 42Crunch API Token in that secret, and supply the secret's name as api-token parameter in this workflow
|
||||
#
|
||||
# If you have any questions or need help contact https://support.42crunch.com
|
||||
|
||||
name: "42Crunch REST API Static Security Testing"
|
||||
|
||||
# follow standard Code Scanning triggers
|
||||
on:
|
||||
push:
|
||||
branches: [ $default-branch, $protected-branches ]
|
||||
pull_request:
|
||||
# The branches below must be a subset of the branches above
|
||||
branches: [ $default-branch ]
|
||||
schedule:
|
||||
- cron: $cron-weekly
|
||||
|
||||
jobs:
|
||||
rest-api-static-security-testing:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
|
||||
- name: 42Crunch REST API Static Security Testing
|
||||
uses: 42Crunch/api-security-audit-action@96228d9c48873fe001354047d47fb62be42abeb1
|
||||
with:
|
||||
# Please create free account at https://platform.42crunch.com/register
|
||||
# Follow these steps to configure API_TOKEN https://docs.42crunch.com/latest/content/tasks/integrate_github_actions.htm
|
||||
api-token: ${{ secrets.API_TOKEN }}
|
||||
# Fail if any OpenAPI file scores lower than 75
|
||||
min-score: 75
|
||||
# Upload results to Github code scanning
|
||||
upload-to-code-scanning: true
|
||||
# Github token for uploading the results
|
||||
github-token: ${{ github.token }}
|
||||
@@ -0,0 +1,97 @@
|
||||
# This workflow uses actions that are not certified by GitHub.
|
||||
# They are provided by a third-party and are governed by
|
||||
# separate terms of service, privacy policy, and support
|
||||
# documentation.
|
||||
|
||||
################################################################################################################################################
|
||||
# Fortify lets you build secure software fast with an appsec platform that automates testing throughout the DevSecOps pipeline. Fortify static,#
|
||||
# dynamic, interactive, and runtime security testing is available on premises or as a service. To learn more about Fortify, start a free trial #
|
||||
# or contact our sales team, visit microfocus.com/appsecurity. #
|
||||
# #
|
||||
# Use this workflow template as a basis for integrating Fortify on Demand Static Application Security Testing(SAST) into your GitHub workflows.#
|
||||
# This template demonstrates the steps to prepare the code+dependencies, initiate a scan, download results once complete and import into #
|
||||
# GitHub Security Code Scanning Alerts. Existing customers should review inputs and environment variables below to configure scanning against #
|
||||
# an existing application in your Fortify on Demand tenant. Additional information is available in the comments throughout the workflow, the #
|
||||
# documentation for the Fortify actions used, and the Fortify on Demand / ScanCentral Client product documentation. If you need additional #
|
||||
# assistance with configuration, feel free to create a help ticket in the Fortify on Demand portal. #
|
||||
################################################################################################################################################
|
||||
|
||||
name: Fortify on Demand Scan
|
||||
|
||||
# TODO: Customize trigger events based on your DevSecOps processes and typical FoD SAST scan time
|
||||
on:
|
||||
workflow_dispatch:
|
||||
push:
|
||||
branches: [ $default-branch ]
|
||||
schedule:
|
||||
- cron: $cron-weekly
|
||||
|
||||
jobs:
|
||||
FoD-SAST-Scan:
|
||||
# Use the appropriate runner for building your source code.
|
||||
# TODO: Use a Windows runner for .NET projects that use msbuild. Additional changes to RUN commands will be required to switch to Windows syntax.
|
||||
runs-on: ubuntu-latest
|
||||
permissions:
|
||||
actions: read
|
||||
contents: read
|
||||
security-events: write
|
||||
|
||||
steps:
|
||||
# Check out source code
|
||||
- name: Check Out Source Code
|
||||
uses: actions/checkout@v2
|
||||
|
||||
# Java is required to run the various Fortify utilities.
|
||||
# When scanning a Java application, please use the appropriate Java version for building your application.
|
||||
- name: Setup Java
|
||||
uses: actions/setup-java@v1
|
||||
with:
|
||||
java-version: 1.8
|
||||
|
||||
# Prepare source+dependencies for upload. The default example is for a Maven project that uses pom.xml.
|
||||
# TODO: Update PACKAGE_OPTS based on the ScanCentral Client documentation for your project's included tech stack(s). Helpful hints:
|
||||
# ScanCentral Client will download dependencies for maven (-bt mvn) and gradle (-bt gradle).
|
||||
# ScanCentral Client can download dependencies for msbuild projects (-bt msbuild); however, you must convert the workflow to use a Windows runner.
|
||||
# ScanCentral has additional options that should be set for PHP and Python projects
|
||||
# For other build tools, add your build commands to download necessary dependencies and prepare according to Fortify on Demand Packaging documentation.
|
||||
# ScanCentral Client documentation is located at https://www.microfocus.com/documentation/fortify-software-security-center/
|
||||
- name: Download Fortify ScanCentral Client
|
||||
uses: fortify/gha-setup-scancentral-client@5b7382f8234fb9840958c49d5f32ae854115f9f3
|
||||
- name: Package Code + Dependencies
|
||||
run: scancentral package $PACKAGE_OPTS -o package.zip
|
||||
env:
|
||||
PACKAGE_OPTS: "-bt mvn"
|
||||
|
||||
# Start Fortify on Demand SAST scan and wait until results complete. For more information on FoDUploader commands, see https://github.com/fod-dev/fod-uploader-java
|
||||
# TODO: Update ENV variables for your application and create the necessary GitHub Secrets. Helpful hints:
|
||||
# Credentials and release ID should be obtained from your FoD tenant (either Personal Access Token or API Key can be used).
|
||||
# Automated Audit preference should be configured for the release's Static Scan Settings in the Fortify on Demand portal.
|
||||
- name: Download Fortify on Demand Universal CI Tool
|
||||
uses: fortify/gha-setup-fod-uploader@6e6bb8a33cb476e240929fa8ebc739ff110e7433
|
||||
- name: Perform SAST Scan
|
||||
run: java -jar $FOD_UPLOAD_JAR -z package.zip -aurl $FOD_API_URL -purl $FOD_URL -rid "$FOD_RELEASE_ID" -tc "$FOD_TENANT" -uc "$FOD_USER" "$FOD_PAT" $FOD_UPLOADER_OPTS -n "$FOD_UPLOADER_NOTES"
|
||||
env:
|
||||
FOD_URL: "https://ams.fortify.com/"
|
||||
FOD_API_URL: "https://api.ams.fortify.com/"
|
||||
FOD_TENANT: ${{ secrets.FOD_TENANT }}
|
||||
FOD_USER: ${{ secrets.FOD_USER }}
|
||||
FOD_PAT: ${{ secrets.FOD_PAT }}
|
||||
FOD_RELEASE_ID: ${{ secrets.FOD_RELEASE_ID }}
|
||||
FOD_UPLOADER_OPTS: "-ep 2 -pp 0 -I 1 -apf"
|
||||
FOD_UPLOADER_NOTES: 'Triggered by GitHub Actions (${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }})'
|
||||
|
||||
# Once scan completes, pull SAST issues from Fortify on Demand and generate SARIF output.
|
||||
- name: Export results to GitHub-optimized SARIF
|
||||
uses: fortify/gha-export-vulnerabilities@fcb374411cff9809028c911dabb8b57dbdae623b
|
||||
with:
|
||||
fod_base_url: "https://ams.fortify.com/"
|
||||
fod_tenant: ${{ secrets.FOD_TENANT }}
|
||||
fod_user: ${{ secrets.FOD_USER }}
|
||||
fod_password: ${{ secrets.FOD_PAT }}
|
||||
fod_release_id: ${{ secrets.FOD_RELEASE_ID }}
|
||||
|
||||
# Import Fortify on Demand results to GitHub Security Code Scanning
|
||||
- name: Import Results
|
||||
uses: github/codeql-action/upload-sarif@v1
|
||||
with:
|
||||
sarif_file: ./gh-fortify-sast.sarif
|
||||
@@ -10,7 +10,7 @@
|
||||
# To use this workflow, you will need to:
|
||||
#
|
||||
# 1. Create a Mayhem for API account at
|
||||
# https://mayhem4api.forallsecure.com/signup (30-day free trial)
|
||||
# https://mayhem4api.forallsecure.com/signup
|
||||
#
|
||||
# 2. Create a service account token `mapi organization service-account create
|
||||
# <org-name> <service-account-name>`
|
||||
|
||||
@@ -0,0 +1,36 @@
|
||||
# This workflow uses actions that are not certified by GitHub.
|
||||
# They are provided by a third-party and are governed by
|
||||
# separate terms of service, privacy policy, and support
|
||||
# documentation.
|
||||
|
||||
name: MobSF
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ $default-branch, $protected-branches ]
|
||||
pull_request:
|
||||
branches: [ $default-branch ]
|
||||
schedule:
|
||||
- cron: $cron-weekly
|
||||
|
||||
jobs:
|
||||
mobile-security:
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
|
||||
- name: Setup python
|
||||
uses: actions/setup-python@v2
|
||||
with:
|
||||
python-version: 3.8
|
||||
|
||||
- name: Run mobsfscan
|
||||
uses: MobSF/mobsfscan@a60d10a83af68e23e0b30611c6515da604f06f65
|
||||
with:
|
||||
args: . --sarif --output results.sarif || true
|
||||
|
||||
- name: Upload mobsfscan report
|
||||
uses: github/codeql-action/upload-sarif@v1
|
||||
with:
|
||||
sarif_file: results.sarif
|
||||
@@ -0,0 +1,59 @@
|
||||
# This workflow uses actions that are not certified by GitHub.
|
||||
# They are provided by a third-party and are governed by
|
||||
# separate terms of service, privacy policy, and support
|
||||
# documentation.
|
||||
#
|
||||
# Find more information at:
|
||||
# https://github.com/microsoft/msvc-code-analysis-action
|
||||
|
||||
name: Microsoft C++ Code Analysis
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ $default-branch, $protected-branches ]
|
||||
pull_request:
|
||||
branches: [ $default-branch ]
|
||||
schedule:
|
||||
- cron: $cron-weekly
|
||||
|
||||
env:
|
||||
# Path to the CMake build directory.
|
||||
build: '${{ github.workspace }}/build'
|
||||
|
||||
jobs:
|
||||
analyze:
|
||||
name: Analyze
|
||||
runs-on: windows-latest
|
||||
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v2
|
||||
|
||||
- name: Configure CMake
|
||||
run: cmake -B ${{ env.build }}
|
||||
|
||||
# Build is not required unless generated source files are used
|
||||
# - name: Build CMake
|
||||
# run: cmake --build ${{ env.build }}
|
||||
|
||||
- name: Initialize MSVC Code Analysis
|
||||
uses: microsoft/msvc-code-analysis-action@04825f6d9e00f87422d6bf04e1a38b1f3ed60d99
|
||||
# Provide a unique ID to access the sarif output path
|
||||
id: run-analysis
|
||||
with:
|
||||
cmakeBuildDirectory: ${{ env.build }}
|
||||
# Ruleset file that will determine what checks will be run
|
||||
ruleset: NativeRecommendedRules.ruleset
|
||||
|
||||
# Upload SARIF file to GitHub Code Scanning Alerts
|
||||
- name: Upload SARIF to GitHub
|
||||
uses: github/codeql-action/upload-sarif@v1
|
||||
with:
|
||||
sarif_file: ${{ steps.run-analysis.outputs.sarif }}
|
||||
|
||||
# Upload SARIF file as an Artifact to download and view
|
||||
# - name: Upload SARIF as an Artifact
|
||||
# uses: actions/upload-artifact@v2
|
||||
# with:
|
||||
# name: sarif-file
|
||||
# path: ${{ steps.run-analysis.outputs.sarif }}
|
||||
@@ -0,0 +1,35 @@
|
||||
# This workflow uses actions that are not certified by GitHub.
|
||||
# They are provided by a third-party and are governed by
|
||||
# separate terms of service, privacy policy, and support
|
||||
# documentation.
|
||||
|
||||
# This workflow integrates njsscan with GitHub's Code Scanning feature
|
||||
# nodejsscan is a static security code scanner that finds insecure code patterns in your Node.js applications
|
||||
|
||||
name: njsscan sarif
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ $default-branch, $protected-branches ]
|
||||
pull_request:
|
||||
# The branches below must be a subset of the branches above
|
||||
branches: [ $default-branch ]
|
||||
schedule:
|
||||
- cron: $cron-weekly
|
||||
|
||||
jobs:
|
||||
njsscan:
|
||||
runs-on: ubuntu-latest
|
||||
name: njsscan code scanning
|
||||
steps:
|
||||
- name: Checkout the code
|
||||
uses: actions/checkout@v2
|
||||
- name: nodejsscan scan
|
||||
id: njsscan
|
||||
uses: ajinabraham/njsscan-action@7237412fdd36af517e2745077cedbf9d6900d711
|
||||
with:
|
||||
args: '. --sarif --output results.sarif || true'
|
||||
- name: Upload njsscan report
|
||||
uses: github/codeql-action/upload-sarif@v1
|
||||
with:
|
||||
sarif_file: results.sarif
|
||||
@@ -0,0 +1,52 @@
|
||||
# This workflow uses actions that are not certified by GitHub.
|
||||
# They are provided by a third-party and are governed by
|
||||
# separate terms of service, privacy policy, and support
|
||||
# documentation.
|
||||
#
|
||||
# NowSecure: The Mobile Security Experts <https://www.nowsecure.com/>.
|
||||
#
|
||||
# To use this workflow, you must be an existing NowSecure customer with GitHub Advanced Security (GHAS) enabled for your
|
||||
# repository.
|
||||
#
|
||||
# If you *are not* an existing customer, click here to contact us for licensing and pricing details:
|
||||
# <https://info.nowsecure.com/github-request>.
|
||||
#
|
||||
# Instructions:
|
||||
#
|
||||
# 1. In the settings for your repository, click "Secrets" then "New repository secret". Name the secret "NS_TOKEN" and
|
||||
# paste in your Platform token. If you do not have a Platform token, or wish to create a new one for GitHub, visit
|
||||
# NowSecure Platform and go to "Profile & Preferences" then create a token labelled "GitHub".
|
||||
#
|
||||
# 2. Follow the annotated workflow below and make any necessary modifications then save the workflow to your repository
|
||||
# and review the "Security" tab once the action has run.
|
||||
|
||||
name: "NowSecure"
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ $default-branch, $protected-branches ]
|
||||
pull_request:
|
||||
branches: [ $default-branch ]
|
||||
|
||||
jobs:
|
||||
nowsecure:
|
||||
name: NowSecure
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v2
|
||||
|
||||
- name: Build your application
|
||||
run: ./gradlew assembleDebug # Update this to build your Android or iOS application
|
||||
|
||||
- name: Run NowSecure
|
||||
uses: nowsecure/nowsecure-action@3b439db31b6dce857b09f5222fd13ffc3159ad26
|
||||
with:
|
||||
token: ${{ secrets.NS_TOKEN }}
|
||||
app_file: app-debug.apk # Update this to a path to your .ipa or .apk
|
||||
group_id: {{ groupId }} # Update this to your desired Platform group ID
|
||||
|
||||
- name: Upload SARIF file
|
||||
uses: github/codeql-action/upload-sarif@v1
|
||||
with:
|
||||
sarif_file: NowSecure.sarif
|
||||
@@ -0,0 +1,49 @@
|
||||
# This workflow uses actions that are not certified by GitHub.
|
||||
# They are provided by a third-party and are governed by
|
||||
# separate terms of service, privacy policy, and support
|
||||
# documentation.
|
||||
|
||||
# This workflow integrates a collection of open source static analysis tools
|
||||
# with GitHub code scanning. For documentation, or to provide feedback, visit
|
||||
# https://github.com/github/ossar-action
|
||||
name: OSSAR
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ $default-branch, $protected-branches ]
|
||||
pull_request:
|
||||
# The branches below must be a subset of the branches above
|
||||
branches: [ $default-branch ]
|
||||
schedule:
|
||||
- cron: $cron-weekly
|
||||
|
||||
jobs:
|
||||
OSSAR-Scan:
|
||||
# OSSAR runs on windows-latest.
|
||||
# ubuntu-latest and macos-latest support coming soon
|
||||
runs-on: windows-latest
|
||||
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v2
|
||||
|
||||
# Ensure a compatible version of dotnet is installed.
|
||||
# The [Microsoft Security Code Analysis CLI](https://aka.ms/mscadocs) is built with dotnet v3.1.201.
|
||||
# A version greater than or equal to v3.1.201 of dotnet must be installed on the agent in order to run this action.
|
||||
# GitHub hosted runners already have a compatible version of dotnet installed and this step may be skipped.
|
||||
# For self-hosted runners, ensure dotnet version 3.1.201 or later is installed by including this action:
|
||||
# - name: Install .NET
|
||||
# uses: actions/setup-dotnet@v1
|
||||
# with:
|
||||
# dotnet-version: '3.1.x'
|
||||
|
||||
# Run open source static analysis tools
|
||||
- name: Run OSSAR
|
||||
uses: github/ossar-action@v1
|
||||
id: ossar
|
||||
|
||||
# Upload results to the Security tab
|
||||
- name: Upload OSSAR results
|
||||
uses: github/codeql-action/upload-sarif@v1
|
||||
with:
|
||||
sarif_file: ${{ steps.ossar.outputs.sarifFile }}
|
||||
@@ -0,0 +1,54 @@
|
||||
# This workflow uses actions that are not certified by GitHub.
|
||||
# They are provided by a third-party and are governed by
|
||||
# separate terms of service, privacy policy, and support
|
||||
# documentation.
|
||||
|
||||
# A sample workflow that checks for security issues using
|
||||
# the Prisma Cloud Infrastructure as Code Scan Action on
|
||||
# the IaC files present in the repository.
|
||||
# The results are uploaded to GitHub Security Code Scanning
|
||||
#
|
||||
# For more details on the Action configuration see https://github.com/prisma-cloud-shiftleft/iac-scan-action
|
||||
|
||||
name: Prisma Cloud IaC Scan
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ $default-branch, $protected-branches ]
|
||||
pull_request:
|
||||
# The branches below must be a subset of the branches above
|
||||
branches: [ $default-branch ]
|
||||
schedule:
|
||||
- cron: $cron-weekly
|
||||
|
||||
jobs:
|
||||
prisma_cloud_iac_scan:
|
||||
runs-on: ubuntu-latest
|
||||
name: Run Prisma Cloud IaC Scan to check
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v2
|
||||
- id: iac-scan
|
||||
name: Run Scan on CFT files in the repository
|
||||
uses: prisma-cloud-shiftleft/iac-scan-action@53278c231c438216d99b463308a3cbed351ba0c3
|
||||
with:
|
||||
# You will need Prisma Cloud API Access Token
|
||||
# More details in https://github.com/prisma-cloud-shiftleft/iac-scan-action
|
||||
prisma_api_url: ${{ secrets.PRISMA_CLOUD_API_URL }}
|
||||
access_key: ${{ secrets.PRISMA_CLOUD_ACCESS_KEY }}
|
||||
secret_key: ${{ secrets.PRISMA_CLOUD_SECRET_KEY }}
|
||||
# Scan sources on Prisma Cloud are uniquely identified by their name
|
||||
asset_name: 'my-asset-name'
|
||||
# The service need to know the type of IaC being scanned
|
||||
template_type: 'CFT'
|
||||
- name: Upload SARIF file
|
||||
uses: github/codeql-action/upload-sarif@v1
|
||||
# Results are generated only on a success or failure
|
||||
# this is required since GitHub by default won't run the next step
|
||||
# when the previous one has failed.
|
||||
# And alternative it to add `continue-on-error: true` to the previous step
|
||||
if: success() || failure()
|
||||
with:
|
||||
# The SARIF Log file name is configurable on scan action
|
||||
# therefore the file name is best read from the steps output
|
||||
sarif_file: ${{ steps.iac-scan.outputs.iac_scan_result_sarif_path }}
|
||||
@@ -0,0 +1,7 @@
|
||||
{
|
||||
"name": "Anchore Container Scan",
|
||||
"creator": "Indeni Cloudrail",
|
||||
"description": "Produce container image vulnerability and compliance reports based on the open-source Anchore container image scanner.",
|
||||
"iconName": "anchore",
|
||||
"categories": ["Code Scanning", "dockerfile"]
|
||||
}
|
||||
@@ -0,0 +1,7 @@
|
||||
{
|
||||
"name": "Brakeman",
|
||||
"creator": "Brakeman",
|
||||
"description": "Brakeman is a static analysis security vulnerability scanner for Ruby on Rails applications.",
|
||||
"iconName": "brakeman",
|
||||
"categories": ["Code Scanning", "ruby"]
|
||||
}
|
||||
@@ -0,0 +1,7 @@
|
||||
{
|
||||
"name": "CxSAST",
|
||||
"creator": "Checkmarx",
|
||||
"description": "Scan your code with Checkmarx CxSAST and see your results in the GitHub security tab.",
|
||||
"iconName": "checkmarx",
|
||||
"categories": ["Code Scanning", "javascript", "python", "java", "php", "c#", "c", "c++", "ruby", "swift", "go", "json", "kotlin", "apex", "scala", "perl"]
|
||||
}
|
||||
@@ -0,0 +1,7 @@
|
||||
{
|
||||
"name": "cloudrail",
|
||||
"creator": "Indeni Cloudrail",
|
||||
"description": "Cloudrail can be used to scan your infrastructure-as-code files for potential security and compliance issues. The Cloudrail action is often used as part of both CI workflows (on pull_request) and on CD workflows to identify potential issues.",
|
||||
"iconName": "cloudrail",
|
||||
"categories": ["Code Scanning", "HCL"]
|
||||
}
|
||||
@@ -0,0 +1,7 @@
|
||||
{
|
||||
"name": "Codacy Security Scan",
|
||||
"creator": "Codacy",
|
||||
"description": "Free, out-of-the-box, security analysis provided by multiple open source static analysis tools.",
|
||||
"iconName": "codacy",
|
||||
"categories": ["Code Scanning", "apex", "bash", "c", "coffeescript", "c++", "c#", "crystal", "dockerfile", "elixir", "go", "groovy", "java", "javascript", "jsp", "kotlin", "markdown", "php", "plsql", "powershell", "python", "ruby", "scala", "swift", "tsql", "typescript", "velocity", "vba", "xml"]
|
||||
}
|
||||
@@ -1,7 +1,7 @@
|
||||
{
|
||||
"name": "CodeQL Analysis",
|
||||
"creator": "GitHub",
|
||||
"description": "Security analysis from GitHub for C, C++, C#, Java, JavaScript, TypeScript, Python, and Go developers.",
|
||||
"description": "Security analysis from GitHub for C, C++, C#, Go, Java, JavaScript, TypeScript, Python, and Ruby developers.",
|
||||
"iconName": "octicon mark-github",
|
||||
"categories": ["Code Scanning", "C", "C#", "C++", "Go", "Java", "JavaScript", "TypeScript", "Python"]
|
||||
"categories": ["Code Scanning", "C", "C++", "C#", "Go", "Java", "JavaScript", "TypeScript", "Python", "Ruby"]
|
||||
}
|
||||
|
||||
@@ -0,0 +1,7 @@
|
||||
{
|
||||
"name": "CodeScan",
|
||||
"creator": "CodeScan Enterprises, LLC",
|
||||
"description": "CodeScan allows for better visibility on your code quality checks based on your custom rulesets.",
|
||||
"iconName": "codescan",
|
||||
"categories": ["Code Scanning", "javascript", "apex"]
|
||||
}
|
||||
@@ -0,0 +1,7 @@
|
||||
{
|
||||
"name": "42Crunch API Security Audit",
|
||||
"creator": "42Crunch",
|
||||
"description": "Use the 42Crunch API Security Audit REST API to perform static application security testing (SAST) on OpenAPI/Swagger files.",
|
||||
"iconName": "42crunch",
|
||||
"categories": ["Code Scanning"]
|
||||
}
|
||||
@@ -0,0 +1,7 @@
|
||||
{
|
||||
"name": "Fortify on Demand Scan",
|
||||
"creator": "Micro Focus",
|
||||
"description": "Integrate Fortify's comprehensive static code analysis (SAST) for 27+ languages into your DevSecOps workflows to build secure software faster.",
|
||||
"iconName": "fortify",
|
||||
"categories": ["Code Scanning", "ABAP", "ActionScript", "Apex", "C#", "C", "C++", "COBOL", "ColdFusion", "Dockerfile", "Go", "HTML", "Java", "JavaScript", "JSON", "Java Server Pages", "Kotlin", "MXML", "Objective-C", "Objective-C++", "PHP", "PLSQL", "Python", "Ruby", "Scala", "Swift", "TSQL", "TypeScript", "VBScript", "Visual Basic .NET", "Visual Basic", "XML"]
|
||||
}
|
||||
@@ -0,0 +1,13 @@
|
||||
{
|
||||
"name": "mobsf",
|
||||
"creator": "mobsf",
|
||||
"description": "Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.",
|
||||
"iconName": "mobsf",
|
||||
"categories": [
|
||||
"Code Scanning",
|
||||
"Java",
|
||||
"Swift",
|
||||
"Objective-C",
|
||||
"Kotlin"
|
||||
]
|
||||
}
|
||||
@@ -0,0 +1,7 @@
|
||||
{
|
||||
"name": "Microsoft C++ Code Analysis",
|
||||
"creator": "Microsoft",
|
||||
"description": "Code Analysis with the Microsoft C & C++ Compiler for CMake based projects.",
|
||||
"iconName": "microsoft",
|
||||
"categories": ["Code Scanning", "C", "C++"]
|
||||
}
|
||||
@@ -0,0 +1,7 @@
|
||||
{
|
||||
"name": "njsscan",
|
||||
"creator": "NodeJSScan",
|
||||
"description": "nodejsscan is a static security code scanner that finds insecure code patterns in your Node.js applications.",
|
||||
"iconName": "njsscan",
|
||||
"categories": ["Code Scanning", "JavaScript", "TypeScript"]
|
||||
}
|
||||
@@ -0,0 +1,21 @@
|
||||
{
|
||||
"name": "NowSecure",
|
||||
"creator": "NowSecure",
|
||||
"description": "The NowSecure Action delivers fast, accurate, automated security analysis of iOS and Android apps coded in any language",
|
||||
"iconName": "nowsecure",
|
||||
"categories": [
|
||||
"Code Scanning",
|
||||
"Java",
|
||||
"Kotlin",
|
||||
"Scala",
|
||||
"Swift",
|
||||
"Objective C",
|
||||
"C",
|
||||
"C++",
|
||||
"C#",
|
||||
"Rust",
|
||||
"JavaScript",
|
||||
"TypeScript",
|
||||
"Node"
|
||||
]
|
||||
}
|
||||
@@ -0,0 +1,7 @@
|
||||
{
|
||||
"name": "OSSAR",
|
||||
"creator": "GitHub",
|
||||
"description": "Run multiple open source security static analysis tools without the added complexity with OSSAR (Open Source Static Analysis Runner).",
|
||||
"iconName": "octicon mark-github",
|
||||
"categories": ["Code Scanning", "python", "javascript"]
|
||||
}
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user