Update debricked.yml #10
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Debricked SCA | |
| on: [push] | |
| jobs: | |
| debricked: | |
| runs-on: ubuntu-latest | |
| container: | |
| image: debricked/cli:latest-resolution-debian | |
| # Choosing the right container image for your scan can be important. | |
| # All Debricked images are here: https://hub.docker.com/r/debricked/cli | |
| # Resolution images (contains "resolution" in tag) are bigger, but comes with a lot of pre-installed package managers: | |
| # Here are the dockerfiles: https://github.com/debricked/cli/tree/main/build/docker | |
| # This is the easiest way to integrate, but it may be better | |
| # to run debricked scans in you build images. | |
| # You can choose between debian and alpine images, where we do alpine by default. | |
| # We recommend to use debian images for scanning Python projects, as the scanner will not | |
| # need to compile some common c-based dependencies like pandas. | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v3 | |
| # Here we run the Debricked CLI, where you have multiple options to configure your scan. | |
| # The CLI repo can be found here: https://github.com/debricked/cli | |
| # Docs to CLI: https://portal.debricked.com/debricked-cli-63/debricked-cli-documentation-298 | |
| # I recommend you to download the CLI and explore the commands (./debricked -h) | |
| # You can for instanice configure the CLI to: | |
| # - Not resolve manifest-files | |
| # - Generate callgraphs | |
| # - Filter out different paths to be scanned or not scanned with glob patterns | |
| # - Run resolution, callgraph generation, etc, in separate steps in more complex builds. | |
| # The base "debricked scan" does all this with sane default values. | |
| - name: Run Scan | |
| if: success() || failure() | |
| run: | | |
| debricked scan | |
| env: | |
| DEBRICKED_TOKEN: ${{ secrets.DEBRICKED_TOKEN }} | |
| - name: Run Scan staging | |
| if: success() || failure() | |
| run: | | |
| debricked scan | |
| env: | |
| DEBRICKED_TOKEN: ${{ secrets.DEBRICKED_TOKEN_STAGING }} | |
| DEBRICKED_URI: 'https://staging.debricked.com' |