Skip to content

Update debricked.yml #13

Update debricked.yml

Update debricked.yml #13

Workflow file for this run

name: Debricked SCA
on: [push]
jobs:
debricked:
runs-on: ubuntu-latest
container:
image: debricked/cli:latest-resolution-debian
# Choosing the right container image for your scan can be important.
# All Debricked images are here: https://hub.docker.com/r/debricked/cli
# Resolution images (contains "resolution" in tag) are bigger, but comes with a lot of pre-installed package managers:
# Here are the dockerfiles: https://github.com/debricked/cli/tree/main/build/docker
# This is the easiest way to integrate, but it may be better
# to run debricked scans in you build images.
# You can choose between debian and alpine images, where we do alpine by default.
# We recommend to use debian images for scanning Python projects, as the scanner will not
# need to compile some common c-based dependencies like pandas.
steps:
- name: Checkout repository
uses: actions/checkout@v3
# Here we run the Debricked CLI, where you have multiple options to configure your scan.
# The CLI repo can be found here: https://github.com/debricked/cli
# Docs to CLI: https://portal.debricked.com/debricked-cli-63/debricked-cli-documentation-298
# I recommend you to download the CLI and explore the commands (./debricked -h)
# You can for instanice configure the CLI to:
# - Not resolve manifest-files
# - Generate callgraphs
# - Filter out different paths to be scanned or not scanned with glob patterns
# - Run resolution, callgraph generation, etc, in separate steps in more complex builds.
# The base "debricked scan" does all this with sane default values.
- name: Run Scan
if: success() || failure()
run: |
debricked scan
env:
DEBRICKED_TOKEN: ${{ secrets.DEBRICKED_TOKEN }}
- name: Run Scan staging
if: success() || failure()
run: |
debricked scan
env:
DEBRICKED_TOKEN: ${{ secrets.DEBRICKED_TOKEN_STAGING }}
DEBRICKED_URI: 'https://staging.debricked.com'
- name: Run Scan review app
if: success() || failure()
run: |
debricked scan
env:
DEBRICKED_TOKEN: ${{ secrets.DEBRICKED_TOKEN_REVIEW }}
DEBRICKED_URI: 'https://review-5832-overv-zu221v.review.debricked.dev'