From 575d649573d91cdcd539db11bcb66b4826914625 Mon Sep 17 00:00:00 2001 From: Aravind Kumar Date: Fri, 17 May 2024 20:38:33 +0530 Subject: [PATCH 1/4] sca-scan.yml --- .github/workflows/sca-scan.yml | 14 +++----------- 1 file changed, 3 insertions(+), 11 deletions(-) diff --git a/.github/workflows/sca-scan.yml b/.github/workflows/sca-scan.yml index e7acba9..4fa4560 100644 --- a/.github/workflows/sca-scan.yml +++ b/.github/workflows/sca-scan.yml @@ -3,21 +3,13 @@ on: pull_request: types: [opened, synchronize, reopened] jobs: - security: + security-sca: runs-on: ubuntu-latest steps: - - name: Checkout repository - uses: actions/checkout@master - - name: Setup .NET Core @ Latest - uses: actions/setup-dotnet@v1 - with: - dotnet-version: "7.0.x" - - name: Run Dotnet Restore - run: | - dotnet restore + - uses: actions/checkout@master - name: Run Snyk to check for vulnerabilities uses: snyk/actions/dotnet@master env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} with: - args: --file=Contentstack.Core/obj/project.assets.json --fail-on=all + args: --fail-on=all From 4fd99eee609925a90dd1621069e86c12a89d11b7 Mon Sep 17 00:00:00 2001 From: Aravind Kumar Date: Fri, 17 May 2024 20:38:45 +0530 Subject: [PATCH 2/4] jira.yml --- .github/workflows/jira.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/.github/workflows/jira.yml b/.github/workflows/jira.yml index 5ddf87a..caa4bbd 100644 --- a/.github/workflows/jira.yml +++ b/.github/workflows/jira.yml @@ -3,7 +3,7 @@ on: pull_request: types: [opened] jobs: - security: + security-jira: if: ${{ github.actor == 'dependabot[bot]' || github.actor == 'snyk-bot' || contains(github.event.pull_request.head.ref, 'snyk-fix-') || contains(github.event.pull_request.head.ref, 'snyk-upgrade-')}} runs-on: ubuntu-latest steps: @@ -26,3 +26,8 @@ jobs: PR: ${{ github.event.pull_request.html_url }} fields: "${{ secrets.JIRA_FIELDS }}" + - name: Transition issue + uses: atlassian/gajira-transition@v3 + with: + issue: ${{ steps.create.outputs.issue }} + transition: ${{ secrets.JIRA_TRANSITION }} From 46d304bb2ef9f80965ec4b3634769e42d235c2b3 Mon Sep 17 00:00:00 2001 From: Aravind Kumar Date: Fri, 17 May 2024 20:38:45 +0530 Subject: [PATCH 3/4] sast-scan.yml --- .github/workflows/sast-scan.yml | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 .github/workflows/sast-scan.yml diff --git a/.github/workflows/sast-scan.yml b/.github/workflows/sast-scan.yml new file mode 100644 index 0000000..3b9521a --- /dev/null +++ b/.github/workflows/sast-scan.yml @@ -0,0 +1,11 @@ +name: SAST Scan +on: + pull_request: + types: [opened, synchronize, reopened] +jobs: + security-sast: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - name: Semgrep Scan + run: docker run -v /var/run/docker.sock:/var/run/docker.sock -v "${PWD}:/src" returntocorp/semgrep semgrep scan --config auto \ No newline at end of file From 41bc79a7cd89b96ca181a19649fa0a4202fbd65a Mon Sep 17 00:00:00 2001 From: Aravind Kumar Date: Fri, 17 May 2024 20:38:47 +0530 Subject: [PATCH 4/4] codeql-analysis.yml