-
Notifications
You must be signed in to change notification settings - Fork 6
57 lines (57 loc) · 2.15 KB
/
contrast_security_app.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
# DISCLAIMER: This workflow file has been auto-generated and committed to the repo by the GitHub App from Contrast Security.
# Manual edits to this file could cause the integration to produce unexpected behavior or break.
# Version: 1.0.0
# Last updated: 2024-02-13T11:50:38.197931260Z
name: Contrast Security App Workflow
on:
workflow_dispatch:
push:
branches:
- master
pull_request:
types: [opened, synchronize, reopened]
branches:
- master
jobs:
fingerprint_repo:
if: ${{ github.actor != 'dependabot[bot]' }}
runs-on: ubuntu-22.04
steps:
- name: Clone repository
uses: actions/checkout@v3
- name: Run Contrast SCA Fingerprint
id: fingerprint
uses: 'Contrast-Security-OSS/contrast-sca-action@v2'
with:
apiKey: ${{ secrets.CONTRAST_GITHUB_APP_API_KEY }}
authHeader: ${{ secrets.CONTRAST_GITHUB_APP_AUTH_HEADER }}
orgId: ${{ vars.CONTRAST_GITHUB_APP_ORG_ID }}
apiUrl: ${{ vars.CONTRAST_GITHUB_APP_TS_URL }}
repoUrl: ${{ github.server_url }}/${{ github.repository }}
repoName: ${{ github.repository }}
externalId: ${{ vars.CONTRAST_GITHUB_APP_ID }}
command: fingerprint
outputs:
fingerprint: ${{ steps.fingerprint.outputs.fingerprint }}
analyze_dependencies:
if: ${{ needs.fingerprint_repo.outputs.fingerprint != '' }}
needs: fingerprint_repo
runs-on: ubuntu-22.04
strategy:
fail-fast: false
matrix:
manifest:
- ${{ fromJson(needs.fingerprint_repo.outputs.fingerprint) }}
steps:
- name: Clone repository
uses: actions/checkout@v3
- name: Run Contrast SCA Audit
uses: 'Contrast-Security-OSS/contrast-sca-action@v2'
with:
apiKey: ${{ secrets.CONTRAST_GITHUB_APP_API_KEY }}
authHeader: ${{ secrets.CONTRAST_GITHUB_APP_AUTH_HEADER }}
orgId: ${{ vars.CONTRAST_GITHUB_APP_ORG_ID }}
apiUrl: ${{ vars.CONTRAST_GITHUB_APP_TS_URL }}
filePath: ${{ matrix.manifest.filePath }}
repositoryId: ${{ matrix.manifest.repositoryId }}
projectGroupId: ${{ matrix.manifest.projectGroupId }}