-
Notifications
You must be signed in to change notification settings - Fork 508
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* SAST: add Snyk probe Adds Snyk's GitHub action (https://github.com/snyk/actions) as a probe. Signed-off-by: David Korczynski <[email protected]> * nit Signed-off-by: David Korczynski <[email protected]> * e2e: adjust sast test to additional probe Signed-off-by: David Korczynski <[email protected]> * checks: sast: nit, fix e2e test Signed-off-by: DavidKorczynski <[email protected]> * Add test with positive outcome Signed-off-by: David Korczynski <[email protected]> * fix comment Signed-off-by: David Korczynski <[email protected]> * sast: snyk: add workflow test Signed-off-by: David Korczynski <[email protected]> * address review Signed-off-by: David Korczynski <[email protected]> * sast: adjust snyk to be the same with sonar Signed-off-by: David Korczynski <[email protected]> * provide path to WF file Signed-off-by: David Korczynski <[email protected]> * adjust path for finding Signed-off-by: David Korczynski <[email protected]> * use prefix rather than contains Signed-off-by: David Korczynski <[email protected]> --------- Signed-off-by: David Korczynski <[email protected]> Signed-off-by: DavidKorczynski <[email protected]>
- Loading branch information
1 parent
21bbe80
commit 2ef20f1
Showing
10 changed files
with
383 additions
and
5 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
19 changes: 19 additions & 0 deletions
19
checks/raw/testdata/.github/workflows/github-workflow-snyk.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
name: Snyk Scan | ||
|
||
on: pull_request | ||
permissions: | ||
contents: read | ||
|
||
jobs: | ||
scan-snyk: | ||
runs-on: ubuntu-latest | ||
permissions: | ||
security-events: write | ||
steps: | ||
- uses: actions/checkout@master | ||
- uses: snyk/actions/setup@master | ||
- name: Run Snyk Scanning | ||
run: | | ||
snyk test | ||
env: | ||
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
# Copyright 2023 OpenSSF Scorecard Authors | ||
# | ||
# Licensed under the Apache License, Version 2.0 (the "License"); | ||
# you may not use this file except in compliance with the License. | ||
# You may obtain a copy of the License at | ||
# | ||
# http://www.apache.org/licenses/LICENSE-2.0 | ||
# | ||
# Unless required by applicable law or agreed to in writing, software | ||
# distributed under the License is distributed on an "AS IS" BASIS, | ||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
# See the License for the specific language governing permissions and | ||
# limitations under the License. | ||
|
||
id: sastToolSnykInstalled | ||
short: Check that the project uses the Snyk github action | ||
motivation: > | ||
SAST is testing run on source code before the application is run. Using SAST tools can prevent known classes of bugs from being inadvertently introduced in the codebase. | ||
implementation: > | ||
The implementation checks whether the project invokes the snyk/actions action. | ||
outcome: | ||
- If the project uses the snyk/actions/* action, the probe returns one finding with OutcomePositive (1). | ||
- If the project does not use the snyk/actions/* action, the probe returns one finding with OutcomeNegative (0). | ||
remediation: | ||
effort: Medium | ||
text: | ||
- Follow the steps in https://github.com/snyk/actions | ||
markdown: | ||
- Follow the steps in https://github.com/snyk/actions |
Oops, something went wrong.