Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 7 additions & 1 deletion .github/workflows/checkmarx-one-scan.yml
Original file line number Diff line number Diff line change
Expand Up @@ -8,13 +8,19 @@ on:
schedule:
- cron: '00 7 * * *' # Every day at 07:00

concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true

jobs:
cx-scan:
name: Checkmarx One Scan
runs-on: cx-public-ubuntu-x64
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v6
with:
persist-credentials: false
- name: Checkmarx One CLI Action
uses: checkmarx/ast-github-action@ef93013c95adc60160bc22060875e90800d3ecfc #v.2.3.19
with:
Expand Down
686 changes: 531 additions & 155 deletions .github/workflows/ci-tests.yml

Large diffs are not rendered by default.

38 changes: 38 additions & 0 deletions .github/workflows/docker-image-scan.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
name: Docker Image Scan

on:
pull_request:

permissions:
contents: read

jobs:
checkDockerImage:
runs-on: cx-public-ubuntu-x64
name: Scan Docker Image with Trivy
steps:
- name: Checkout code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v6
with:
persist-credentials: false
- name: Build the project
run: go build -o ./cx ./cmd
- name: Build Docker image
run: docker build -t ast-cli:${{ github.sha }} .
- name: Run Trivy scanner without downloading DBs
uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 #v0.35.0
with:
scan-type: 'image'
image-ref: ast-cli:${{ github.sha }}
format: 'table'
exit-code: '1'
ignore-unfixed: true
vuln-type: 'os,library'
output: './trivy-image-results.txt'
env:
TRIVY_SKIP_JAVA_DB_UPDATE: true

- name: Inspect action report
if: always()
shell: bash
run: cat ./trivy-image-results.txt
26 changes: 26 additions & 0 deletions .github/workflows/govulncheck.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
name: Govulncheck

on:
pull_request:

permissions:
contents: read

jobs:
govulncheck:
runs-on: cx-public-ubuntu-x64
name: Vulnerability Scan (govulncheck)
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v6
with:
persist-credentials: false
- name: Set up Go version
uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 #v4
with:
go-version-file: go.mod
- name: Install govulncheck
run: go install golang.org/x/vuln/cmd/govulncheck@0782b76014f15f24e22a438f30f308df42899ba1 #1.3.0
- name: Run govulncheck
run: govulncheck ./...
continue-on-error: true
10 changes: 8 additions & 2 deletions .github/workflows/issue_automation.yml
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,11 @@ jobs:
body: ${{ github.event.issue.body }}
html_url: ${{ github.event.issue.html_url }}
repo: ${{ github.event.repository.full_name }}
secrets: inherit
secrets:
AST_JIRA_API_TOKEN: ${{ secrets.AST_JIRA_API_TOKEN }}
AST_JIRA_USER_EMAIL: ${{ secrets.AST_JIRA_USER_EMAIL }}
JIRA_FIELDS_BUG: ${{ secrets.JIRA_FIELDS_BUG }}
JIRA_FIELDS_OTHER: ${{ secrets.JIRA_FIELDS_OTHER }}

close_jira:
if: github.event.action == 'closed'
Expand All @@ -23,4 +27,6 @@ jobs:
with:
issue_number: ${{ github.event.issue.number }}
repo: ${{ github.event.repository.full_name }}
secrets: inherit
secrets:
AST_JIRA_API_TOKEN: ${{ secrets.AST_JIRA_API_TOKEN }}
AST_JIRA_USER_EMAIL: ${{ secrets.AST_JIRA_USER_EMAIL }}
34 changes: 34 additions & 0 deletions .github/workflows/lint.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
name: Lint

on:
pull_request:

permissions:
contents: read

jobs:
lint:
permissions:
contents: read # for actions/checkout to fetch code
pull-requests: read # for golangci/golangci-lint-action to fetch pull requests
name: Lint (golangci-lint)
runs-on: cx-public-ubuntu-x64
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v6
with:
persist-credentials: false
- name: Set up Go version
uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 #v4
with:
go-version-file: go.mod
- run: go version
- run: go mod tidy
- name: golangci-lint
uses: step-security/golangci-lint-action@1797facf9ea427614d729a4e9cab0fae1a7852d9 # v9.2.0
with:
skip-pkg-cache: true
version: v2.11.3
args: -c .golangci.yml
--timeout 10m
only-new-issues: true
Loading
Loading