Validate reports against schema every night

angrymeir · angrymeir · commit f37f02ff18b3 · 2023-01-26T21:03:40.000+01:00
diff --git a/.github/workflows/report-validate.yml b/.github/workflows/report-validate.yml
@@ -0,0 +1,48 @@
+name: Works with latest GitLab version
+
+on:
+  schedule:
+    - cron: "0 3 * * *"
+
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+
+jobs:
+  validate:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Install jsonschema validator
+        run: pip3 install jsonschema
+        
+      - name: Get schemas
+        run: |
+          curl https://gitlab.com/gitlab-org/security-products/security-report-schemas/-/raw/master/dist/sast-report-format.json >> sast_schema.json
+          curl https://gitlab.com/gitlab-org/security-products/security-report-schemas/-/raw/master/dist/secret-detection-report-format.json >> secrets_schema.json
+          curl https://gitlab.com/gitlab-org/security-products/security-report-schemas/-/raw/master/dist/container-scanning-report-format.json >> container_scanning_schema.json
+
+      - name: Test all SAST reports
+        run: |
+          SAST_FILES=$(find "tests/resources/test_sast" -type f -name "*.json")
+          echo $SAST_FILES
+          for sast_file in ${SAST_FILES[@]}; do
+            jsonschema -i $sast_file sast_schema.json
+          done
+      
+      - name: Test all Secrets reports
+        run: |
+          SECRETS_FILES=$(find "tests/resources/test_secrets" -type f -name "*.json")
+          echo $SECRETS_FILES
+          for secrets_file in ${SECRETS_FILES[@]}; do
+            jsonschema -i $secrets_file secrets_schema.json
+          done
+
+      - name: Test all Container Scanning reports
+        run: |
+          CONTAINER_FILES=$(find "tests/resources/test_container_scanning" -type f -name "*.json")
+          echo $CONTAINER_FILES
+          for container_file in ${CONTAINER_FILES[@]}; do
+            jsonschema -i $container_file container_scanning_schema.json
+          done
diff --git a/README.md b/README.md
@@ -1,6 +1,7 @@
 # SecScanner2JUnit
 [![PyPI version](https://badge.fury.io/py/secscanner2junit.svg)](https://badge.fury.io/py/secscanner2junit)
 [![Downloads](https://pepy.tech/badge/secscanner2junit)](https://pepy.tech/project/secscanner2junit)
+[![Supports latest GitLab version](https://github.com/angrymeir/SecScanner2JUnit/actions/workflows/report-validate.yml/badge.svg)](https://github.com/angrymeir/SecScanner2JUnit/actions/workflows/report-validate.yml)
 
 [![Open in Gitpod](https://gitpod.io/button/open-in-gitpod.svg)](https://gitpod.io/#https://github.com/angrymeir/SecScanner2JUnit)
 
