From d3115437ae6156a8f79307b719385563a837f4d1 Mon Sep 17 00:00:00 2001 From: bhuvi11 Date: Thu, 26 May 2022 20:35:20 +0530 Subject: [PATCH 1/2] Update README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index f9d5e23..585377b 100644 --- a/README.md +++ b/README.md @@ -3,3 +3,4 @@ Read the instructions... Tried to replicate the existing scorecard issue Whatever +Test From 18eabdc96a3d32c8cff0424fe8e0a2ba4d2f9be4 Mon Sep 17 00:00:00 2001 From: mnemonic Date: Thu, 13 Oct 2022 14:59:21 +0530 Subject: [PATCH 2/2] ShiftLeft Scan --- .github/workflows/ShiftLeft.yaml | 36 +++++++++++++++++++------------- 1 file changed, 21 insertions(+), 15 deletions(-) diff --git a/.github/workflows/ShiftLeft.yaml b/.github/workflows/ShiftLeft.yaml index fdacf5d..28ee0d9 100644 --- a/.github/workflows/ShiftLeft.yaml +++ b/.github/workflows/ShiftLeft.yaml @@ -1,24 +1,29 @@ --- name: Shiftleft Scan -"on": -- workflow_dispatch -- pull_request +on: + pull_request: + branches: + - demo + workflow_dispatch: + inputs: + logLevel: + description: Log level jobs: scanning: env: - APP_ID: eb7871c25c08bbcf6376f1d5cee840da32e65d09de591ea9c435563e41c42f0a - REQ_URL_MAP: "${{toJSON('{\"SL_RESULTPARSER_API_HOST\":\"https://slresultparserapi.dev.securin.io/resultparserapi/v1\"\ - ,\"SL_RESULT_API_HOST\":\"https://slresultapi.dev.securin.io/resultapi/v1\"\ - ,\"SL_API_HOST\":\"https://slapi.dev.securin.io/shiftleftapi\"}')}}" + APP_ID: 4849d84793b2d0ccf7bf24f16810328564a1b1b9181b94de9f38942f1de3ddc8 + BRANCH_NAME: demo + SCAN_ID: 5484cae3885d88f74f4167568b16a8130a47d666ded4a3c1475e6baee1ebbb95 + REQ_URL_MAP: "${{toJSON('{\"SL_RESULT_API_HOST\":\"https://slresultapi.qa.securin.io/resultapi\"\ + ,\"SL_RESULTPARSER_API_HOST\":\"https://slresultparserapi.qa.securin.io/resultparserapi\"\ + }')}}" steps: - - name: Retrieve Scan Info + - name: Retrieve Token Info id: auth_token - run: "respJson=$(curl --location --request GET 'https://slapi.dev.securin.io/shiftleftapi/scan-info?app_id=${{\ - \ env.APP_ID }}' --header 'Authorization: Bearer ${{secrets.CLI_ACCESS_TOKEN}}'\ - \ --data-raw ' ' )\necho \"::set-output name=authTokenJson::$respJson\"" + run: "respJson=$(curl --location --request GET 'https://slresultapi.qa.securin.io/resultapi/aws/ecr/token'\ + \ --header 'Authorization: Bearer ${{secrets.CLI_ACCESS_TOKEN}}' --data-raw\ + \ ' ' )\necho \"::set-output name=authTokenJson::$respJson\"" - uses: actions/checkout@v2 - - name: Build with Maven - run: mvn -q --batch-mode --update-snapshots verify - name: Scan Initiated id: sec_scan_init run: "usrVal=$(echo '${{fromJson(steps.auth_token.outputs.authTokenJson).user}}'\ @@ -33,8 +38,9 @@ jobs: \ \ndocker pull -q $usrImgTag \ndocker run -v ${{github.workspace}}:/src \ \ --volume ${{github.workspace}}:/workdir -v /var/run/docker.sock:/var/run/docker.sock\ \ $usrImgTag -access_tkn ${{secrets.CLI_ACCESS_TOKEN}} -app_id ${{ env.APP_ID\ - \ }} -req_url_map ${{ env.REQ_URL_MAP }} event:${{ github.event_name }} pr_number:${{\ - \ github.event.number }}" + \ }} -scan_id ${{ env.SCAN_ID }} -branch_name ${{ env.BRANCH_NAME }} -req_url_map\ + \ ${{ env.REQ_URL_MAP }} -tool_name github event:${{ github.event_name }}\ + \ pr_number:${{ github.event.number }}" - name: Upload SARIF file uses: github/codeql-action/upload-sarif@v1 with: