Skip to content

Commit

Permalink
ci: scan our 2ms with our 2ms
Browse files Browse the repository at this point in the history
- Compile the current code and scan in PR-validation
- Scan with the latest release on push, PR and schedule

With security tools I'm using the latest release and schedule to run a scan with new rules added to the security tool.
  • Loading branch information
Baruch Odem committed Sep 12, 2023
1 parent 232a3fd commit f5525f7
Show file tree
Hide file tree
Showing 3 changed files with 13 additions and 6 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/pr-validation.yml
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ jobs:
run: docker run --rm -v $(pwd):/app -w /app golangci/golangci-lint:v1.52.0 golangci-lint run -v -E gofmt --timeout=5m --out-format github-actions

- name: Run 2ms Scan
run: docker run -v $(pwd):/repo checkmarx/2ms:2.8.1 git /repo --config /repo/.2ms.yml
run: go run . git . --config /repo/.2ms.yml

- name: Go Test
run: go test -v ./...
Expand Down
5 changes: 1 addition & 4 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ name: Release
on:
workflow_dispatch:
push:
branches: [ master ]
branches: [master]

jobs:
test:
Expand All @@ -26,9 +26,6 @@ jobs:
- name: Go Linter
run: docker run --rm -v $(pwd):/app -w /app golangci/golangci-lint:v1.52.0 golangci-lint run -v -E gofmt --timeout=5m

- name: Run 2ms Scan
run: docker run -v $(pwd):/repo checkmarx/2ms:2.8.1 git /repo --config /repo/.2ms.yml

- name: Unit Tests
run: go test ./...

Expand Down
12 changes: 11 additions & 1 deletion .github/workflows/gosec.yml → .github/workflows/security.yml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
name: gosec
name: Security Scans

on:
push:
Expand Down Expand Up @@ -27,3 +27,13 @@ jobs:
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: results.sarif

secret-scanning:
runs-on: ubuntu-latest
steps:
- name: Checkout Source
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Run 2ms Scan
run: docker run -v $(pwd):/repo checkmarx/2ms:latest git /repo --config /repo/.2ms.yml

0 comments on commit f5525f7

Please sign in to comment.