From f5525f73aee4db739175189fbf1ab20b28586d1f Mon Sep 17 00:00:00 2001 From: Baruch Odem Date: Tue, 12 Sep 2023 17:22:56 +0300 Subject: [PATCH] ci: scan our 2ms with our 2ms - Compile the current code and scan in PR-validation - Scan with the latest release on push, PR and schedule With security tools I'm using the latest release and schedule to run a scan with new rules added to the security tool. --- .github/workflows/pr-validation.yml | 2 +- .github/workflows/release.yml | 5 +---- .github/workflows/{gosec.yml => security.yml} | 12 +++++++++++- 3 files changed, 13 insertions(+), 6 deletions(-) rename .github/workflows/{gosec.yml => security.yml} (65%) diff --git a/.github/workflows/pr-validation.yml b/.github/workflows/pr-validation.yml index f90573e8..dff50a0f 100644 --- a/.github/workflows/pr-validation.yml +++ b/.github/workflows/pr-validation.yml @@ -33,7 +33,7 @@ jobs: run: docker run --rm -v $(pwd):/app -w /app golangci/golangci-lint:v1.52.0 golangci-lint run -v -E gofmt --timeout=5m --out-format github-actions - name: Run 2ms Scan - run: docker run -v $(pwd):/repo checkmarx/2ms:2.8.1 git /repo --config /repo/.2ms.yml + run: go run . git . --config /repo/.2ms.yml - name: Go Test run: go test -v ./... diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index ca3dad4c..1ef0eecc 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -3,7 +3,7 @@ name: Release on: workflow_dispatch: push: - branches: [ master ] + branches: [master] jobs: test: @@ -26,9 +26,6 @@ jobs: - name: Go Linter run: docker run --rm -v $(pwd):/app -w /app golangci/golangci-lint:v1.52.0 golangci-lint run -v -E gofmt --timeout=5m - - name: Run 2ms Scan - run: docker run -v $(pwd):/repo checkmarx/2ms:2.8.1 git /repo --config /repo/.2ms.yml - - name: Unit Tests run: go test ./... diff --git a/.github/workflows/gosec.yml b/.github/workflows/security.yml similarity index 65% rename from .github/workflows/gosec.yml rename to .github/workflows/security.yml index f9a27863..ebd0d6fb 100644 --- a/.github/workflows/gosec.yml +++ b/.github/workflows/security.yml @@ -1,4 +1,4 @@ -name: gosec +name: Security Scans on: push: @@ -27,3 +27,13 @@ jobs: uses: github/codeql-action/upload-sarif@v2 with: sarif_file: results.sarif + + secret-scanning: + runs-on: ubuntu-latest + steps: + - name: Checkout Source + uses: actions/checkout@v3 + with: + fetch-depth: 0 + - name: Run 2ms Scan + run: docker run -v $(pwd):/repo checkmarx/2ms:latest git /repo --config /repo/.2ms.yml