-
Notifications
You must be signed in to change notification settings - Fork 0
37 lines (30 loc) · 1.03 KB
/
vex.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
permissions:
id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkout
name: vex
on:
workflow_dispatch
jobs:
generate-vex:
runs-on: ubuntu-latest
steps:
- name: Setup Go
uses: actions/setup-go@v5.0.0
with:
go-version: 1.22.x
- run: go install github.com/openvex/vexctl@latest
- name: Checkout Code
uses: actions/checkout@v4.1.1
- name: Generate VEX
uses: testifysec/witness-run-action@reusable-workflow # v0.2.0
with:
archivista-server: "https://judge-api.aws-sandbox-staging.testifysec.dev"
step: gen-vex
attestations: "environment git github vex"
command: |
/bin/sh -c 'vexctl create --product="pkg:golang/stdlib@go1.21.4" --vuln="CVE-2023-45285" --status="not_affected" --justification="inline_mitigations_already_exist" --file="./openvex.json"'
- name: Upload VEX
uses: actions/upload-artifact@v4.3.3
with:
name: vex
path: openvex.json