-
Notifications
You must be signed in to change notification settings - Fork 4
/
action.yml
102 lines (96 loc) · 3.5 KB
/
action.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
name: 'Contrast Scan Analyze'
description: 'Perform SAST analysis of a project'
inputs:
apiKey:
description: 'An agent API key provided by Contrast (required).'
required: true
authHeader:
description: 'User authorization credentials provided by Contrast (required).'
required: true
orgId:
description: 'The ID of your organization in Contrast (required).'
required: true
artifact:
description: 'The Artifact to Scan on the Contrast Platform.'
required: true
apiUrl:
description: 'The name of the host. Includes the protocol section of the URL (https://). Defaults to https://ce.contrastsecurity.com. (optional)'
required: false
default: "https://ce.contrastsecurity.com"
projectName:
description: 'The name of the project you want to scan in Contrast.'
required: false
projectId:
description: 'The ID of your project in Contrast.'
required: false
language:
description: 'The language of your project.'
required: false
timeout:
description: 'Set a specific time span (in seconds) before the function times out. The default timeout is 10 minutes if timeout is not set.'
required: false
default: 600
severity:
description: 'Allows user to report vulnerabilities above a chosen severity level. Values for level are high, medium or low. (Note: Use this input in combination with the fail input, otherwise the action will exit)'
required: false
fail:
description: 'When set to true, fails the action if CVEs have been detected that match at least the severity option specified.'
required: false
runs:
using: "composite"
steps:
- name: Get Latest CLI
run: |
echo "Downloading Contrast CLI 2.1.5"
curl --location 'https://pkg.contrastsecurity.com/artifactory/cli/v2/2.1.5/linux/contrast' --output contrast
shell: bash
- run: chmod +x contrast
shell: bash
- name: Get CLI Required Arguments
id: required-args
shell: bash
run: |
echo "Setting Required Args..."
args=()
args+=("--api-key ${{ inputs.apiKey }}")
args+=("--authorization ${{ inputs.authHeader }}")
args+=("--organization-id ${{ inputs.orgId }}")
args+=("--file ${{ inputs.artifact }}")
args+=("--host ${{ inputs.apiUrl }}")
echo "args=${args[@]}" >> $GITHUB_OUTPUT
- name: Get CLI Optional Arguments
id: optional-args
shell: bash
run: |
echo "Setting Optional Args..."
args=()
if [ -n "${{ inputs.projectName }}" ]; then
args+=("--name")
args+=("${{ inputs.projectName }}")
fi
if [ -n "${{ inputs.projectId }}" ]; then
args+=("--project-id")
args+=("${{ inputs.projectId }}")
fi
if [ -n "${{ inputs.language }}" ]; then
args+=("--language")
args+=("${{ inputs.language }}")
fi
if [ -n "${{ inputs.timeout }}" ]; then
args+=("--timeout")
args+=("${{ inputs.timeout }}")
fi
if [ -n "${{inputs.severity}}" ]; then
args+=("--severity")
args+=("${{ inputs.severity }}")
fi
if [ "${{inputs.fail}}" = true ]; then
args+=("--fail")
fi
echo "args=${args[@]}" >> $GITHUB_OUTPUT
- name: Run Contrast Scan CLI Command
id: run-scan
shell: bash
run: |
echo "Running the Contrast Scan Command..."
./contrast scan ${{ steps.required-args.outputs.args }} ${{ steps.optional-args.outputs.args }}