Initial Contrast Security GitHub app workflow file onboarding commit #1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# DISCLAIMER: This workflow file has been auto-generated and committed to the repo by the GitHub App from Contrast Security. | |
# Manual edits to this file could cause the integration to produce unexpected behavior or break. | |
# Version: 1.0.0 | |
# Last updated: 2024-01-30T08:33:01.188091922Z | |
name: Contrast Security App Workflow | |
on: | |
workflow_dispatch: | |
push: | |
branches: | |
- master | |
pull_request: | |
types: [opened, synchronize, reopened] | |
branches: | |
- master | |
jobs: | |
fingerprint_repo: | |
if: ${{ github.actor != 'dependabot[bot]' }} | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: Clone repository | |
uses: actions/checkout@v3 | |
- name: Run Contrast SCA Fingerprint | |
id: fingerprint | |
uses: 'Contrast-Security-OSS/contrast-sca-action@v2' | |
with: | |
apiKey: ${{ secrets.CONTRAST_GITHUB_APP_API_KEY }} | |
authHeader: ${{ secrets.CONTRAST_GITHUB_APP_AUTH_HEADER }} | |
orgId: ${{ vars.CONTRAST_GITHUB_APP_ORG_ID }} | |
apiUrl: ${{ vars.CONTRAST_GITHUB_APP_TS_URL }} | |
repoUrl: ${{ github.server_url }}/${{ github.repository }} | |
repoName: ${{ github.repository }} | |
externalId: ${{ vars.CONTRAST_GITHUB_APP_ID }} | |
command: fingerprint | |
outputs: | |
fingerprint: ${{ steps.fingerprint.outputs.fingerprint }} | |
analyze_dependencies: | |
if: ${{ needs.fingerprint_repo.outputs.fingerprint != '' }} | |
needs: fingerprint_repo | |
runs-on: ubuntu-22.04 | |
strategy: | |
fail-fast: false | |
matrix: | |
manifest: | |
- ${{ fromJson(needs.fingerprint_repo.outputs.fingerprint) }} | |
steps: | |
- name: Clone repository | |
uses: actions/checkout@v3 | |
- name: Run Contrast SCA Audit | |
uses: 'Contrast-Security-OSS/contrast-sca-action@v2' | |
with: | |
apiKey: ${{ secrets.CONTRAST_GITHUB_APP_API_KEY }} | |
authHeader: ${{ secrets.CONTRAST_GITHUB_APP_AUTH_HEADER }} | |
orgId: ${{ vars.CONTRAST_GITHUB_APP_ORG_ID }} | |
apiUrl: ${{ vars.CONTRAST_GITHUB_APP_TS_URL }} | |
filePath: ${{ matrix.manifest.filePath }} | |
repositoryId: ${{ matrix.manifest.repositoryId }} | |
projectGroupId: ${{ matrix.manifest.projectGroupId }} |