Skip to content

Zooz/code-scanner

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Code Scanner

The template performs 3 operations:

  1. Vulnerabilities Scan- using Semgrep
  2. Secret Detection- using Gitleaks
  3. Dependency Scan- using gemnasium

This template uses 2 inputs:

  • codeScannerRef: The branch or tag to use. (Optional)

This template expects 4 mandatory secrets

  • slackUrl: The slack webhook to send alerts to.
  • AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY: Required for authentication with AWS in order to upload results to s3 bucket.
  • S3_BUCKET_NAME: The s3 bucket which results will be uploaded to.
  • AWS_REGION: The region the s3 was deployed in.

Example usage:

Create the next file structure in your repository .github/workflows/scanner.yml Enter the next into the file scanner.yml

name: Code Scanner

on:
  push:
    branches: 
      - '*'
jobs:
  secScan:
    name: Security Template
    uses: Zooz/code-scanner/.github/workflows/secTemplate.yml@main
    with:
      codeScannerRef: main
    secrets:
      slackUrl: ${{ secrets.SEMGREP_SLACK_ALERT }}
      SLACK_CHANNEL: ${{ secrets.SLACK_CHANNEL }}
      AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
      AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
      S3_BUCKET_NAME: ${{ secrets.S3_BUCKET_NAME }}
      AWS_REGION: ${{ secrets.AWS_REGION }}

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages