forked from ZupIT/horusec-examples-vulnerabilities
-
Notifications
You must be signed in to change notification settings - Fork 0
41 lines (39 loc) · 1.32 KB
/
github-security-checks.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
name: GitHub Actions Demo
run-name: ${{ github.actor }} push initiated a Security Scan 🚀
on: [push]
permissions:
contents: write
jobs:
test-create-file:
runs-on: ubuntu-latest
steps:
- run: echo "🎉 This job was automatically triggered by a ${{ github.event_name }} event."
- name: Checkout repo inside CI runner
uses: actions/checkout@v4
- name: Bearer-SAST Installation
working-directory: ./ci/actions
run: |
chmod +x install-bearer.sh
./install-bearer.sh
- name: Setup results file
working-directory: .
run: |
mkdir scan_results
chmod +x scan_results
touch ./scan_results/bearer.out.json
- name: Bearer Scan
working-directory: .
run: bearer scan . --scanner=sast --quiet --format json --output ./scan_results/bearer.out.json
- run: echo "Job finished with status ${{ job.status }}."
- name: Commit changes
uses: EndBug/add-and-commit@v9
with:
author_name: tester-bot
author_email: [email protected]
message: 'bot test CI message'
#TODO
#1. Generate JSON report and store in repo
#2. Ensure bearer does not exit with -1
#2. Create docker image with pre-installed Bearer and OSV tools
#3. Add a step to run the OSV scanner
#4.