Skip to content

Commit 3b71b01

Browse files
ravishankart-cswravishankart-csw
committed
ShiftLeft Scan
1 parent 70724f6 commit 3b71b01

1 file changed

Lines changed: 47 additions & 0 deletions

File tree

.github/workflows/ShiftLeft.yaml

Lines changed: 47 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,47 @@
1+
---
2+
name: Shiftleft Scan
3+
"on":
4+
- workflow_dispatch
5+
- pull_request
6+
jobs:
7+
scanning:
8+
env:
9+
APP_ID: b28f0cd01ec57ec2828c6e16c27439bc608b77998f3e22864f34940ef5fd0aee
10+
REQ_URL_MAP: "${{toJSON('{\"SL_API_HOST\":\"https://slapi.dev.securin.io/shiftleftapi\"\
11+
,\"SL_RESULTPARSER_API_HOST\":\"https://slresultparserapi.dev.securin.io/resultparserapi/v1\"\
12+
,\"SL_RESULT_API_HOST\":\"https://slresultapi.dev.securin.io/resultapi/v1\"\
13+
}')}}"
14+
steps:
15+
- name: Retrieve Scan Info
16+
id: auth_token
17+
run: "respJson=$(curl --location --request GET 'https://slapi.dev.securin.io/shiftleftapi/scan-info?app_id=${{\
18+
\ env.APP_ID }}' --header 'Authorization: Bearer ${{secrets.CLI_ACCESS_TOKEN}}'\
19+
\ --data-raw ' ' )\necho \"::set-output name=authTokenJson::$respJson\""
20+
- uses: actions/checkout@v2
21+
- name: Build with Maven
22+
run: mvn -q --batch-mode --update-snapshots verify
23+
- name: Scan Initiated
24+
id: sec_scan_init
25+
run: "usrVal=$(echo '${{fromJson(steps.auth_token.outputs.authTokenJson).user}}'\
26+
\ | openssl enc -aes-256-cbc -d -a -K ${{secrets.ENC_KEY}} -iv ${{secrets.ENC_IV}}\
27+
\ ) \nusrPassword=$(echo '${{fromJson(steps.auth_token.outputs.authTokenJson).password}}'\
28+
\ | openssl enc -aes-256-cbc -d -base64 -A -K ${{secrets.ENC_KEY}} -iv ${{secrets.ENC_IV}}\
29+
\ ) \nusrPrxyUrl=$(echo '${{fromJson(steps.auth_token.outputs.authTokenJson).proxyUrl}}'\
30+
\ | openssl enc -aes-256-cbc -d -a -K ${{secrets.ENC_KEY}} -iv ${{secrets.ENC_IV}}\
31+
\ ) \nusrImgTag=$(echo '${{fromJson(steps.auth_token.outputs.authTokenJson).imageTag}}'\
32+
\ | openssl enc -aes-256-cbc -d -a -K ${{secrets.ENC_KEY}} -iv ${{secrets.ENC_IV}}\
33+
\ ) \ndocker login --username $usrVal --password $usrPassword $usrPrxyUrl\
34+
\ \ndocker pull -q $usrImgTag \ndocker run -v ${{github.workspace}}:/src \
35+
\ --volume ${{github.workspace}}:/workdir -v /var/run/docker.sock:/var/run/docker.sock\
36+
\ $usrImgTag -access_tkn ${{secrets.CLI_ACCESS_TOKEN}} -app_id ${{ env.APP_ID\
37+
\ }} -req_url_map ${{ env.REQ_URL_MAP }} event:${{ github.event_name }} pr_number:${{\
38+
\ github.event.number }}"
39+
- name: Upload SARIF file
40+
uses: github/codeql-action/upload-sarif@v1
41+
with:
42+
sarif_file: "${{github.workspace}}/results/result.sarif"
43+
if: hashFiles('**/result.sarif') !=''
44+
- name: Evaluate build status
45+
run: "cat ${{github.workspace}}/results/status.txt\nexit 1\n"
46+
if: hashFiles('**/status.txt') !=''
47+
runs-on: ubuntu-latest

0 commit comments

Comments
 (0)