-
Notifications
You must be signed in to change notification settings - Fork 1
130 lines (115 loc) · 3.83 KB
/
DevSecOps.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
name: DevSecOps
on:
push:
branches:
- main
pull_request:
branches:
- main
jobs:
sonarcloud:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
# Disabling shallow clone is recommended for improving relevancy of reporting
fetch-depth: 0
- name: SonarCloud Scan
uses: sonarsource/sonarcloud-github-action@v2.1.0 # Use the appropriate version
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
build:
runs-on: ubuntu-latest
services:
mongodb:
image: mongo:4.4
ports:
- 27017:27017
strategy:
matrix:
node-version: [16.x] # Only use Node.js version 16.x
steps:
# Step 1: Checkout the repository
- name: 🛎 Checkout Code
uses: actions/checkout@v3
# Step 2: Set up Node.js (only for version 16)
- name: 🛠 Set up Node.js
uses: actions/setup-node@v3
with:
node-version: '16' # Set to version 16 only
# Debugging Step: List the directory contents to verify path
- name: List Directory Contents
run: |
ls -al
echo "Check if the directory 'Backend' exists."
# Step 3: Install backend dependencies
- name: Install Backend Dependencies
run: |
cd "Backend"
npm install
echo "Backend dependencies installed."
# Step 4: Verify Node.js version
- name: 🛠 Verify Node.js Version
run: |
echo "Node.js version $(node -v) is set."
# Step 5: Install frontend dependencies
- name: Install Frontend Dependencies
run: |
npm install --legacy-peer-deps
echo "Frontend dependencies installed."
timeout-minutes: 20 # Adjust the timeout value as needed
# Step 6: Run Security Checks
- name: Run Security Checks
run: |
# Check Clickjacking protection
if ! grep -q "frameguard" ./backend/app.js; then
echo "❌ Clickjacking protection missing."
else
echo "Clickjacking protection is in place."
fi
# Check Session Hijacking protection
if ! grep -q "cookie-session" ./backend/app.js; then
echo "❌ Session hijacking protection missing."
else
echo "Session hijacking protection is in place."
fi
# Check SQL Injection prevention
if ! grep -q "parameterized queries" ./backend/db.js; then
echo "❌ SQL Injection prevention missing."
else
echo "SQL Injection prevention is in place."
fi
# Check XSS protection
if ! grep -q "xss-clean" ./backend/app.js; then
echo "❌ XSS protection missing."
else
echo "XSS protection is in place."
fi
# Check HSTS header
if ! grep -q "strict-transport-security" ./backend/app.js; then
echo "❌ HSTS header missing."
else
echo "HSTS header is set."
fi
# Check DDoS protection
if ! grep -q "express-rate-limit" ./backend/app.js; then
echo "❌ DDoS protection missing."
else
echo "DDoS protection is in place."
fi
# Step 5: Run npm audit
- name: Run npm audit
run: |
cd "Backend"
npm audit --audit-level=high || true # Run audit and ignore errors (always exit with 0)
# Step 7: Upload Test Results on Failure
- name: Upload Test Results on Failure
if: failure()
uses: actions/upload-artifact@v3
with:
name: test-results
path: ./test-results
# Step 8: Complete Build
- name: Build Complete
if: success()
run: echo "All steps completed successfully!"