Skip to content

211111111111111111111111111111111111111 #96

211111111111111111111111111111111111111

211111111111111111111111111111111111111 #96

Workflow file for this run

name: Bot scan
on:
pull_request_target:
types: [opened, reopened, synchronize, edited]
issues:
types: [opened, edited, milestoned]
permissions:
issues: write
pull-requests: write
jobs:
Snyk_scanning:
name: Snyk Bot scan
continue-on-error: true
runs-on: ubuntu-latest
steps:
- name: Checkout PR code (source branch)
uses: actions/checkout@v3
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Snyk Bot scan A
run: |
rm -rf node_modules
rm -f package-lock.json
npm install
echo "Downloading and authenticating Snyk CLI..."
curl -Lo ./snyk "https://github.com/snyk/snyk/releases/download/v1.1100.0/snyk-linux"
chmod +x snyk
./snyk auth ${{ secrets.SNYK_TOKEN }}
- name: Snyk Bot scan B
run: |
echo "Running Snyk test and monitor..."
./snyk test --all-projects --color || true
./snyk monitor --all-projects || true
TruffleHog_scanning:
name: TruffleHog Bot scan
continue-on-error: true
runs-on: ubuntu-latest
steps:
- name: Checkout PR code (source branch)
uses: actions/checkout@v3
with:
ref: ${{ github.event.pull_request.head.sha }}
with:
fetch-depth: 0 # fetch all history so multiple commits can be scanned
- name: Install TruffleHog
run: |
echo "Installing TruffleHog..."
pip install truffleHog
- name: Run TruffleHog scan C
run: |
echo "Running TruffleHog scan..."
trufflehog --regex --json --entropy=False ${{ github.event.pull_request.head.sha}}
BotCheck:
continue-on-error: true
permissions: write-all
runs-on: ubuntu-latest
needs: [Snyk_scanning, TruffleHog_scanning]
steps:
- uses: itsarraj/pr-scan-action@master
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}