Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

test #32

Open
wants to merge 22 commits into
base: master
Choose a base branch
from
Open

test #32

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
22 commits
Select commit Hold shift + click to select a range
50ba097
Create main.yml
abhi261995 Dec 26, 2023
b17f8c1
add docker image check
abhi261995 Dec 28, 2023
31e147d
Updated docker vul check
abhi261995 Dec 28, 2023
9e98289
new testing
abhi261995 Feb 2, 2024
0f78046
test4
abhi261995 Feb 2, 2024
093b9c1
test5
abhi261995 Feb 2, 2024
a8a891d
test6
abhi261995 Feb 2, 2024
45b97fc
test 7
abhi261995 Feb 2, 2024
66ecc08
Test10
abhi261995 Feb 3, 2024
2cb60a9
Test 11
abhi261995 Feb 3, 2024
cd0f8bc
Test 12
abhi261995 Feb 3, 2024
1a94aec
test
abhi261995 Feb 3, 2024
40ca5f2
test4
abhi261995 Feb 3, 2024
aaa615a
Test 13
abhi261995 Feb 3, 2024
196cac0
Test14
abhi261995 Feb 3, 2024
9d74ea2
MAven Scan with sarif format to upload result
abhi261995 Feb 4, 2024
c820b8f
MAveS format to upload result
abhi261995 Feb 4, 2024
76c210f
Pipeline Run 1
abhi261995 Feb 6, 2024
37d05a9
Pipeline Test 2
abhi261995 Feb 6, 2024
f91abd5
Pipeline Test 3
abhi261995 Feb 7, 2024
f9485f6
Pipeline Test 4
abhi261995 Feb 7, 2024
da6685e
Pipeline Test 5
abhi261995 Feb 7, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
89 changes: 89 additions & 0 deletions .github/workflows/Devsecops_Pipeline.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,89 @@
name: Complete Devseops Pipleline
on: push
jobs:
Lint-Code: # For Source Code Analysis .Prevents broken code to be updated in main branch .Establish coding best practice.
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Super-linter
uses: super-linter/super-linter@v6.0.0 # release-version
env:
DEFAULT_BRANCH: master
DISABLE_ERRORS: false
VALIDATE_ALL_CODEBASE: true
VALIDATE_JAVA: true
# To report GitHub Actions status checks
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Build-Code: #Build phase
runs-on: ubuntu-latest
steps:
- name: 'Checkout Repo'
uses: actions/checkout@v4
- name: 'Setup JDK 21'
uses: actions/setup-java@v4
with:
distribution: 'temurin' # Provides code and processes for building runtime binaries
java-version: '21'
server-id: github
settings-path: ${{github.workspace}} #Location for seting.xml file
cache: maven
- name: Set up Maven
uses: stCarolas/setup-maven@v4.5
with:
maven-version: 3.8.2
#Sonar Cloud : Detects bugs, vulnerabilities and code smells (Continuous Code Quality & Code Security)
- name: Build with Maven
run: |
mvm verify sonar:sonar \
-Dsonar.organization=SonarAnalysisAR \
-Dsonar.projectKey=sonaranalysisar_codered \
-Dsonar.host.url=https://sonarcloud.io
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

Security-Scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@master
- name: Run Snyk to check for vulnerability
uses: snyk/actions/maven@master
continue-on-error: true
env:
SNYK_TOKEN: ${{ secrets.SYNK_TOKEN }}
with:
args: --sarif-file-output=snyk.sarif
- name: Upload result to GitHub Code Scanning
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: snyk.sarif
- name: Run Snyk to check Docker image for vulnerabilities
uses: snyk/actions/docker@master
continue-on-error: true
env:
SNYK_TOKEN: ${{ secrets.SYNK_TOKEN }}
with:
image: alpine/helm

zap_scan:
runs-on: ubuntu-latest
name: Scan the webapplication
steps:
- name: Checkout
uses: actions/checkout@v2
with:
ref: master
- name: ZAP Scan
uses: zaproxy/action-baseline@v0.11.0
with:
token: ${{ secrets.GITHUB_TOKEN }}
docker_name: 'ghcr.io/zaproxy/zaproxy:stable'
target: 'http://testasp.vulnweb.com'
rules_file_name: '.zap/rules.tsv'
cmd_options: '-a'




25 changes: 25 additions & 0 deletions .github/workflows/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
name: Example workflow for Maven using Snyk
on: push
jobs:
security:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@master
- name: Run Snyk to check for vulnerability
uses: snyk/actions/maven@master
continue-on-error: true
env:
SNYK_TOKEN: ${{ secrets.SYNK_TOKEN }}
with:
args: --sarif-file-output=snyk.sarif
- name: Upload result to GitHub Code Scanning
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: snyk.sarif
- name: Run Snyk to check Docker image for vulnerabilities
uses: snyk/actions/docker@master
continue-on-error: true
env:
SNYK_TOKEN: ${{ secrets.SYNK_TOKEN }}
with:
image: alpine/helm