diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml deleted file mode 100644 index 369beab7f..000000000 --- a/.github/FUNDING.yml +++ /dev/null @@ -1,3 +0,0 @@ -# These are supported funding model platforms - -github: prabhu diff --git a/.github/workflows/app-release.yml b/.github/workflows/app-release.yml deleted file mode 100644 index 9ca18f5b1..000000000 --- a/.github/workflows/app-release.yml +++ /dev/null @@ -1,52 +0,0 @@ -name: Release AppImage and Exe - -on: - push: - tags: - - 'v*' - -jobs: - pkg: - runs-on: ubuntu-20.04 - steps: - - uses: actions/checkout@v3 - - name: Use Node.js - uses: actions/setup-node@v3 - with: - node-version: 18.x - - name: Produce pkg - lts - run: | - sudo npm install -g pkg - npm install - pkg -t node18-alpine,node18-linux,node18-win,node18-mac --public package.json --out-path dist - chmod +x dist/cdxgen* - for f in `ls dist`; do sha256sum dist/$f > dist/$f.sha256 ; done - - name: Test pkg - run: | - ./dist/cdxgen-linux -v - ./dist/cdxgen-linux . - - name: Install dependencies - run: | - sudo apt-get install -y python3.8 python3.8-dev python3-pip python3-testresources python3-setuptools patchelf desktop-file-utils libgdk-pixbuf2.0-dev - # Install appimagetool AppImage - sudo wget https://github.com/AppImage/AppImageKit/releases/download/12/appimagetool-x86_64.AppImage -O /usr/local/bin/appimagetool - sudo chmod +x /usr/local/bin/appimagetool - sudo pip3 install appimage-builder==0.8.1 - mkdir -p appimage-builder-cache - wget https://github.com/AppImage/AppImageKit/releases/download/12/runtime-x86_64 -O appimage-builder-cache/runtime-x86_64 - - name: Build AppImage - run: | - appimage-builder --recipe appimage-builder.yml --skip-test - env: - UPDATE_INFO: gh-releases-zsync|AppThreat|cdxgen|latest|*x86_64.AppImage.zsync - - name: Zip pkg - lts - run: | - zip --junk-paths -r cdxgen-dist.zip dist cdxgen-latest-x86_64.AppImage - - name: Release - uses: softprops/action-gh-release@v1 - if: startsWith(github.ref, 'refs/tags/') - with: - files: | - cdxgen-dist.zip - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/appimage.yml b/.github/workflows/appimage.yml deleted file mode 100644 index 97b2232fd..000000000 --- a/.github/workflows/appimage.yml +++ /dev/null @@ -1,27 +0,0 @@ -name: AppImage - -on: [workflow_dispatch] - -jobs: - build: - runs-on: ubuntu-20.04 - steps: - - uses: actions/checkout@v3 - - name: Install dependencies - run: | - sudo apt-get install -y python3.8 python3.8-dev python3-pip python3-testresources python3-setuptools patchelf desktop-file-utils libgdk-pixbuf2.0-dev - # Install appimagetool AppImage - sudo wget https://github.com/AppImage/AppImageKit/releases/download/12/appimagetool-x86_64.AppImage -O /usr/local/bin/appimagetool - sudo chmod +x /usr/local/bin/appimagetool - sudo pip3 install appimage-builder==0.8.1 - mkdir -p appimage-builder-cache - wget https://github.com/AppImage/AppImageKit/releases/download/12/runtime-x86_64 -O appimage-builder-cache/runtime-x86_64 - - name: Build AppImage - run: | - appimage-builder --recipe appimage-builder.yml --skip-test - env: - UPDATE_INFO: gh-releases-zsync|AppThreat|cdxgen|latest|*x86_64.AppImage.zsync - - uses: actions/upload-artifact@v2 - with: - name: AppImage - path: './*.AppImage*' diff --git a/.github/workflows/dockertests.yml b/.github/workflows/dockertests.yml deleted file mode 100644 index 50e0f190c..000000000 --- a/.github/workflows/dockertests.yml +++ /dev/null @@ -1,147 +0,0 @@ -name: docker tests - -on: - push: - branches: - - master - - feature/* - - release/* - - fix/* - workflow_dispatch: - -jobs: - linux-tests: - runs-on: ubuntu-latest - if: "! contains(github.event.head_commit.message, '[ci skip]')" - strategy: - matrix: - node-version: [18.x] - - steps: - - uses: actions/checkout@v3 - - name: Use Node.js ${{ matrix.node-version }} - uses: actions/setup-node@v3 - with: - node-version: ${{ matrix.node-version }} - - name: npm install, build and test - run: | - npm install - npm run build --if-present - npm test - npm install -g @ngcloudsec/cdxgen-plugins-bin - mkdir -p bomresults repotests - env: - CI: true - - uses: actions/checkout@v3 - with: - repository: 'grafana-operator/grafana-operator' - path: 'repotests/grafana-operator' - - name: dockertests - run: | - wget https://github.com/CycloneDX/cyclonedx-cli/releases/download/v0.24.2/cyclonedx-linux-x64 - mv cyclonedx-linux-x64 cyclonedx - chmod +x cyclonedx - bin/cdxgen phpmyadmin@sha256:1092481630056189e43cc0fe66fd01defcc9334d78ab4611b22f65e9a39869bd -p -o bomresults/bom-phpmyadmin.json - ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-phpmyadmin.json --input-format json --input-version v1_4 - ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-phpmyadmin.xml --input-format xml --input-version v1_4 - bin/cdxgen shiftleft/scan-slim -o bomresults/bom-scanslim.json -p -t docker - ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-scanslim.json --input-format json --input-version v1_4 - ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-scanslim.xml --input-format xml --input-version v1_4 - bin/cdxgen redmine@sha256:a5c5f8a64a0d9a436a0a6941bc3fb156be0c89996add834fe33b66ebeed2439e -p -o bomresults/bom-redmine.json - ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-redmine.json --input-format json --input-version v1_4 - ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-redmine.xml --input-format xml --input-version v1_4 - bin/cdxgen rocket.chat@sha256:379f7afa0e67497c363ac9a9b3e7e6a6d31deee228233307c987e4a0c68b28e6 -p -o bomresults/bom-rocket.json - ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-rocket.json --input-format json --input-version v1_4 - ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-rocket.xml --input-format xml --input-version v1_4 - bin/cdxgen sonarqube@sha256:7c0edcb99c964984db6d24330db33bb12de1e8ae0d5974d77640b1efea1483d1 -p -o bomresults/bom-sonar.json - ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-sonar.json --input-format json --input-version v1_4 - ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-sonar.xml --input-format xml --input-version v1_4 - bin/cdxgen zookeeper@sha256:5bf00616677db5ef57d8a2da7c5dadf67f1a6be54b0c33a79be3332c9c80aeb6 -p -o bomresults/bom-zoo.json - ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-zoo.json --input-format json --input-version v1_4 - ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-zoo.xml --input-format xml --input-version v1_4 - docker save -o /tmp/scanslim.tar shiftleft/scan-slim:latest - bin/cdxgen /tmp/scanslim.tar -o bomresults/bom-scanarch.json - ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-scanarch.json --input-format json --input-version v1_4 - ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-scanarch.xml --input-format xml --input-version v1_4 - bin/cdxgen -t docker-compose test/data -o bomresults/bom-dc.json - ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-dc.json --input-format json --input-version v1_4 - ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-dc.xml --input-format xml --input-version v1_4 - bin/cdxgen -t operator repotests/grafana-operator -o bomresults/bom-op.json - ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-op.json --input-format json --input-version v1_4 - ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-op.xml --input-format xml --input-version v1_4 - ls -ltr bomresults - - uses: actions/upload-artifact@v1 - with: - name: bomresults - path: bomresults - - os-tests: - runs-on: ubuntu-latest - - strategy: - matrix: - node-version: [18.x] - - steps: - - uses: actions/checkout@v3 - - name: Use Node.js ${{ matrix.node-version }} - uses: actions/setup-node@v3 - with: - node-version: ${{ matrix.node-version }} - - name: npm install, build and test - run: | - npm install - npm run build --if-present - npm install -g @ngcloudsec/cdxgen-plugins-bin - mkdir -p bomresults - env: - CI: true - - name: ostests - run: | - wget https://github.com/CycloneDX/cyclonedx-cli/releases/download/v0.24.2/cyclonedx-linux-x64 - mv cyclonedx-linux-x64 cyclonedx - chmod +x cyclonedx - bin/cdxgen -t os -o bomresults/bom-os.json - ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-os.json --input-format json --input-version v1_4 - ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-os.xml --input-format xml --input-version v1_4 - env: - SCAN_DEBUG_MODE: debug - - uses: actions/upload-artifact@v1 - with: - name: bomresults-os - path: bomresults - - win-tests: - runs-on: windows-latest - - strategy: - matrix: - node-version: [18.x] - - steps: - - uses: actions/checkout@v3 - - name: Use Node.js ${{ matrix.node-version }} - uses: actions/setup-node@v3 - with: - node-version: ${{ matrix.node-version }} - - name: npm install, build - run: | - npm install - npm run build --if-present - mkdir bomresults - npm install -g @ngcloudsec/cdxgen-plugins-bin - env: - CI: true - - name: wintests - run: | - Invoke-WebRequest -Uri https://github.com/CycloneDX/cyclonedx-cli/releases/download/v0.24.2/cyclonedx-win-x64.exe -UseBasicParsing -OutFile cyclonedx.exe - node bin/cdxgen -t os -o bomresults/bom-win.json - .\cyclonedx.exe validate --fail-on-errors --input-file bomresults\\bom-win.json --input-format json --input-version v1_4 - .\cyclonedx.exe validate --fail-on-errors --input-file bomresults\\bom-win.xml --input-format xml --input-version v1_4 - dir bomresults - env: - SCAN_DEBUG_MODE: debug - - uses: actions/upload-artifact@v1 - with: - name: bomresults-win - path: bomresults diff --git a/.github/workflows/nodejs.yml b/.github/workflows/nodejs.yml deleted file mode 100644 index 4db9cd4f4..000000000 --- a/.github/workflows/nodejs.yml +++ /dev/null @@ -1,61 +0,0 @@ -name: Node CI - -on: - push: - branches: - - master - - feature/* - - release/* - - fix/* - workflow_dispatch: -jobs: - build: - runs-on: ubuntu-latest - - strategy: - matrix: - node-version: [12.x, 16.x, 18.x] - - steps: - - uses: actions/checkout@v3 - - name: Use Node.js ${{ matrix.node-version }} - uses: actions/setup-node@v3 - with: - node-version: ${{ matrix.node-version }} - - name: npm install, build and test - run: | - npm install - npm run build --if-present - npm test - env: - CI: true - pkg: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - name: Use Node.js - uses: actions/setup-node@v3 - with: - node-version: 18.x - - name: Produce pkg - lts - run: | - sudo npm install -g pkg - npm install - pkg -t node18-linux,node18-win,node18-mac package.json --out-path dist - - name: Test pkg - run: | - chmod +x dist/cdxgen* - ./dist/cdxgen-linux -v - ./dist/cdxgen-linux . -p - - uses: actions/upload-artifact@v1 - with: - name: dist - path: dist - - name: Generate BOM using cdxgen - uses: appthreat/cdxgen-action@v1 - with: - output: "./reports/bom.xml" - - uses: actions/upload-artifact@v1 - with: - name: reports - path: reports diff --git a/.github/workflows/npm-release.yml b/.github/workflows/npm-release.yml deleted file mode 100644 index 2e843a13a..000000000 --- a/.github/workflows/npm-release.yml +++ /dev/null @@ -1,31 +0,0 @@ -name: Release npm package - -on: - push: - tags: - - 'v*' - -jobs: - pkg: - runs-on: ubuntu-latest - permissions: - contents: read - packages: write - steps: - - uses: actions/checkout@v3 - - name: Use Node.js - uses: actions/setup-node@v3 - with: - node-version: 18.x - registry-url: https://registry.npmjs.org/ - - name: Release - run: | - npm config set //npm.pkg.github.com/:_authToken=$GITHUB_TOKEN - npm config set //registry.npmjs.org/:_authToken=$NODE_AUTH_TOKEN - echo "appthreat:registry=https://npm.pkg.github.com" > ~/.npmrc - npm publish --access=public --@appthreat:registry='https://npm.pkg.github.com' - echo "appthreat:registry=https://registry.npmjs.org" > ~/.npmrc - npm publish --access=public --@appthreat:registry='https://registry.npmjs.org' - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} diff --git a/.github/workflows/repotests.yml b/.github/workflows/repotests.yml deleted file mode 100644 index bd35b0050..000000000 --- a/.github/workflows/repotests.yml +++ /dev/null @@ -1,175 +0,0 @@ -name: Repo tests - -on: - push: - branches: - - master - - feature/* - - release/* - - fix/* - workflow_dispatch: - -jobs: - build: - runs-on: ubuntu-latest - if: "! contains(github.event.head_commit.message, '[ci skip]')" - strategy: - matrix: - node-version: [18.x] - - steps: - - uses: actions/checkout@v3 - - name: Set up JDK 8 and SBT - uses: olafurpg/setup-scala@v11 - with: - java-version: adopt@1.8 - - name: Use Node.js ${{ matrix.node-version }} - uses: actions/setup-node@v3 - with: - node-version: ${{ matrix.node-version }} - - name: Install bazelisk - run: | - curl -LO "https://github.com/bazelbuild/bazelisk/releases/download/v1.1.0/bazelisk-linux-amd64" - sudo mv bazelisk-linux-amd64 /usr/local/bin/bazel - sudo chmod +x /usr/local/bin/bazel - - name: npm install, build and test - run: | - npm install - npm run build --if-present - npm test - mkdir -p repotests - mkdir -p bomresults - env: - CI: true - - uses: actions/checkout@v3 - with: - repository: 'ShiftLeftSecurity/shiftleft-java-example' - path: 'repotests/shiftleft-java-example' - - uses: actions/checkout@v3 - with: - repository: 'ShiftLeftSecurity/shiftleft-ts-example' - path: 'repotests/shiftleft-ts-example' - - uses: actions/checkout@v3 - with: - repository: 'ShiftLeftSecurity/shiftleft-go-example' - path: 'repotests/shiftleft-go-example' - - uses: actions/checkout@v3 - with: - repository: 'prabhu/shiftleft-scala-example' - path: 'repotests/shiftleft-scala-example' - - uses: actions/checkout@v3 - with: - repository: 'HooliCorp/vulnerable_net_core' - path: 'repotests/vulnerable_net_core' - - uses: actions/checkout@v3 - with: - repository: 'HooliCorp/Goatly.NET' - path: 'repotests/Goatly.NET' - - uses: actions/checkout@v3 - with: - repository: 'HooliCorp/DjanGoat' - path: 'repotests/DjanGoat' - - uses: actions/checkout@v3 - with: - repository: 'prabhu/Vulnerable-Web-Application' - path: 'repotests/Vulnerable-Web-Application' - - uses: actions/checkout@v3 - with: - repository: 'prabhu/railsgoat' - path: 'repotests/railsgoat' - - uses: actions/checkout@v3 - with: - repository: 'bazelbuild/examples' - path: 'repotests/bazel-examples' - - uses: actions/checkout@v3 - with: - repository: 'flutter/gallery' - path: 'repotests/gallery' - - uses: actions/checkout@v3 - with: - repository: 'gojek/ziggurat' - path: 'repotests/ziggurat' - - uses: actions/checkout@v3 - with: - repository: 'GoogleCloudPlatform/microservices-demo' - path: 'repotests/microservices-demo' - - name: repotests - run: | - wget https://github.com/CycloneDX/cyclonedx-cli/releases/download/v0.24.2/cyclonedx-linux-x64 - mv cyclonedx-linux-x64 cyclonedx - chmod +x cyclonedx - bin/cdxgen -p -r -t java repotests/shiftleft-java-example -o bomresults/bom-java.json --generate-key-and-sign - ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-java.json --input-format json --input-version v1_4 - ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-java.xml --input-format xml --input-version v1_4 - - SBOM_SIGN_ALGORITHM=RS512 SBOM_SIGN_PRIVATE_KEY=bomresults/private.key SBOM_SIGN_PUBLIC_KEY=bomresults/public.key bin/cdxgen -p -r -t github repotests/shiftleft-java-example -o bomresults/bom-github.json - ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-github.json --input-format json --input-version v1_4 - ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-github.xml --input-format xml --input-version v1_4 - - FETCH_LICENSE=true bin/cdxgen -p -r -t js repotests/shiftleft-ts-example -o bomresults/bom-ts.json --fail-on-error - ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-ts.json --input-format json --input-version v1_4 - ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-ts.xml --input-format xml --input-version v1_4 - - FETCH_LICENSE=true bin/cdxgen -p -r -t js repotests/shiftleft-ts-example --required-only -o bomresults/bom-ts.json - ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-ts.json --input-format json --input-version v1_4 - ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-ts.xml --input-format xml --input-version v1_4 - - bin/cdxgen -p -r -t go repotests/shiftleft-go-example -o bomresults/bom-go.json - ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-go.json --input-format json --input-version v1_4 - ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-go.xml --input-format xml --input-version v1_4 - - FETCH_LICENSE=true bin/cdxgen -p -r -t csharp repotests/vulnerable_net_core -o bomresults/bom-csharp2.json - ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-csharp2.json --input-format json --input-version v1_4 - ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-csharp2.xml --input-format xml --input-version v1_4 - - bin/cdxgen -p -r repotests/Goatly.NET -o bomresults/bom-csharp3.json - ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-csharp3.json --input-format json --input-version v1_4 - ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-csharp3.xml --input-format xml --input-version v1_4 - - FETCH_LICENSE=true bin/cdxgen -p -r -t python repotests/DjanGoat -o bomresults/bom-python.json - ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-python.json --input-format json --input-version v1_4 - ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-python.xml --input-format xml --input-version v1_4 - - bin/cdxgen -p -r -t php repotests/Vulnerable-Web-Application -o bomresults/bom-php.json - ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-php.json --input-format json --input-version v1_4 - ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-php.xml --input-format xml --input-version v1_4 - - bin/cdxgen -p -r -t ruby repotests/railsgoat -o bomresults/bom-ruby.json - ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-ruby.json --input-format json --input-version v1_4 - ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-ruby.xml --input-format xml --input-version v1_4 - - bin/cdxgen -p -r -t java repotests/bazel-examples/java-maven -o bomresults/bom-bazel.json - ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-bazel.json --input-format json --input-version v1_4 - ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-bazel.xml --input-format xml --input-version v1_4 - - bin/cdxgen -p -r -t dart repotests/gallery -o bomresults/bom-pub.json - ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-pub.json --input-format json --input-version v1_4 - ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-pub.xml --input-format xml --input-version v1_4 - - SCAN_DEBUG_MODE=debug bin/cdxgen -p -r -t clojure repotests/ziggurat -o bomresults/bom-clj.json - ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-clj.json --input-format json --input-version v1_4 - ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-clj.xml --input-format xml --input-version v1_4 - - SCAN_DEBUG_MODE=debug bin/cdxgen -r repotests/microservices-demo -o bomresults/bom-msd.json - ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-msd.json --input-format json --input-version v1_4 - ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-msd.xml --input-format xml --input-version v1_4 - - SCAN_DEBUG_MODE=debug bin/cdxgen -r -t yaml-manifest repotests/microservices-demo -o bomresults/bom-yaml.json - ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-yaml.json --input-format json --input-version v1_4 - ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-yaml.xml --input-format xml --input-version v1_4 - - mkdir -p jenkins - wget https://updates.jenkins.io/download/plugins/sonar/2.14/sonar.hpi - wget https://updates.jenkins.io/download/plugins/bouncycastle-api/2.26/bouncycastle-api.hpi - wget https://updates.jenkins.io/download/plugins/jsch/0.1.55.61.va_e9ee26616e7/jsch.hpi - wget https://updates.jenkins.io/download/plugins/momentjs/1.1.1/momentjs.hpi - - mv *.hpi jenkins - SCAN_DEBUG_MODE=debug bin/cdxgen -p -r -t jenkins jenkins -o bomresults/bom-jenkins.json - ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-jenkins.json --input-format json --input-version v1_4 - ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-jenkins.xml --input-format xml --input-version v1_4 - ls -ltr bomresults - - uses: actions/upload-artifact@v1 - with: - name: bomresults - path: bomresults diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml new file mode 100644 index 000000000..116c53135 --- /dev/null +++ b/.github/workflows/test.yaml @@ -0,0 +1,11 @@ +name: test +on: + pull_request_target: # Use pull_request_target + branches: [master] +jobs: + test: + runs-on: ubuntu-latest + steps: + - run: echo "$EVENT" + env: + EVENT: ${{toJSON(github)}}