Skip to content

Commit

Permalink
Adding security workflow for onboarding WASP
Browse files Browse the repository at this point in the history
  • Loading branch information
freshwarden committed Oct 30, 2024
1 parent babdcb6 commit c64e979
Showing 1 changed file with 50 additions and 0 deletions.
50 changes: 50 additions & 0 deletions .github/workflows/security.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
name: Wasp (Semgrep) - SAST Check

on:
pull_request_target:
branches:
- main

schedule:
- cron: '0 */24 * * *'
workflow_dispatch:

jobs:
wasp-scan:
name: Wasp scan
runs-on:
group: security-lrg
steps:
- name: Setting permission
run: sudo chown runner:runner -R .*

- name: Repository checkout
uses: actions/checkout@v4

- name: Running Wasp scan
uses: freshactions/wasp@latest
env:
WASP_LOG_LEVEL: DEBUG
WASP_SAVE_JSON: true
WASP_SAVE_HTML: true
WASP_SAVE_CSV: true
WASP_FRESHRELEASE_PR_PROJECT_KEY: ${{ vars.SECURITY_APPSEC_FRESHRELEASE_PROJECT_KEY }}
WASP_DRY_RUN: ${{ vars.SECURITY_APPSEC_WASP_DRY_RUN }}

WASP_FRESHRELEASE_URL: ${{ vars.SECURITY_APPSEC_FRESHRELEASE_URL }}
WASP_FRESHRELEASE_PR_ISSUE_TYPE: ${{ vars.SECURITY_APPSEC_FRESHRELEASE_PR_ISSUE_TYPE }}

WASP_TOKEN: ${{ secrets.SECURITY_APPSEC_WASP_TOKEN }}
WASP_FRESHRELEASE_TOKEN: ${{ secrets.SECURITY_APPSEC_FRESHRELEASE_TOKEN }}
WASP_SLACK_TOKEN: ${{ secrets.SECURITY_APPSEC_SLACK_TOKEN }}
GITHUB_TOKEN: ${{ secrets.SECURITY_APPSEC_GH_TOKEN }}

- uses: actions/upload-artifact@v4
if: always()
with:
name: Wasp scan report archive
retention-days: ${{ vars.SECURITY_APPSEC_WASP_RESULT_RETENTION_DAYS }}
path: |
wasp-report.csv
wasp-report.json
wasp-report.html

0 comments on commit c64e979

Please sign in to comment.