From 3a88bdc3418c801adb65a8392b3c1c6262296bb6 Mon Sep 17 00:00:00 2001 From: Allan <62227321+allgeo@users.noreply.github.com> Date: Wed, 10 Apr 2024 11:23:32 -0400 Subject: [PATCH 1/4] feat: add contrast sast scan --- .github/workflows/contrast-sast-scan.yml.yml | 37 ++++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100644 .github/workflows/contrast-sast-scan.yml.yml diff --git a/.github/workflows/contrast-sast-scan.yml.yml b/.github/workflows/contrast-sast-scan.yml.yml new file mode 100644 index 0000000..f214de0 --- /dev/null +++ b/.github/workflows/contrast-sast-scan.yml.yml @@ -0,0 +1,37 @@ +name: Contrast SAST Scan + +on: + pull_request: + push: + branches: + - main + +jobs: + sast-scan: + runs-on: ubuntu-latest + name: Run Contrast SAST Scan + + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Set up JDK 11 + uses: actions/setup-java@v4 + with: + java-version: '11' + distribution: 'adopt' + + - name: Run Contrast SAST Scan + uses: ibm-skills-network/action-sast-scan@main + with: + contrast-api-url: ${{ vars.CONTRAST__API__URL }} + jfrog-token: ${{ secrets.JFROG_TOKEN }} + contrast-api-agent-version: ${{ vars.CONTRAST_AGENT_VERSION }} + contrast-api-user-name: ${{ secrets.CONTRAST__API__USER_NAME }} + contrast-api-api-key: ${{ secrets.CONTRAST__API__API_KEY }} + contrast-api-service-key: ${{ secrets.CONTRAST__API__SERVICE_KEY }} + contrast-api-organization: ${{ secrets.CONTRAST__API__ORGANIZATION }} + contrast-api-auth-token: ${{ secrets.CONTRAST__AUTH__TOKEN }} + contrast-api-resource-group: ${{ vars.CONTRAST_RESOURCE_GROUP }} + file-to-be-scanned: ${{ github.workspace }} + project-name: ${{ github.repository }} From 7d61cf3a89eec297b458b704f75e036c6e80986f Mon Sep 17 00:00:00 2001 From: Allan <62227321+allgeo@users.noreply.github.com> Date: Wed, 10 Apr 2024 11:26:55 -0400 Subject: [PATCH 2/4] feat: add contrast sast scan --- .../{contrast-sast-scan.yml.yml => contrast-sast-scan.yml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename .github/workflows/{contrast-sast-scan.yml.yml => contrast-sast-scan.yml} (100%) diff --git a/.github/workflows/contrast-sast-scan.yml.yml b/.github/workflows/contrast-sast-scan.yml similarity index 100% rename from .github/workflows/contrast-sast-scan.yml.yml rename to .github/workflows/contrast-sast-scan.yml From 20b621756ffb2fcf380a260a6d9bbaff914d510f Mon Sep 17 00:00:00 2001 From: Allan <62227321+allgeo@users.noreply.github.com> Date: Thu, 11 Apr 2024 11:55:42 -0400 Subject: [PATCH 3/4] update contrast scan workflow --- .github/workflows/contrast-sast-scan.yml | 78 ++++++++++++++++++++++-- 1 file changed, 74 insertions(+), 4 deletions(-) diff --git a/.github/workflows/contrast-sast-scan.yml b/.github/workflows/contrast-sast-scan.yml index f214de0..476e9eb 100644 --- a/.github/workflows/contrast-sast-scan.yml +++ b/.github/workflows/contrast-sast-scan.yml @@ -1,10 +1,80 @@ name: Contrast SAST Scan on: - pull_request: - push: - branches: - - main + workflow_call: + inputs: + contrast-api-url: + description: 'Contrast API URL' + required: true + type: string + jfrog-token: + description: 'Jfrog Token' + required: true + type: string + contrast-api-user-name: + description: 'Contrast API Username' + required: true + type: string + contrast-api-api-key: + description: 'Contrast API Key' + required: true + type: string + contrast-api-agent-version: + description: 'Contrast Agent Version' + required: false + default: '1.0.9' + type: string + contrast-api-service-key: + description: 'Contrast Service Key' + required: true + type: string + contrast-api-organization: + description: 'Contrast Organization ID' + required: true + type: string + contrast-api-auth-token: + description: 'Contrast Auth Token' + required: true + type: string + contrast-api-resource-group: + description: 'Resource group name' + required: true + type: string + project-name: + description: 'Project name for the scan' + required: true + default: 'contrast-sast-scan' + type: string + file-to-be-scanned: + description: 'File or directory path of the codebase to scan' + required: false + default: '.' + type: string + + secrets: + jfrog-token: + required: true + contrast-api-agent-version: + required: false + contrast-api-user-name: + required: true + contrast-api-api-key: + required: true + contrast-api-service-key: + required: true + contrast-api-organization: + required: true + contrast-api-auth-token: + required: true + file-to-be-scanned: + required: false + project-name: + required: true + variables: + contrast-api-url: + required: true + contrast-api-resource-group: + required: true jobs: sast-scan: From 666873496a95dd66a92e0bf7801d5df2726059bd Mon Sep 17 00:00:00 2001 From: Allan <62227321+allgeo@users.noreply.github.com> Date: Thu, 11 Apr 2024 12:00:29 -0400 Subject: [PATCH 4/4] update contrast scan workflow --- .github/workflows/contrast-sast-scan.yml | 73 ------------------------ 1 file changed, 73 deletions(-) diff --git a/.github/workflows/contrast-sast-scan.yml b/.github/workflows/contrast-sast-scan.yml index 476e9eb..7298184 100644 --- a/.github/workflows/contrast-sast-scan.yml +++ b/.github/workflows/contrast-sast-scan.yml @@ -2,79 +2,6 @@ name: Contrast SAST Scan on: workflow_call: - inputs: - contrast-api-url: - description: 'Contrast API URL' - required: true - type: string - jfrog-token: - description: 'Jfrog Token' - required: true - type: string - contrast-api-user-name: - description: 'Contrast API Username' - required: true - type: string - contrast-api-api-key: - description: 'Contrast API Key' - required: true - type: string - contrast-api-agent-version: - description: 'Contrast Agent Version' - required: false - default: '1.0.9' - type: string - contrast-api-service-key: - description: 'Contrast Service Key' - required: true - type: string - contrast-api-organization: - description: 'Contrast Organization ID' - required: true - type: string - contrast-api-auth-token: - description: 'Contrast Auth Token' - required: true - type: string - contrast-api-resource-group: - description: 'Resource group name' - required: true - type: string - project-name: - description: 'Project name for the scan' - required: true - default: 'contrast-sast-scan' - type: string - file-to-be-scanned: - description: 'File or directory path of the codebase to scan' - required: false - default: '.' - type: string - - secrets: - jfrog-token: - required: true - contrast-api-agent-version: - required: false - contrast-api-user-name: - required: true - contrast-api-api-key: - required: true - contrast-api-service-key: - required: true - contrast-api-organization: - required: true - contrast-api-auth-token: - required: true - file-to-be-scanned: - required: false - project-name: - required: true - variables: - contrast-api-url: - required: true - contrast-api-resource-group: - required: true jobs: sast-scan: