al-gerd push initiated a Security Scan π #3
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: GitHub Actions Demo | |
| run-name: ${{ github.actor }} push initiated a Security Scan π | |
| on: [push] | |
| permissions: | |
| contents: write | |
| jobs: | |
| sast-scan: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - run: echo "π This job was automatically triggered by a ${{ github.event_name }} event." | |
| - name: Checkout repo inside CI runner | |
| uses: actions/checkout@v4 | |
| - name: Bearer-SAST Installation | |
| working-directory: ./ci/actions | |
| run: | | |
| chmod +x install-bearer.sh | |
| ./install-bearer.sh | |
| - name: Setup results file | |
| working-directory: . | |
| run: | | |
| mkdir scan_results | |
| chmod +x scan_results | |
| touch ./scan_results/bearer.out.json | |
| - name: Bearer Scan | |
| working-directory: . | |
| run: bearer scan . --scanner=sast --exit-code 0 --quiet --format json --output ./scan_results/bearer.out.json | |
| - run: echo "Job finished with status ${{ job.status }}." | |
| - name: Commit changes | |
| uses: EndBug/add-and-commit@v9 | |
| with: | |
| author_name: tester-bot | |
| author_email: [email protected] | |
| message: 'bot test CI message' | |
| #TODO | |
| #1. Generate JSON report and store in repo | |
| #2. Ensure bearer does not exit with -1 | |
| #2. Create docker image with pre-installed Bearer and OSV tools | |
| #3. Add a step to run the OSV scanner | |
| #4. |