al-gerd push initiated a Security Scan π #4
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: GitHub Actions Demo | |
| run-name: ${{ github.actor }} push initiated a Security Scan π | |
| on: [push] | |
| permissions: | |
| contents: write | |
| jobs: | |
| sast-scan: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - run: echo "π This job was automatically triggered by a ${{ github.event_name }} event." | |
| - name: Checkout repo inside CI runner | |
| uses: actions/checkout@v4 | |
| - name: Bearer-SAST Installation | |
| working-directory: ./ci/actions | |
| run: | | |
| chmod +x install-bearer.sh | |
| ./install-bearer.sh | |
| - name: Setup results file | |
| run: | | |
| mkdir -p scan_results | |
| chmod +x scan_results | |
| touch ./scan_results/bearer.out.json | |
| - name: Bearer Scan | |
| working-directory: . | |
| run: bearer scan . --scanner=sast --exit-code 0 --quiet --format json --output ./scan_results/bearer.out.json | |
| - name: Commit changes | |
| uses: EndBug/add-and-commit@v9 | |
| with: | |
| author_name: tester-bot | |
| author_email: [email protected] | |
| message: '[bot] Add SAST scan results' | |
| #TODO | |
| #1. Generate JSON report and store in repo | |
| #2. Ensure bearer does not exit with -1 | |
| #2. Create docker image with pre-installed Bearer and OSV tools | |
| #3. Add a step to run the OSV scanner | |
| #4. |