Push from al-gerd initiated a Security Scan π #5
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: SAST Scan | |
| run-name: Push from ${{ github.actor }} initiated a Security Scan π | |
| on: [push] | |
| permissions: | |
| contents: write | |
| jobs: | |
| sast-scan: | |
| runs-on: ubuntu-latest | |
| container: avarteqgmbh/bearer-osv-scan | |
| steps: | |
| - run: echo "π This job was automatically triggered by a ${{ github.event_name }} event." | |
| - name: Checkout repo inside CI runner | |
| uses: actions/checkout@v4 | |
| # - name: Bearer-SAST Installation | |
| # working-directory: ./ci/actions | |
| # run: | | |
| # chmod +x install-bearer.sh | |
| # ./install-bearer.sh | |
| - name: Setup results file | |
| run: | | |
| mkdir -p scan_results | |
| touch ./scan_results/bearer.out.json | |
| git config --global --add safe.directory '*' | |
| - name: SAST Scan | |
| working-directory: . | |
| run: bearer scan . --config-file ./ci/configs/bearer.yml --output ./scan_results/bearer.out.json | |
| - name: Commit changes | |
| uses: EndBug/add-and-commit@v9 | |
| with: | |
| author_name: scanner-bot | |
| author_email: [email protected] | |
| message: '[bot] Add SAST scan results' | |
| #TODO | |
| #1. Generate JSON report and store in repo | |
| #2. Ensure bearer does not exit with -1 | |
| #2. Create docker image with pre-installed Bearer and OSV tools | |
| #3. Add a step to run the OSV scanner | |
| #4. |