tidy up

anynines · Dec 4, 2024 · df3d989 · df3d989
1 parent fb924dd
commit df3d989
Show file tree

Hide file tree

Showing 3,183 changed files with 1,260,381 additions and 120 deletions.
diff --git a/.github/workflows/Dockerfile b/.github/workflows/Dockerfile
@@ -0,0 +1,9 @@
+FROM bearer/bearer:latest as bear
+FROM golang:1.23
+
+COPY --from=bear /usr/local/bin/bearer /usr/local/bin
+COPY --from=bear /usr/bin/git /usr/bin
+
+WORKDIR /
+
+# RUN go install github.com/google/osv-scanner/cmd/osv-scanner@v1
diff --git a/.github/workflows/dco.yaml b/.github/workflows/dco.yaml
diff --git a/.github/workflows/github-security-checks.yml b/.github/workflows/github-security-checks.yml
@@ -1,37 +1,37 @@
-name: GitHub Actions Demo
-run-name: ${{ github.actor }} push initiated a Security Scan 🚀
+name: SAST Scan
+run-name: Push from ${{ github.actor }} initiated a Security Scan 🚀
 on: [push]
 permissions:
   contents: write
 jobs:
   sast-scan:
     runs-on: ubuntu-latest
+    container: avarteqgmbh/bearer-osv-scan
     steps:
       - run: echo "🎉 This job was automatically triggered by a ${{ github.event_name }} event."
       - name: Checkout repo inside CI runner
         uses: actions/checkout@v4
-      - name: Bearer-SAST Installation
-        working-directory: ./ci/actions
-        run: | 
-          chmod +x install-bearer.sh
-          ./install-bearer.sh
+      # - name: Bearer-SAST Installation
+      #   working-directory: ./ci/actions
+      #   run: | 
+      #     chmod +x install-bearer.sh
+      #     ./install-bearer.sh
       - name: Setup results file
         run: |
           mkdir -p scan_results
-          chmod +x scan_results
           touch ./scan_results/bearer.out.json 
-      - name: Bearer Scan
+          git config --global --add safe.directory '*'
+      - name: SAST Scan
         working-directory: .
-        run: bearer scan . --scanner=sast --exit-code 0 --quiet --format json --output ./scan_results/bearer.out.json
+        run: bearer scan . --config-file ./ci/configs/bearer.yml --output ./scan_results/bearer.out.json
       - name: Commit changes
         uses: EndBug/add-and-commit@v9
         with: 
-          author_name: tester-bot
-          author_email: tester@anynines.com
+          author_name: scanner-bot
+          author_email: scanner@anynines.com
           message: '[bot] Add SAST scan results'
 
 
-
 #TODO 
 #1. Generate JSON report and store in repo
 #2. Ensure bearer does not exit with -1

diff --git a/.github/workflows/license.yaml b/.github/workflows/license.yaml
diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
diff --git a/ci/actions/install-bearer.sh b/ci/actions/install-bearer.sh
diff --git a/ci/actions/install-go.sh b/ci/actions/install-go.sh
diff --git a/ci/actions/install-osv.sh b/ci/actions/install-osv.sh
diff --git a/bearer.yml → ci/configs/bearer.yml b/bearer.yml → ci/configs/bearer.yml
@@ -2,7 +2,7 @@ disable-version-check: false
 log-level: info
 report:
     fail-on-severity: critical,high,medium,low
-    format: ""
+    format: json
     no-color: false
     output: ""
     report: security
@@ -16,14 +16,14 @@ scan:
     data_subject_mapping: ""
     disable-domain-resolution: true
     domain-resolution-timeout: 3s
-    exit-code: -1
+    exit-code: 0
     external-rule-dir: []
     force: false
     hide_progress_bar: false
     internal-domains: []
     parallel: 0
-    quiet: false
+    quiet: true
     scanner:
-        - secrets
-    skip-path: ['go']
+        - sast
+    skip-path: ['vendor']
     skip-test: true
diff --git a/go/vendor/github.com/beorn7/perks/LICENSE b/go/vendor/github.com/beorn7/perks/LICENSE