From e36b8e798c6d03f7a81f8d230bc5c455e31d6780 Mon Sep 17 00:00:00 2001 From: Mohammad Abdulhai Date: Fri, 6 Dec 2024 16:21:55 +0100 Subject: [PATCH] Update bearer configuration --- .github/workflows/github-security-checks.yml | 2 +- ci/configs/bearer.yml | 8 +++++--- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/.github/workflows/github-security-checks.yml b/.github/workflows/github-security-checks.yml index b7f5809..78df3b6 100644 --- a/.github/workflows/github-security-checks.yml +++ b/.github/workflows/github-security-checks.yml @@ -20,7 +20,7 @@ jobs: git config --global --add safe.directory '*' - name: SAST Scan working-directory: . - run: bearer scan . ./ci/config/bearer.yml + run: bearer scan . --config-file ./ci/configs/bearer.yml - name: Commit changes uses: EndBug/add-and-commit@v9 with: diff --git a/ci/configs/bearer.yml b/ci/configs/bearer.yml index 15322c4..e2f5603 100644 --- a/ci/configs/bearer.yml +++ b/ci/configs/bearer.yml @@ -1,12 +1,11 @@ disable-version-check: false log-level: info report: - fail-on-severity: critical,high,medium,low format: json no-color: false - output: "" + output: "./scan_results/bearer.out.json" report: security - severity: critical,high,medium,low,warning + severity: critical,high rule: disable-default-rules: false only-rule: [] @@ -22,6 +21,9 @@ scan: internal-domains: [] parallel: 0 quiet: true + exit-code: 0 scanner: - secrets + - sast skip-test: true + skip-path: ['*/vendor']