al-gerd push initiated a Security Scan π #1
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: GitHub Actions Demo | |
| run-name: ${{ github.actor }} push initiated a Security Scan π | |
| on: [push] | |
| permissions: | |
| contents: write | |
| jobs: | |
| test-create-file: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - run: echo "π This job was automatically triggered by a ${{ github.event_name }} event." | |
| - name: Checkout repo inside CI runner | |
| uses: actions/checkout@v4 | |
| - run: | | |
| mkdir scan_results | |
| chmod +x scan_results | |
| - run: touch ./scan_results/test_file.txt | |
| - run: echo "blablabla" > ./scan_results/test_file.txt | |
| - name: Commit changes | |
| uses: EndBug/add-and-commit@v9 | |
| with: | |
| author_name: tester-bot | |
| author_email: [email protected] | |
| message: 'bot test CI message' | |
| - name: Bearer-SAST Installation | |
| working-directory: ./ci/actions | |
| run: | | |
| chmod +x install-bearer.sh | |
| ./install-bearer.sh | |
| - name: Setup results file | |
| working-directory: . | |
| run: | | |
| mkdir ./scan_results | |
| touch ./scan_results/bearer.out.json | |
| - name: Bearer Scan | |
| working-directory: . | |
| run: bearer scan . --scanner=sast --quiet --format json --output ./scan_results/bearer.out.json | |
| - run: echo "Job finished with status ${{ job.status }}." | |
| #TODO | |
| #1. Generate JSON report and store in repo | |
| #2. Ensure bearer does not exit with -1 | |
| #2. Create docker image with pre-installed Bearer and OSV tools | |
| #3. Add a step to run the OSV scanner | |
| #4. |