Skip to content

Commit

Permalink
Update security.yml
Browse files Browse the repository at this point in the history
  • Loading branch information
@emrecanvurallll
emrecanvurallll authored Feb 8, 2025
1 parent 8a4951e commit fbd792e
Showing 1 changed file with 18 additions and 11 deletions.
29 changes: 18 additions & 11 deletions .github/workflows/security.yml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
name: build
name: security-pipeline

on:
push:
Expand All @@ -20,7 +20,6 @@ jobs:
docker build -t juice-shop:${{ github.sha }} .
# 2) SAST (Semgrep) Job
# Bu job'ın çalışması için önce "build" job'ının tamamlanması gerekiyor.
Sast-scan:
name: SAST (Semgrep)
needs: build
Expand All @@ -39,14 +38,10 @@ jobs:
with:
sarif_file: 'semgrep.sarif'

# 3) ZAP Scan Job
# Bu job'ın çalışması için önce "Sast-scan" job'ının tamamlanması gerekiyor.


# 4) Gitleaks-scan Job
# Bu job'ın çalışması için önce "zap_scan" job'ının tamamlanması gerekiyor.
# 3) Gitleaks-scan Job
Gitleaks-scan:
name: Gitleaks
needs: Sast-scan
runs-on: ubuntu-latest
steps:
- name: Checkout code
Expand All @@ -65,10 +60,10 @@ jobs:
with:
sarif_file: 'results.sarif'

# 5) Syft SBOM Scan
# Bu job'ın çalışması için önce "Gitleaks-scan" job'ının tamamlanması gerekiyor.
syft-scan:
# 4) Syft SBOM Scan
syft-scan:
name: Syft SBOM Scan
needs: Gitleaks-scan
runs-on: ubuntu-latest
steps:
- name: Generate SBOM
Expand All @@ -83,10 +78,22 @@ jobs:
with:
sbom-artifact-match: "sbom.spdx.json"

# 5) Deploy Job (Dummy)
deploy:
name: Deploy
needs: syft-scan
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3

- name: Dummy Deploy Step
run: echo "Deploying app... (This is a dummy step)"

# 6) ZAP Scan Job
zap_scan:
name: ZAP Full Scan
needs: deploy
runs-on: ubuntu-latest
steps:
- name: Checkout code
Expand Down

0 comments on commit fbd792e

Please sign in to comment.