55
55
MEND_USER_KEY : ${{ secrets.MEND_USER_KEY }}
56
56
MEND_URL : ${{ vars.MEND_SERVER_URL }}
57
57
shell : bash
58
+ timeout-minutes : 10
58
59
run : |
59
60
mend dep --no-color -s ${{ vars.MEND_PRODUCT_NAME }}//${{ vars.MEND_PROJECT_NAME }} -u > mend-sca-scan-result.txt
60
61
@@ -105,35 +106,34 @@ jobs:
105
106
MEND_URL : ${{ vars.MEND_SERVER_URL }}
106
107
MEND_SAST_PATH_EXCLUSIONS : ${{ vars.MEND_SAST_PATH_EXCLUSIONS }}
107
108
shell : bash
109
+ timeout-minutes : 10
108
110
run : |
109
- mend code --non-interactive --scope ${{ vars.MEND_PRODUCT_NAME }}//${{ vars.MEND_PROJECT_NAME }} > mend-sast-scan-result.txt
110
-
111
- # mend code --report --filename ${{ vars.MEND_SAST_REPORT_NAME }} --formats json,pdf --non-interactive --scope ${{ vars.MEND_PRODUCT_NAME }}//${{ vars.MEND_PROJECT_NAME }} > mend-sast-scan-result.txt
111
+ mend code --report --filename ${{ vars.MEND_SAST_REPORT_NAME }} --formats json,pdf --non-interactive --scope ${{ vars.MEND_PRODUCT_NAME }}//${{ vars.MEND_PROJECT_NAME }} > mend-sast-scan-result.txt
112
112
113
- # export MEND_SAST_TOTAL_VULNERABILITIES_COUNT=$(jq '.[0].stats.totalVulnerabilities' ${{ vars.MEND_SAST_REPORT_NAME }}.json)
114
- # export MEND_SAST_CRITICAL_COUNT=$(jq '.[0].stats.critical' ${{ vars.MEND_SAST_REPORT_NAME }}.json)
115
- # export MEND_SAST_HIGH_COUNT=$(jq '.[0].stats.high' ${{ vars.MEND_SAST_REPORT_NAME }}.json)
116
- # export MEND_SAST_MEDIUM_COUNT=$(jq '.[0].stats.medium' ${{ vars.MEND_SAST_REPORT_NAME }}.json)
117
- # export MEND_SAST_LOW_COUNT=$(jq '.[0].stats.low' ${{ vars.MEND_SAST_REPORT_NAME }}.json)
118
- # export MEND_SAST_SCAN_URL=$(grep -Eo '(http|https)://[^ ]+' mend-sast-scan-result.txt)
113
+ export MEND_SAST_TOTAL_VULNERABILITIES_COUNT=$(jq '.[0].stats.totalVulnerabilities' ${{ vars.MEND_SAST_REPORT_NAME }}.json)
114
+ export MEND_SAST_CRITICAL_COUNT=$(jq '.[0].stats.critical' ${{ vars.MEND_SAST_REPORT_NAME }}.json)
115
+ export MEND_SAST_HIGH_COUNT=$(jq '.[0].stats.high' ${{ vars.MEND_SAST_REPORT_NAME }}.json)
116
+ export MEND_SAST_MEDIUM_COUNT=$(jq '.[0].stats.medium' ${{ vars.MEND_SAST_REPORT_NAME }}.json)
117
+ export MEND_SAST_LOW_COUNT=$(jq '.[0].stats.low' ${{ vars.MEND_SAST_REPORT_NAME }}.json)
118
+ export MEND_SAST_SCAN_URL=$(grep -Eo '(http|https)://[^ ]+' mend-sast-scan-result.txt)
119
119
120
- # echo "MEND_SAST_TOTAL_VULNERABILITIES_COUNT=$MEND_SAST_TOTAL_VULNERABILITIES_COUNT" >> $GITHUB_ENV
121
- # echo "MEND_SAST_CRITICAL_COUNT=$MEND_SAST_CRITICAL_COUNT" >> $GITHUB_ENV
122
- # echo "MEND_SAST_HIGH_COUNT=$MEND_SAST_HIGH_COUNT" >> $GITHUB_ENV
123
- # echo "MEND_SAST_MEDIUM_COUNT=$MEND_SAST_MEDIUM_COUNT" >> $GITHUB_ENV
124
- # echo "MEND_SAST_LOW_COUNT=$MEND_SAST_LOW_COUNT" >> $GITHUB_ENV
125
- # echo "MEND_SAST_SCAN_URL=$MEND_SAST_SCAN_URL" >> $GITHUB_ENV
120
+ echo "MEND_SAST_TOTAL_VULNERABILITIES_COUNT=$MEND_SAST_TOTAL_VULNERABILITIES_COUNT" >> $GITHUB_ENV
121
+ echo "MEND_SAST_CRITICAL_COUNT=$MEND_SAST_CRITICAL_COUNT" >> $GITHUB_ENV
122
+ echo "MEND_SAST_HIGH_COUNT=$MEND_SAST_HIGH_COUNT" >> $GITHUB_ENV
123
+ echo "MEND_SAST_MEDIUM_COUNT=$MEND_SAST_MEDIUM_COUNT" >> $GITHUB_ENV
124
+ echo "MEND_SAST_LOW_COUNT=$MEND_SAST_LOW_COUNT" >> $GITHUB_ENV
125
+ echo "MEND_SAST_SCAN_URL=$MEND_SAST_SCAN_URL" >> $GITHUB_ENV
126
126
127
- # # Check for failures in SAST scan and set the outcome of the workflow
128
- # - name: Fail if Critical or High SAST vulnerabilities are found
129
- # shell: bash
130
- # run: |
131
- # if [ "$MEND_SAST_CRITICAL_COUNT" -gt 0 ] || [ "$MEND_SAST_HIGH_COUNT" -gt 0 ]; then
132
- # echo "❌ SAST scan detected critical/high vulnerabilities."
133
- # exit 1
134
- # else
135
- # echo "✅ No critical/high SAST vulnerabilities."
136
- # fi
127
+ # Check for failures in SAST scan and set the outcome of the workflow
128
+ - name : Fail if Critical or High SAST vulnerabilities are found
129
+ shell : bash
130
+ run : |
131
+ if [ "$MEND_SAST_CRITICAL_COUNT" -gt 0 ] || [ "$MEND_SAST_HIGH_COUNT" -gt 0 ]; then
132
+ echo "❌ SAST scan detected critical/high vulnerabilities."
133
+ exit 1
134
+ else
135
+ echo "✅ No critical/high SAST vulnerabilities."
136
+ fi
137
137
138
138
# Publish the Mend SAST scan result (raw output)
139
139
- name : Mend SAST Scan Result
@@ -147,42 +147,42 @@ jobs:
147
147
output : |
148
148
{"title":"Mend SAST Scan Result", "summary":"${{ job.status }}"}
149
149
150
- # # Publish the Mend SAST scan result (PDF report)
151
- # - name: Publish${{ vars.MEND_SAST_REPORT_NAME }}.pdf
152
- # uses: actions/upload-artifact@v4
153
- # if: always()
154
- # with:
155
- # name: ${{ vars.MEND_SAST_REPORT_NAME }}.pdf
156
- # path: ${{ vars.MEND_SAST_REPORT_NAME }}.pdf
150
+ # Publish the Mend SAST scan result (PDF report)
151
+ - name : Publish${{ vars.MEND_SAST_REPORT_NAME }}.pdf
152
+ uses : actions/upload-artifact@v4
153
+ if : always()
154
+ with :
155
+ name : ${{ vars.MEND_SAST_REPORT_NAME }}.pdf
156
+ path : ${{ vars.MEND_SAST_REPORT_NAME }}.pdf
157
157
158
158
159
- # # Send slack notification with result status
160
- # - name: Send slack notification
161
- # uses: 8398a7/action-slack@v3
162
- # with:
163
- # status: custom
164
- # fields: all
165
- # custom_payload: |
166
- # {
167
- # "text": "*Mend Security Scan Results*",
168
- # "attachments": [
169
- # {
170
- # "color": "${{ job.status == 'success' && 'good' || 'danger' }}",
171
- # "fields": [
172
- # {
173
- # "title": "SCA scan",
174
- # "value": "${{ env.MEND_SCA_SCAN_SUMMARY }}\n<${{ env.MEND_SCA_SCAN_URL }}|View full SCA report>",
175
- # "short": false
176
- # },
177
- # {
178
- # "title": "SAST scan",
179
- # "value": "Total: ${{ env.MEND_SAST_TOTAL_VULNERABILITIES_COUNT }} | Critical: ${{ env.MEND_SAST_CRITICAL_COUNT }} | High: ${{ env.MEND_SAST_HIGH_COUNT }} | Medium: ${{ env.MEND_SAST_MEDIUM_COUNT }} | Low: ${{ env.MEND_SAST_LOW_COUNT }}\n<${{ env.MEND_SAST_SCAN_URL }}|View full SAST report>",
180
- # "short": false
181
- # }
182
- # ]
183
- # }
184
- # ]
185
- # }
186
- # env:
187
- # SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}
188
- # if: always()
159
+ # Send slack notification with result status
160
+ - name : Send slack notification
161
+ uses : 8398a7/action-slack@v3
162
+ with :
163
+ status : custom
164
+ fields : all
165
+ custom_payload : |
166
+ {
167
+ "text": "*Mend Security Scan Results*",
168
+ "attachments": [
169
+ {
170
+ "color": "${{ job.status == 'success' && 'good' || 'danger' }}",
171
+ "fields": [
172
+ {
173
+ "title": "SCA scan",
174
+ "value": "${{ env.MEND_SCA_SCAN_SUMMARY }}\n<${{ env.MEND_SCA_SCAN_URL }}|View full SCA report>",
175
+ "short": false
176
+ },
177
+ {
178
+ "title": "SAST scan",
179
+ "value": "Total: ${{ env.MEND_SAST_TOTAL_VULNERABILITIES_COUNT }} | Critical: ${{ env.MEND_SAST_CRITICAL_COUNT }} | High: ${{ env.MEND_SAST_HIGH_COUNT }} | Medium: ${{ env.MEND_SAST_MEDIUM_COUNT }} | Low: ${{ env.MEND_SAST_LOW_COUNT }}\n<${{ env.MEND_SAST_SCAN_URL }}|View full SAST report>",
180
+ "short": false
181
+ }
182
+ ]
183
+ }
184
+ ]
185
+ }
186
+ env :
187
+ SLACK_WEBHOOK_URL : ${{ secrets.SLACK_WEBHOOK }}
188
+ if : always()
0 commit comments