From d9b19bcf6928925343c3f913ddf8f76687877ad3 Mon Sep 17 00:00:00 2001 From: ShiftLeft Date: Tue, 6 Dec 2022 15:27:09 -0500 Subject: [PATCH 01/24] adding ShiftLeft GitHub action --- .github/workflows/shiftleft.yml | 52 +++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) create mode 100644 .github/workflows/shiftleft.yml diff --git a/.github/workflows/shiftleft.yml b/.github/workflows/shiftleft.yml new file mode 100644 index 00000000..4aae3995 --- /dev/null +++ b/.github/workflows/shiftleft.yml @@ -0,0 +1,52 @@ + +--- +# This workflow integrates ShiftLeft NG SAST with GitHub +# Visit https://docs.shiftleft.io for help +name: ShiftLeft + +on: + pull_request: + workflow_dispatch: + +jobs: + NextGen-Static-Analysis: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - name: Download ShiftLeft CLI + run: | + curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl + # ShiftLeft requires Java 1.8. Post the package step override the version + - name: Setup Java JDK + uses: actions/setup-java@v3 + with: + distribution: zulu + java-version: 8 + - name: Extract branch name + shell: bash + run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})" + id: extract_branch + - name: NextGen Static Analysis + run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app shiftleft-ts-demo --container 18fgsa/s3-resource --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --js --cpg . -- --ts + env: + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} + + Build-Rules: + runs-on: ubuntu-latest + needs: NextGen-Static-Analysis + steps: + - uses: actions/checkout@v3 + - name: Download ShiftLeft CLI + run: | + curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl + - name: Validate Build Rules + run: | + ${GITHUB_WORKSPACE}/sl check-analysis --app shiftleft-ts-demo \ + --github-pr-number=${{github.event.number}} \ + --github-pr-user=${{ github.repository_owner }} \ + --github-pr-repo=${{ github.event.repository.name }} \ + --github-token=${{ secrets.GITHUB_TOKEN }} + env: + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} + + \ No newline at end of file From 977a8d88ab07fc86ce215b3e024f5fce27586282 Mon Sep 17 00:00:00 2001 From: ShiftLeft Date: Thu, 9 Mar 2023 11:05:55 -0500 Subject: [PATCH 02/24] adding ShiftLeft GitHub action From 0a70ed4da7411002e90586c9ca8580e7a5a45094 Mon Sep 17 00:00:00 2001 From: ShiftLeft Date: Mon, 13 Mar 2023 12:24:35 -0400 Subject: [PATCH 03/24] adding ShiftLeft GitHub action From 329bbefc52ff5fff148c24b460e9c33f84a878f7 Mon Sep 17 00:00:00 2001 From: ShiftLeft Date: Thu, 16 Mar 2023 09:37:48 -0400 Subject: [PATCH 04/24] adding ShiftLeft GitHub action From 4aff6d0878f59f038e2a337946118b8fe4cce2b2 Mon Sep 17 00:00:00 2001 From: ShiftLeft Date: Wed, 29 Mar 2023 15:11:22 -0400 Subject: [PATCH 05/24] adding ShiftLeft GitHub action --- .github/workflows/shiftleft.yml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/.github/workflows/shiftleft.yml b/.github/workflows/shiftleft.yml index 4aae3995..1b5e6688 100644 --- a/.github/workflows/shiftleft.yml +++ b/.github/workflows/shiftleft.yml @@ -30,7 +30,9 @@ jobs: run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app shiftleft-ts-demo --container 18fgsa/s3-resource --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --js --cpg . -- --ts env: SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} - + SHIFTLEFT_API_HOST: www.shiftleft.io + SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 + SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 Build-Rules: runs-on: ubuntu-latest needs: NextGen-Static-Analysis @@ -48,5 +50,7 @@ jobs: --github-token=${{ secrets.GITHUB_TOKEN }} env: SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} - + SHIFTLEFT_API_HOST: www.shiftleft.io + SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 + SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 \ No newline at end of file From bda3fe110a69a3de10d4f2691000a886df51b984 Mon Sep 17 00:00:00 2001 From: ShiftLeft Date: Tue, 11 Apr 2023 10:51:12 -0400 Subject: [PATCH 06/24] adding ShiftLeft GitHub action From 70a5b8baa21fdc280af9e0d288aaecc93d836596 Mon Sep 17 00:00:00 2001 From: ShiftLeft Date: Fri, 21 Apr 2023 12:54:27 -0400 Subject: [PATCH 07/24] adding ShiftLeft GitHub action From 7d94734f2c3d5135955d31b0171c6583756bc91a Mon Sep 17 00:00:00 2001 From: ShiftLeft Date: Tue, 2 May 2023 23:14:56 -0400 Subject: [PATCH 08/24] adding ShiftLeft GitHub action From 2344f7b8d7395bcf1d11b981c261e90ff2f5c9b8 Mon Sep 17 00:00:00 2001 From: ShiftLeft Date: Tue, 27 Jun 2023 09:23:14 -0400 Subject: [PATCH 09/24] adding ShiftLeft GitHub action From 1bc0854969f3345c6cb5558f795052a1ce8dd370 Mon Sep 17 00:00:00 2001 From: ShiftLeft Date: Tue, 27 Jun 2023 15:49:13 -0400 Subject: [PATCH 10/24] adding ShiftLeft GitHub action From a089bb692cf46b7ed3be4bfd8c020d676a206202 Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Tue, 29 Aug 2023 22:58:01 -0400 Subject: [PATCH 11/24] Update shiftleft.yml --- .github/workflows/shiftleft.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/shiftleft.yml b/.github/workflows/shiftleft.yml index 1b5e6688..3a46de23 100644 --- a/.github/workflows/shiftleft.yml +++ b/.github/workflows/shiftleft.yml @@ -1,8 +1,7 @@ - --- # This workflow integrates ShiftLeft NG SAST with GitHub # Visit https://docs.shiftleft.io for help -name: ShiftLeft +name: Qwiet on: pull_request: @@ -13,7 +12,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - - name: Download ShiftLeft CLI + - name: Download Qwiet CLI run: | curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl # ShiftLeft requires Java 1.8. Post the package step override the version @@ -26,8 +25,9 @@ jobs: shell: bash run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})" id: extract_branch + # the sl analyze command below needs to have app name specified and location of TS files. In addition, the container is pointing to Qwiets Registry and should be removed or edited for customers info - name: NextGen Static Analysis - run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app shiftleft-ts-demo --container 18fgsa/s3-resource --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --js --cpg . -- --ts + run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwiet-ts-GH --container 18fgsa/s3-resource --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --js --cpg . -- --ts env: SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} SHIFTLEFT_API_HOST: www.shiftleft.io @@ -53,4 +53,4 @@ jobs: SHIFTLEFT_API_HOST: www.shiftleft.io SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 - \ No newline at end of file + From 899793cae0fb9ea79e731f71c58db31034d04a2f Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Tue, 29 Aug 2023 23:03:59 -0400 Subject: [PATCH 12/24] Update shiftleft.yml --- .github/workflows/shiftleft.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/shiftleft.yml b/.github/workflows/shiftleft.yml index 3a46de23..918c0724 100644 --- a/.github/workflows/shiftleft.yml +++ b/.github/workflows/shiftleft.yml @@ -43,7 +43,7 @@ jobs: curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl - name: Validate Build Rules run: | - ${GITHUB_WORKSPACE}/sl check-analysis --app shiftleft-ts-demo \ + ${GITHUB_WORKSPACE}/sl check-analysis --app Qwiet-ts-GH \ --github-pr-number=${{github.event.number}} \ --github-pr-user=${{ github.repository_owner }} \ --github-pr-repo=${{ github.event.repository.name }} \ From b006c33296fd457486ecbfd36d68a55310b47cc2 Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Mon, 25 Sep 2023 17:15:14 -0400 Subject: [PATCH 13/24] Update shiftleft.yml --- .github/workflows/shiftleft.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/shiftleft.yml b/.github/workflows/shiftleft.yml index 918c0724..500db242 100644 --- a/.github/workflows/shiftleft.yml +++ b/.github/workflows/shiftleft.yml @@ -29,7 +29,7 @@ jobs: - name: NextGen Static Analysis run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwiet-ts-GH --container 18fgsa/s3-resource --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --js --cpg . -- --ts env: - SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN2 }} SHIFTLEFT_API_HOST: www.shiftleft.io SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 @@ -49,7 +49,7 @@ jobs: --github-pr-repo=${{ github.event.repository.name }} \ --github-token=${{ secrets.GITHUB_TOKEN }} env: - SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN2 }} SHIFTLEFT_API_HOST: www.shiftleft.io SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 From 82650ba1dea165b2c9c6c3c69026cd769274977f Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Mon, 25 Sep 2023 17:16:55 -0400 Subject: [PATCH 14/24] Update shiftleft.yml --- .github/workflows/shiftleft.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/shiftleft.yml b/.github/workflows/shiftleft.yml index 500db242..918c0724 100644 --- a/.github/workflows/shiftleft.yml +++ b/.github/workflows/shiftleft.yml @@ -29,7 +29,7 @@ jobs: - name: NextGen Static Analysis run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwiet-ts-GH --container 18fgsa/s3-resource --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --js --cpg . -- --ts env: - SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN2 }} + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} SHIFTLEFT_API_HOST: www.shiftleft.io SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 @@ -49,7 +49,7 @@ jobs: --github-pr-repo=${{ github.event.repository.name }} \ --github-token=${{ secrets.GITHUB_TOKEN }} env: - SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN2 }} + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} SHIFTLEFT_API_HOST: www.shiftleft.io SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 From 7fc37bdf7b47e3f822e2b4a66ed601eb77412971 Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Mon, 25 Sep 2023 17:37:01 -0400 Subject: [PATCH 15/24] Update shiftleft.yml --- .github/workflows/shiftleft.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/shiftleft.yml b/.github/workflows/shiftleft.yml index 918c0724..ec3e90ff 100644 --- a/.github/workflows/shiftleft.yml +++ b/.github/workflows/shiftleft.yml @@ -27,7 +27,7 @@ jobs: id: extract_branch # the sl analyze command below needs to have app name specified and location of TS files. In addition, the container is pointing to Qwiets Registry and should be removed or edited for customers info - name: NextGen Static Analysis - run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwiet-ts-GH --container 18fgsa/s3-resource --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --js --cpg . -- --ts + run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwiet-ts-GH --container 18fgsa/s3-resource --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --js --cpg . -- --ts --package-json ./package.json env: SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} SHIFTLEFT_API_HOST: www.shiftleft.io From 998bc1aaddce6d80e890e6053ba0169007835a14 Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Mon, 16 Oct 2023 23:20:38 -0400 Subject: [PATCH 16/24] Update shiftleft.yml --- .github/workflows/shiftleft.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/shiftleft.yml b/.github/workflows/shiftleft.yml index ec3e90ff..47f0fead 100644 --- a/.github/workflows/shiftleft.yml +++ b/.github/workflows/shiftleft.yml @@ -6,7 +6,9 @@ name: Qwiet on: pull_request: workflow_dispatch: - + schedule: + # * is a special character in YAML so you have to quote this string + - cron: '0 11 1 * *' jobs: NextGen-Static-Analysis: runs-on: ubuntu-latest From 2e9507652abd24d1c1dcae1597f26728a4812b8f Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Fri, 27 Oct 2023 11:55:33 -0400 Subject: [PATCH 17/24] Update shiftleft.yml --- .github/workflows/shiftleft.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/shiftleft.yml b/.github/workflows/shiftleft.yml index 47f0fead..fd8ea611 100644 --- a/.github/workflows/shiftleft.yml +++ b/.github/workflows/shiftleft.yml @@ -31,7 +31,7 @@ jobs: - name: NextGen Static Analysis run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwiet-ts-GH --container 18fgsa/s3-resource --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --js --cpg . -- --ts --package-json ./package.json env: - SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN3 }} SHIFTLEFT_API_HOST: www.shiftleft.io SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 @@ -51,7 +51,7 @@ jobs: --github-pr-repo=${{ github.event.repository.name }} \ --github-token=${{ secrets.GITHUB_TOKEN }} env: - SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN3 }} SHIFTLEFT_API_HOST: www.shiftleft.io SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 From b7a9caa23eac35709ee852fc36cbb1d45e6cf8a3 Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Fri, 27 Oct 2023 11:58:10 -0400 Subject: [PATCH 18/24] Update shiftleft.yml --- .github/workflows/shiftleft.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/shiftleft.yml b/.github/workflows/shiftleft.yml index fd8ea611..47f0fead 100644 --- a/.github/workflows/shiftleft.yml +++ b/.github/workflows/shiftleft.yml @@ -31,7 +31,7 @@ jobs: - name: NextGen Static Analysis run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwiet-ts-GH --container 18fgsa/s3-resource --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --js --cpg . -- --ts --package-json ./package.json env: - SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN3 }} + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} SHIFTLEFT_API_HOST: www.shiftleft.io SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 @@ -51,7 +51,7 @@ jobs: --github-pr-repo=${{ github.event.repository.name }} \ --github-token=${{ secrets.GITHUB_TOKEN }} env: - SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN3 }} + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} SHIFTLEFT_API_HOST: www.shiftleft.io SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 From 476a608b794548d62ad04d39685d335e0551d7f5 Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Wed, 15 Nov 2023 13:18:20 -0500 Subject: [PATCH 19/24] Update shiftleft.yml --- .github/workflows/shiftleft.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/shiftleft.yml b/.github/workflows/shiftleft.yml index 47f0fead..bea29a4d 100644 --- a/.github/workflows/shiftleft.yml +++ b/.github/workflows/shiftleft.yml @@ -31,7 +31,7 @@ jobs: - name: NextGen Static Analysis run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwiet-ts-GH --container 18fgsa/s3-resource --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --js --cpg . -- --ts --package-json ./package.json env: - SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN0 }} SHIFTLEFT_API_HOST: www.shiftleft.io SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 @@ -51,7 +51,7 @@ jobs: --github-pr-repo=${{ github.event.repository.name }} \ --github-token=${{ secrets.GITHUB_TOKEN }} env: - SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN0 }} SHIFTLEFT_API_HOST: www.shiftleft.io SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 From 30e9510da984faac3aecfb9509843758abc0ccc0 Mon Sep 17 00:00:00 2001 From: ShiftLeft Date: Tue, 5 Dec 2023 13:29:53 -0500 Subject: [PATCH 20/24] adding ShiftLeft GitHub action --- .github/workflows/shiftleft.yml | 20 +++++++++----------- 1 file changed, 9 insertions(+), 11 deletions(-) diff --git a/.github/workflows/shiftleft.yml b/.github/workflows/shiftleft.yml index bea29a4d..1b5e6688 100644 --- a/.github/workflows/shiftleft.yml +++ b/.github/workflows/shiftleft.yml @@ -1,20 +1,19 @@ + --- # This workflow integrates ShiftLeft NG SAST with GitHub # Visit https://docs.shiftleft.io for help -name: Qwiet +name: ShiftLeft on: pull_request: workflow_dispatch: - schedule: - # * is a special character in YAML so you have to quote this string - - cron: '0 11 1 * *' + jobs: NextGen-Static-Analysis: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - - name: Download Qwiet CLI + - name: Download ShiftLeft CLI run: | curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl # ShiftLeft requires Java 1.8. Post the package step override the version @@ -27,11 +26,10 @@ jobs: shell: bash run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})" id: extract_branch - # the sl analyze command below needs to have app name specified and location of TS files. In addition, the container is pointing to Qwiets Registry and should be removed or edited for customers info - name: NextGen Static Analysis - run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwiet-ts-GH --container 18fgsa/s3-resource --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --js --cpg . -- --ts --package-json ./package.json + run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app shiftleft-ts-demo --container 18fgsa/s3-resource --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --js --cpg . -- --ts env: - SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN0 }} + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} SHIFTLEFT_API_HOST: www.shiftleft.io SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 @@ -45,14 +43,14 @@ jobs: curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl - name: Validate Build Rules run: | - ${GITHUB_WORKSPACE}/sl check-analysis --app Qwiet-ts-GH \ + ${GITHUB_WORKSPACE}/sl check-analysis --app shiftleft-ts-demo \ --github-pr-number=${{github.event.number}} \ --github-pr-user=${{ github.repository_owner }} \ --github-pr-repo=${{ github.event.repository.name }} \ --github-token=${{ secrets.GITHUB_TOKEN }} env: - SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN0 }} + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} SHIFTLEFT_API_HOST: www.shiftleft.io SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 - + \ No newline at end of file From 00c5e4caadacb54cd05a550baae011578a4be2ab Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Fri, 23 Feb 2024 16:16:19 -0500 Subject: [PATCH 21/24] Update shiftleft.yml --- .github/workflows/shiftleft.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/shiftleft.yml b/.github/workflows/shiftleft.yml index 1b5e6688..6f2a84e2 100644 --- a/.github/workflows/shiftleft.yml +++ b/.github/workflows/shiftleft.yml @@ -2,7 +2,7 @@ --- # This workflow integrates ShiftLeft NG SAST with GitHub # Visit https://docs.shiftleft.io for help -name: ShiftLeft +name: QwietOwn on: pull_request: @@ -27,7 +27,7 @@ jobs: run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})" id: extract_branch - name: NextGen Static Analysis - run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app shiftleft-ts-demo --container 18fgsa/s3-resource --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --js --cpg . -- --ts + run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwiet-ts-demo --container 18fgsa/s3-resource --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --js --cpg . -- --ts env: SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} SHIFTLEFT_API_HOST: www.shiftleft.io @@ -43,7 +43,7 @@ jobs: curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl - name: Validate Build Rules run: | - ${GITHUB_WORKSPACE}/sl check-analysis --app shiftleft-ts-demo \ + ${GITHUB_WORKSPACE}/sl check-analysis --app Qwiet-ts-GH \ --github-pr-number=${{github.event.number}} \ --github-pr-user=${{ github.repository_owner }} \ --github-pr-repo=${{ github.event.repository.name }} \ @@ -53,4 +53,4 @@ jobs: SHIFTLEFT_API_HOST: www.shiftleft.io SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 - \ No newline at end of file + From 8c371df1b9aa9350838a9318d37f78a5d7d7d5df Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Mon, 8 Apr 2024 17:43:24 -0400 Subject: [PATCH 22/24] Create qwietqual.yml --- .github/workflows/qwietqual.yml | 56 +++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) create mode 100644 .github/workflows/qwietqual.yml diff --git a/.github/workflows/qwietqual.yml b/.github/workflows/qwietqual.yml new file mode 100644 index 00000000..5255550e --- /dev/null +++ b/.github/workflows/qwietqual.yml @@ -0,0 +1,56 @@ + +--- +# This workflow integrates ShiftLeft NG SAST with GitHub +# Visit https://docs.shiftleft.io for help +name: Qwietqual + +on: + pull_request: + workflow_dispatch: + +jobs: + NextGen-Static-Analysis: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - name: Download ShiftLeft CLI + run: | + curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl + # ShiftLeft requires Java 1.8. Post the package step override the version + - name: Setup Java JDK + uses: actions/setup-java@v3 + with: + distribution: zulu + java-version: 8 + - name: Extract branch name + shell: bash + run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})" + id: extract_branch + - name: NextGen Static Analysis + run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwiet-ts-demo --container 18fgsa/s3-resource --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --js --cpg . -- --ts + env: + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKENQ }} + SHIFTLEFT_API_HOST: www.shiftleft.io + SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 + SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 + Build-Rules: + runs-on: ubuntu-latest + needs: NextGen-Static-Analysis + steps: + - uses: actions/checkout@v3 + - name: Download ShiftLeft CLI + run: | + curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl + - name: Validate Build Rules + run: | + ${GITHUB_WORKSPACE}/sl check-analysis --app Qwiet-ts-GH \ + --github-pr-number=${{github.event.number}} \ + --github-pr-user=${{ github.repository_owner }} \ + --github-pr-repo=${{ github.event.repository.name }} \ + --github-token=${{ secrets.GITHUB_TOKEN }} + env: + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKENQ }} + SHIFTLEFT_API_HOST: www.shiftleft.io + SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 + SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 + From e63882c19be843ff81ddd341268dbd7b32526041 Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Mon, 8 Apr 2024 17:44:30 -0400 Subject: [PATCH 23/24] Update qwietqual.yml --- .github/workflows/qwietqual.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/qwietqual.yml b/.github/workflows/qwietqual.yml index 5255550e..ba0f9350 100644 --- a/.github/workflows/qwietqual.yml +++ b/.github/workflows/qwietqual.yml @@ -27,7 +27,7 @@ jobs: run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})" id: extract_branch - name: NextGen Static Analysis - run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwiet-ts-demo --container 18fgsa/s3-resource --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --js --cpg . -- --ts + run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwiet-ts-GH --container 18fgsa/s3-resource --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --js --cpg . -- --ts env: SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKENQ }} SHIFTLEFT_API_HOST: www.shiftleft.io From 649493607d1d710c9fd0c9c121280b23a31dba8a Mon Sep 17 00:00:00 2001 From: ongamse Date: Fri, 31 May 2024 17:23:34 -0400 Subject: [PATCH 24/24] Add GitHub Actions workflow --- .github/workflows/ScriptAddWorkflow.yml | 31 +++++++++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 .github/workflows/ScriptAddWorkflow.yml diff --git a/.github/workflows/ScriptAddWorkflow.yml b/.github/workflows/ScriptAddWorkflow.yml new file mode 100644 index 00000000..044c76e0 --- /dev/null +++ b/.github/workflows/ScriptAddWorkflow.yml @@ -0,0 +1,31 @@ +--- +# This workflow integrates ShiftLeft with GitHub +# Visit https://docs.shiftleft.io for help +name: Qwiet New POC + +on: + pull_request: + workflow_dispatch: + + +jobs: + NextGen-Static-Analysis: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: actions/setup-java@v3 + with: + distribution: 'zulu' + java-version: '8' + - name: Download ShiftLeft cli + run: | + curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl + - name: Extract branch name + shell: bash + run: echo "branch=${GITHUB_REF#refs/heads/}" >> $GITHUB_OUTPUT + id: extract_branch + - name: Build and Analyze + run: | + ${GITHUB_WORKSPACE}/sl analyze --app $(basename $(pwd)) --tag branch=${{ github.head_ref }} . + env: + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN_POC }}