Create security-goat-demo.yml

andersonbosa · Oct 6, 2023 · 05a83a9 · 05a83a9
1 parent 1e7a786
commit 05a83a9
Showing 1 changed file with 45 additions and 0 deletions.
diff --git a/.github/workflows/security-goat-demo.yml b/.github/workflows/security-goat-demo.yml
@@ -0,0 +1,45 @@
+name: "[security] Security Goat in pipeline"
+
+on:
+  workflow_dispatch: {}
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+
+
+permissions:
+  contents: read
+
+env:
+  SECURITY_GOAT_IMAGE: ghcr.io/andersonbosa/security-goat:latest
+  GOAT_GITHUB_TOKEN: ${{ secrets.CI_GITHUB_ACCESS_TOKEN }}
+  GOAT_GITHUB_OWNER: ${{ github.repository_owner }}
+  GOAT_GITHUB_REPO: ${{ github.event.repository.name }}
+  GOAT_SEVERITY_LIMITS_CRITICAL: 0
+  GOAT_SEVERITY_LIMITS_HIGH: 0
+  GOAT_SEVERITY_LIMITS_MEDIUM: 0
+  GOAT_SEVERITY_LIMITS_LOW: 0
+
+jobs:
+  through-docker:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+
+    - name: Pull Docker image from GitHub Container Registry
+      run: docker pull ${{ env.SECURITY_GOAT_IMAGE }}
+
+    - name: Verify Version
+      run: docker run ${{ env.SECURITY_GOAT_IMAGE }} version
+
+    - name: Set up env file
+      run: |
+        env | grep 'GOAT' >.env
+
+    - name: "[Perform Security Gate] Verify security alerts from DependaBot"
+      run: |
+        docker run --env-file=.env ${{ env.SECURITY_GOAT_IMAGE }} --verbose