Skip to content

Securin-ASPM

Securin-ASPM #43

Workflow file for this run

---
name: Securin-ASPM
on:
pull_request:
branches:
- main
workflow_dispatch:
inputs:
logLevel:
description: Log level
jobs:
scanning:
env:
APP_ID: 5ae4f9eb599e1840836690621a80b2650893644cd6275937435381d67dd1ad05
BRANCH_NAME: main
SCAN_ID: ce6884dc07e225136292742888cfdcc6a3054ba8b5e590f9a858768cc9628502
REQ_URL_MAP: "${{toJSON('{\"SL_RESULT_API_HOST\":\"https://slresultapi.qa.securin.io/resultapi\"\
,\"SL_RESULTPARSER_API_HOST\":\"https://slresultparserapi.qa.securin.io/resultparserapi\"\
}')}}"
steps:
- name: Retrieve Token Info
id: auth_token
run: "respJson=$(curl --location --request GET 'https://slresultapi.qa.securin.io/resultapi/aws/ecr/token'\
\ --header 'X-ASPM-Auth-Key: ${{secrets.ORG_API_KEY}}' --data-raw ' ' )\
\ \necho \"authTokenJson=$respJson\" >> $GITHUB_OUTPUT"
- uses: actions/checkout@v3
- name: Scan Initiated
id: sec_scan_init
run: "usrVal=$(echo '${{fromJson(steps.auth_token.outputs.authTokenJson).user}}'\
\ | openssl enc -aes-256-cbc -d -a -K ${{secrets.ENC_KEY}} -iv ${{secrets.ENC_IV}}\
\ ) \nusrPassword=$(echo '${{fromJson(steps.auth_token.outputs.authTokenJson).password}}'\
\ | openssl enc -aes-256-cbc -d -base64 -A -K ${{secrets.ENC_KEY}} -iv ${{secrets.ENC_IV}}\
\ ) \nusrPrxyUrl=$(echo '${{fromJson(steps.auth_token.outputs.authTokenJson).proxyUrl}}'\
\ | openssl enc -aes-256-cbc -d -a -K ${{secrets.ENC_KEY}} -iv ${{secrets.ENC_IV}}\
\ ) \nusrImgTag=$(echo '${{fromJson(steps.auth_token.outputs.authTokenJson).imageTag}}'\
\ | openssl enc -aes-256-cbc -d -a -K ${{secrets.ENC_KEY}} -iv ${{secrets.ENC_IV}}\
\ ) \ndocker login --username $usrVal --password $usrPassword $usrPrxyUrl\
\ \ndocker pull -q $usrImgTag \ndocker run -v ${{github.workspace}}:/src \
\ --volume ${{github.workspace}}:/workdir -v /var/run/docker.sock:/var/run/docker.sock\
\ $usrImgTag -api_key ${{secrets.ORG_API_KEY}} -wrkspc_id ${{secrets.WORKSPACE_ID}}\
\ -app_id ${{ env.APP_ID }} -scan_id ${{ env.SCAN_ID }} -branch_name ${{ env.BRANCH_NAME\
\ }} -req_url_map ${{ env.REQ_URL_MAP }} -tool_name github event:${{ github.event_name\
\ }} pr_number:${{ github.event.number }} -upload_log true"
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: "${{github.workspace}}/results/result.sarif"
if: hashFiles('**/result.sarif') !=''
- name: Evaluate build status
run: "cat ${{github.workspace}}/results/status.txt\nexit 1\n"
if: hashFiles('**/status.txt') !=''
runs-on: ubuntu-latest