From 31511540bd738ea908c2e5075c7e5ec601514324 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Heitor=20Gouv=C3=AAa?= Date: Thu, 14 Sep 2023 14:18:28 -0300 Subject: [PATCH 1/4] Update dependabot.yml (#62) --- .github/dependabot.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 84c87d6..b5b2a4c 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -4,3 +4,7 @@ updates: directory: "/" schedule: interval: "weekly" + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" From 4ffc3a8c73dce69dd0a38d3eee4a85a701308b97 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Heitor=20Gouv=C3=AAa?= Date: Thu, 14 Sep 2023 14:26:48 -0300 Subject: [PATCH 2/4] Update dependabot.yml (#63) --- .github/dependabot.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index b5b2a4c..f08cd93 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,10 +1,10 @@ version: 2 updates: - - package-ecosystem: "docker" - directory: "/" + - package-ecosystem: docker + directory: / schedule: - interval: "weekly" - - package-ecosystem: "github-actions" - directory: "/" + interval: weekly + - package-ecosystem: github-actions + directory: / schedule: - interval: "weekly" + interval: weekly From c55bdeb0b51ebf619b210cdcff8f087c95f57432 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 14 Sep 2023 14:38:16 -0300 Subject: [PATCH 3/4] Bump actions/checkout from 1 to 4 (#64) Bumps [actions/checkout](https://github.com/actions/checkout) from 1 to 4. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v1...v4) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 612d093..69372cb 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -6,7 +6,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v1 + - uses: actions/checkout@v4 - name: Install dependencies run: | sudo apt install -y perl cpanminus From 7822cd5d1410afcf9311753a59f66735973b51f5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Heitor=20Gouv=C3=AAa?= Date: Thu, 21 Sep 2023 17:15:39 -0300 Subject: [PATCH 4/4] Create security-gate.yml (#65) --- .github/workflows/security-gate.yml | 32 +++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 .github/workflows/security-gate.yml diff --git a/.github/workflows/security-gate.yml b/.github/workflows/security-gate.yml new file mode 100644 index 0000000..fba53b1 --- /dev/null +++ b/.github/workflows/security-gate.yml @@ -0,0 +1,32 @@ +name: Security Gate - Instriq + +on: + push: + branches: + - main + +jobs: + build: + runs-on: ubuntu-latest + env: + MAX_CRITICAL: 0 + MAX_HIGH: 0 + MAX_MEDIUM: 0 + MAX_LOW: 0 + GITHUB_TOKEN: ${{ secrets.TOKEN }} + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Pull Docker image from GitHub Container Registry + run: docker pull ghcr.io/instriq/security-gate/security-gate:latest + + - name: Verify security alerts from dependabot + run: | + docker run ghcr.io/instriq/security-gate/security-gate:latest \ + -t $GITHUB_TOKEN \ + -r ${{ github.repository }} \ + --critical $MAX_CRITICAL \ + --high $MAX_HIGH \ + --medium $MAX_MEDIUM \ + --low $MAX_LOW