Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

edit release badge #15

Merged
merged 66 commits into from
Oct 7, 2024
Merged
Changes from 1 commit
Commits
Show all changes
66 commits
Select commit Hold shift + click to select a range
b98f376
edit SonarQube workflow
meleksabit Sep 15, 2024
c23154b
edit SonarQube workflow
meleksabit Sep 15, 2024
be7123e
edit SonarQube workflow
meleksabit Sep 15, 2024
723dc2a
edit SonarQube workflow
meleksabit Sep 15, 2024
fa147fc
edit SonarQube workflow
meleksabit Sep 15, 2024
1a82f52
edit SonarQube workflow
meleksabit Sep 15, 2024
3a5f479
add sonar-project.properties file + edit SonarQube workflow
meleksabit Sep 15, 2024
c2741c5
edit SonarQube workflow
meleksabit Sep 15, 2024
47207bc
edit SonarQube workflow
meleksabit Sep 15, 2024
1b787b6
Revert "edit SonarQube workflow"
meleksabit Sep 15, 2024
e600cb7
edit SonarQube workflow
meleksabit Sep 17, 2024
2765342
edit SonarQube workflow
meleksabit Sep 17, 2024
a42b70b
edit SonarQube workflow
meleksabit Sep 17, 2024
34ec8de
edit SonarQube workflow
meleksabit Sep 17, 2024
b67aaf5
edit SonarQube workflow
meleksabit Sep 17, 2024
1dcdad1
edit SonarQube workflow
meleksabit Sep 17, 2024
deda6f4
edit SonarQube workflow
meleksabit Sep 17, 2024
48f5148
edit SonarQube workflow
meleksabit Sep 17, 2024
0dfa132
edit SonarQube workflow + add docker-compose file
meleksabit Sep 17, 2024
a21508e
edit SonarQube workflow + edit docker-compose file
meleksabit Sep 17, 2024
dea6e5c
edit SonarQube workflow + edit docker-compose file
meleksabit Sep 17, 2024
5589b4c
edit SonarQube workflow
meleksabit Sep 18, 2024
356b4f8
edit SonarQube workflow
meleksabit Sep 18, 2024
3748168
edit SonarQube workflow
meleksabit Sep 18, 2024
7e7fd8e
edit SonarQube workflow + edit docker-compose file
meleksabit Sep 18, 2024
f4fb838
edit SonarQube workflow + edit docker-compose file
meleksabit Sep 18, 2024
011ac38
edit docker-compose file
meleksabit Sep 18, 2024
7c59c1c
remove version attribute from the docker-compose.yml
meleksabit Sep 18, 2024
c31dae3
increase seconds in the sleep attribute
meleksabit Sep 18, 2024
5a1bef4
edit workflow, docker-compose and Jenkinsfile files + add Dockerfile
meleksabit Sep 19, 2024
d42e472
improve CodeQL Scan
meleksabit Sep 19, 2024
94fe746
improve OWASP Dependency Check workflow
meleksabit Sep 19, 2024
beef810
edit OWASP Dependency Check workflow
meleksabit Sep 19, 2024
4022f86
edit OWASP Dependency Check workflow
meleksabit Sep 19, 2024
1b96603
edit OWASP Dependency Check workflow
meleksabit Sep 19, 2024
d8123b8
edit OWASP Dependency Check workflow
meleksabit Sep 19, 2024
7db4505
edit OWASP Dependency Check workflow
meleksabit Sep 19, 2024
3dce216
edit Semgrep SAST workflow
meleksabit Sep 19, 2024
1557efc
edit Semgrep SAST workflow
meleksabit Sep 19, 2024
885a5fc
edit Semgrep SAST workflow
meleksabit Sep 19, 2024
a03fd3d
edit Semgrep SAST workflow
meleksabit Sep 19, 2024
c7665d7
add SonarCloud workflow + add Quality Gate in the Jenkinsfile
meleksabit Sep 19, 2024
aa0693b
edit the SonarCloud workflow
meleksabit Sep 19, 2024
904a38d
edit the SonarCloud workflow
meleksabit Sep 19, 2024
c5cbe17
add badges to the README file
meleksabit Sep 19, 2024
fb68722
edit Semgrep workflow
meleksabit Sep 20, 2024
eecc493
Merge branch 'main' into development
meleksabit Sep 20, 2024
b970b70
edit Semgrep workflow
meleksabit Sep 21, 2024
f438733
edit Semgrep workflow
meleksabit Sep 21, 2024
979d360
edit Semgrep workflow
meleksabit Sep 24, 2024
5070ea8
edit Semgrep workflow
meleksabit Sep 24, 2024
5fc22b2
edit Semgrep workflow
meleksabit Sep 24, 2024
2119795
edit Semgrep workflow
meleksabit Sep 24, 2024
fdfe373
edit Semgrep workflow
meleksabit Sep 24, 2024
23833c5
edit Semgrep workflow
meleksabit Sep 24, 2024
62af793
edit Semgrep workflow
meleksabit Sep 24, 2024
a155fd1
edit Semgrep workflow
meleksabit Sep 24, 2024
f2779fe
edit Semgrep workflow
meleksabit Sep 24, 2024
00811bb
edit README.md
meleksabit Sep 24, 2024
6885501
edit README.md
meleksabit Sep 24, 2024
6a35fa9
add release badge
meleksabit Sep 30, 2024
8635289
Merge branch 'main' into development
meleksabit Sep 30, 2024
7fe74e5
edit release badge
meleksabit Sep 30, 2024
e6533a7
Merge branch 'main' into development
meleksabit Sep 30, 2024
2c4a75e
edit release badge
meleksabit Oct 7, 2024
7139317
Merge branch 'main' into development
meleksabit Oct 7, 2024
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
edit Semgrep workflow
  • Loading branch information
meleksabit committed Sep 21, 2024
commit f43873398c89e8adc4745e61b20855104944c326
30 changes: 8 additions & 22 deletions .github/workflows/scan-with-semgrep.yml
Original file line number Diff line number Diff line change
@@ -21,17 +21,10 @@ on:

jobs:
semgrep:
name: Scan Application Code with Semgrep SAST
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
container:
image: returntocorp/semgrep:latest

if: github.actor != 'dependabot[bot]'

steps:
- name: Checkout code
uses: actions/checkout@v4
@@ -53,31 +46,24 @@ jobs:
fi
shell: bash

# Debug: Print environment variables to check they are set correctly
- name: Print environment variables
run: |
echo "xss_config=$xss_config"
echo "xss_output=$xss_output"
echo "ci_config=$ci_config"
echo "ci_output=$ci_output"

# Run Semgrep XSS Scan using the dynamically set environment variables
- name: Run Semgrep XSS Scan
run: semgrep --config "$xss_config" --sarif --output="$xss_output"
shell: bash # Switch to bash for better variable handling
run: |
semgrep --config "$xss_config" --sarif --output="$xss_output" .
continue-on-error: true

# Debug: List files to check if SARIF file was generated
# Debug: List files to ensure the SARIF file is generated
- name: List files after Semgrep XSS Scan
run: ls -la

# Run Semgrep High-Confidence SAST Scan using the dynamically set environment variables
- name: Run Semgrep High-Confidence SAST Scan
run: semgrep --config "$ci_config" --sarif --output="$ci_output"
shell: bash # Switch to bash for better variable handling
run: |
semgrep --config "$ci_config" --sarif --output="$ci_output" .
continue-on-error: true

- name: List files after Semgrep XSS Scan
run: ls -la


# Upload the XSS SARIF file
- name: Upload XSS SARIF file
uses: github/codeql-action/upload-sarif@main
Loading