From 523772d9b41122cccf620fa5038c90786142a2c3 Mon Sep 17 00:00:00 2001 From: nefelitav Date: Wed, 13 Mar 2024 18:39:04 +0100 Subject: [PATCH 1/3] add owasp --- .github/workflows/main.yml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 3031748..68147f4 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -11,13 +11,17 @@ jobs: name: gitleaks runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - name: Checkout code + uses: actions/checkout@v3 with: fetch-depth: 0 - - uses: gitleaks/gitleaks-action@v2 + - name: Run Gitleaks + uses: gitleaks/gitleaks-action@v2 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE}} + - name: OWASP Dependency-Check + uses: dependency-check/dependency-check-action@v3 build: runs-on: ubuntu-latest steps: From 82662d1d9bb0f87f5dad16c68ea73ca892ac5c78 Mon Sep 17 00:00:00 2001 From: nefelitav Date: Wed, 13 Mar 2024 18:45:34 +0100 Subject: [PATCH 2/3] change owasp stage --- .github/workflows/main.yml | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 68147f4..63a2e78 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -20,8 +20,6 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE}} - - name: OWASP Dependency-Check - uses: dependency-check/dependency-check-action@v3 build: runs-on: ubuntu-latest steps: @@ -36,6 +34,22 @@ jobs: run: npm run lint - name: Run unit tests run: npm run test + - name: Depcheck + uses: dependency-check/Dependency-Check_Action@main + id: Depcheck + with: + project: 'test' + path: '.' + format: 'HTML' + out: 'reports' # this is the default, no need to specify unless you wish to override it + args: > + --failOnCVSS 7 + --enableRetired + - name: Upload Dependency Check Test results + uses: actions/upload-artifact@master + with: + name: Depcheck report + path: ${{github.workspace}}/reports - name: Login to Docker Hub uses: docker/login-action@v3.0.0 with: From d234d1fc5b02b1379df9ac72c8c8c2aed9c13e9f Mon Sep 17 00:00:00 2001 From: nefelitav Date: Wed, 13 Mar 2024 18:51:04 +0100 Subject: [PATCH 3/3] some improvements --- .github/workflows/main.yml | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 63a2e78..5b793b6 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -34,22 +34,21 @@ jobs: run: npm run lint - name: Run unit tests run: npm run test - - name: Depcheck + - name: Dependency Check uses: dependency-check/Dependency-Check_Action@main - id: Depcheck with: - project: 'test' + project: 'messaging-app' path: '.' format: 'HTML' - out: 'reports' # this is the default, no need to specify unless you wish to override it + out: 'reports' args: > --failOnCVSS 7 --enableRetired - name: Upload Dependency Check Test results uses: actions/upload-artifact@master with: - name: Depcheck report - path: ${{github.workspace}}/reports + name: Dependency Check report + path: ${{github.workspace}}/reports - name: Login to Docker Hub uses: docker/login-action@v3.0.0 with: