-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #12 from viveksiddineni/patch-1
fix: remove zap scans
- Loading branch information
Showing
1 changed file
with
2 additions
and
47 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,5 +1,5 @@ | ||
| # Define the name of the workflow | ||
| name: snyk-zap | ||
| name: snyk | ||
|
|
||
| # Define when the workflow should be triggered (on push to a specific branch and pull requests to the master branch) | ||
| on: | ||
|
|
@@ -13,7 +13,7 @@ on: | |
|
|
||
| # Define the jobs that will be executed as part of the workflow | ||
| jobs: | ||
| # Job to build and push the ZAP Docker image to Docker Hub | ||
| # Job to build and push the Docker image to Docker Hub | ||
| Snyk-Docker-Image: | ||
| runs-on: | ||
| group: ncats-awsci-runners | ||
|
|
@@ -108,48 +108,3 @@ jobs: | |
| with: | ||
| name: reports | ||
| path: ./*.pdf | ||
|
|
||
| ZAP-Docker-Scan: | ||
| needs: Snyk-Docker-Image | ||
| runs-on: ${{needs.Snyk-Docker-Image.outputs.RUNNER}} | ||
| permissions: | ||
| actions: read | ||
| contents: read | ||
| security-events: write | ||
| issues: write | ||
|
|
||
| steps: | ||
| # Step 1: Get BUILD_VERSION from Snyk-Docker-Image job | ||
| - name: Get BUILD_VERSION from Snyk-Docker-Image job | ||
| id: get_runner_ip | ||
| run: | | ||
| echo "BUILD_VERSION=${{ needs.Snyk-Docker-Image.outputs.build_version }}" >> $GITHUB_ENV | ||
| echo "::set-output name=runner_ip::$(hostname -I | cut -d' ' -f1)" | ||
| # Step 2: Add the command to start Docker image on port 5058 | ||
| - name: Start Docker image on port 5058 | ||
| run: docker run -d -p 5058:5058 -e SMARTGRAPH_UI_URL=https://randomurl.com -e sg_api_int_port=5058 -e SMARTGRAPH_API_SWAGGER_URL=https://randomurl.com/docs -e SMARTGRAPH_API_BASE_PATH=/api -e WRITE_CONFIG=true ncats/smartgraph_api:${{ needs.Snyk-Docker-Image.outputs.build_version }} | ||
| continue-on-error: true | ||
| # Step 3: ZAP BASELINE SCAN | ||
| - name: ZAP base Scan | ||
| uses: zaproxy/[email protected] | ||
| with: | ||
| target: 'http://${{ steps.get_runner_ip.outputs.runner_ip }}:5058' # ip address of the runner | ||
| docker_name: 'ghcr.io/zaproxy/zaproxy:stable' | ||
| token: ${{ secrets.GITHUB_TOKEN }} | ||
| fail_action: false | ||
| continue-on-error: true | ||
| # Step 4: Create SARIF file from ZAP results | ||
| - name: Create SARIF file from ZAP results | ||
| uses: SvanBoxel/zaproxy-to-ghas@main | ||
| continue-on-error: true | ||
| # Step 5: Upload SARIF file to GitHub Code Scanning | ||
| - name: Upload SARIF file | ||
| uses: github/codeql-action/upload-sarif@v3 | ||
| with: | ||
| sarif_file: results.sarif | ||
| wait-for-processing: true | ||
| continue-on-error: true | ||
| # Step 6: Stop and remove the Docker container | ||
| - name: Stop and remove Docker container | ||
| run: docker stop $(docker ps -a -q --filter ancestor=ncats/smartgraph_api:$BUILD_VERSION) && docker rm -f $(docker ps -a -q --filter ancestor=ncats/smartgraph_api:$BUILD_VERSION) || true | ||