Skip to content

ph-ee-bill-pay-sca-fdb45606 #2785

ph-ee-bill-pay-sca-fdb45606

ph-ee-bill-pay-sca-fdb45606 #2785

Workflow file for this run

name: Workflows generated by the MVS plan
run-name: ${{fromJSON(github.event.inputs.client_payload).payload.job_title}}
on:
workflow_dispatch:
inputs:
client_payload:
description: The Client payload
required: true
permissions:
contents: read
id-token: write
jobs:
docker-scan:
if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'docker-scan' && fromJSON(github.event.inputs.client_payload).payload.workflow_slug == 'workflow-docker-scan'
runs-on: ubuntu-22.04
timeout-minutes: 60
steps:
- name: trivy
uses: jitsecurity-controls/[email protected]
with:
security_control: registry.jit.io/control-trivy-alpine:latest
enrich:
if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'enrich' && fromJSON(github.event.inputs.client_payload).payload.workflow_slug == 'workflow-enrichment-code'
runs-on: ubuntu-22.04
timeout-minutes: 60
steps:
- name: enrichment
uses: jitsecurity-controls/[email protected]
with:
security_control: registry.jit.io/control-enrichment-slim:latest
iac-misconfig-detection-kubernetes:
if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'iac-misconfig-detection-kubernetes' && fromJSON(github.event.inputs.client_payload).payload.workflow_slug == 'workflow-kubernetes-iac-misconfiguration-detection'
runs-on: ubuntu-22.04
timeout-minutes: 60
steps:
- name: kubescape
uses: jitsecurity-controls/[email protected]
with:
security_control: registry.jit.io/control-kubescape-slim:latest
remediation-pr:
if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'remediation-pr' && fromJSON(github.event.inputs.client_payload).payload.workflow_slug == 'workflow-remediation-pr'
runs-on: ubuntu-22.04
timeout-minutes: 60
steps:
- name: remediation-pr
uses: jitsecurity-controls/[email protected]
with:
security_control: registry.jit.io/open-remediation-pr-alpine:latest
secret-detection:
if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'secret-detection' && fromJSON(github.event.inputs.client_payload).payload.workflow_slug == 'workflow-secret-detection'
runs-on: ubuntu-22.04
timeout-minutes: 60
steps:
- name: gitleaks
uses: jitsecurity-controls/[email protected]
with:
security_control: registry.jit.io/control-gitleaks-alpine:latest
software-bill-of-materials:
if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'software-bill-of-materials' && fromJSON(github.event.inputs.client_payload).payload.workflow_slug == 'workflow-sbom'
runs-on: ubuntu-22.04
timeout-minutes: 60
steps:
- name: syft
uses: jitsecurity-controls/[email protected]
with:
security_control: registry.jit.io/control-syft-alpine:latest
fail_if_cannot_checkout: false
software-component-analysis-elixir:
if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'software-component-analysis-elixir' && fromJSON(github.event.inputs.client_payload).payload.workflow_slug == 'workflow-sca'
runs-on: ubuntu-22.04
timeout-minutes: 60
steps:
- name: osv-scanner
uses: jitsecurity-controls/[email protected]
with:
security_control: registry.jit.io/control-osv-scanner-alpine:latest
software-component-analysis-go:
if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'software-component-analysis-go' && fromJSON(github.event.inputs.client_payload).payload.workflow_slug == 'workflow-sca'
runs-on: ubuntu-22.04
timeout-minutes: 60
steps:
- name: nancy
uses: jitsecurity-controls/[email protected]
with:
security_control: registry.jit.io/control-nancy-alpine:latest
software-component-analysis-gradle:
if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'software-component-analysis-gradle' && fromJSON(github.event.inputs.client_payload).payload.workflow_slug == 'workflow-sca'
runs-on: ubuntu-22.04
timeout-minutes: 60
steps:
- name: jit-gradle
uses: jitsecurity-controls/[email protected]
with:
security_control: registry.jit.io/control-jit-gradle-scanner:latest
software-component-analysis-java:
if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'software-component-analysis-java' && fromJSON(github.event.inputs.client_payload).payload.workflow_slug == 'workflow-sca'
runs-on: ubuntu-22.04
timeout-minutes: 60
steps:
- name: osv-scanner
uses: jitsecurity-controls/[email protected]
with:
security_control: registry.jit.io/control-osv-scanner-alpine:latest
software-component-analysis-js:
if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'software-component-analysis-js' && fromJSON(github.event.inputs.client_payload).payload.workflow_slug == 'workflow-sca'
runs-on: ubuntu-22.04
timeout-minutes: 60
steps:
- name: npm-audit
uses: jitsecurity-controls/[email protected]
with:
security_control: registry.jit.io/control-npm-audit-slim:latest
software-component-analysis-php:
if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'software-component-analysis-php' && fromJSON(github.event.inputs.client_payload).payload.workflow_slug == 'workflow-sca'
runs-on: ubuntu-22.04
timeout-minutes: 60
steps:
- name: osv-scanner
uses: jitsecurity-controls/[email protected]
with:
security_control: registry.jit.io/control-osv-scanner-alpine:latest
software-component-analysis-poetry:
if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'software-component-analysis-poetry' && fromJSON(github.event.inputs.client_payload).payload.workflow_slug == 'workflow-sca'
runs-on: ubuntu-22.04
timeout-minutes: 60
steps:
- name: osv-scanner
uses: jitsecurity-controls/[email protected]
with:
security_control: registry.jit.io/control-osv-scanner-alpine:latest
software-component-analysis-python:
if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'software-component-analysis-python' && fromJSON(github.event.inputs.client_payload).payload.workflow_slug == 'workflow-sca'
runs-on: ubuntu-22.04
timeout-minutes: 60
steps:
- name: osv-scanner
uses: jitsecurity-controls/[email protected]
with:
security_control: registry.jit.io/control-osv-scanner-alpine:latest
software-component-analysis-trivy-csharp:
if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'software-component-analysis-trivy-csharp' && fromJSON(github.event.inputs.client_payload).payload.workflow_slug == 'workflow-sca'
runs-on: ubuntu-22.04
timeout-minutes: 60
steps:
- name: trivy-dotnet
uses: jitsecurity-controls/[email protected]
with:
security_control: registry.jit.io/control-trivy-dotnet-slim:latest
static-code-analysis-c-cpp:
if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'static-code-analysis-c-cpp' && fromJSON(github.event.inputs.client_payload).payload.workflow_slug == 'workflow-sast'
runs-on: ubuntu-22.04
timeout-minutes: 60
steps:
- name: semgrep
uses: jitsecurity-controls/[email protected]
with:
security_control: registry.jit.io/control-semgrep-alpine:latest
static-code-analysis-csharp:
if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'static-code-analysis-csharp' && fromJSON(github.event.inputs.client_payload).payload.workflow_slug == 'workflow-sast'
runs-on: ubuntu-22.04
timeout-minutes: 60
steps:
- name: semgrep
uses: jitsecurity-controls/[email protected]
with:
security_control: registry.jit.io/control-semgrep-alpine:latest
static-code-analysis-go:
if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'static-code-analysis-go' && fromJSON(github.event.inputs.client_payload).payload.workflow_slug == 'workflow-sast'
runs-on: ubuntu-22.04
timeout-minutes: 60
steps:
- name: gosec
uses: jitsecurity-controls/[email protected]
with:
security_control: registry.jit.io/control-gosec-alpine:latest
static-code-analysis-java:
if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'static-code-analysis-java' && fromJSON(github.event.inputs.client_payload).payload.workflow_slug == 'workflow-sast'
runs-on: ubuntu-22.04
timeout-minutes: 60
steps:
- name: semgrep
uses: jitsecurity-controls/[email protected]
with:
security_control: registry.jit.io/control-semgrep-alpine:latest
static-code-analysis-js:
if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'static-code-analysis-js' && fromJSON(github.event.inputs.client_payload).payload.workflow_slug == 'workflow-sast'
runs-on: ubuntu-22.04
timeout-minutes: 60
steps:
- name: semgrep
uses: jitsecurity-controls/[email protected]
with:
security_control: registry.jit.io/control-semgrep-alpine:latest
static-code-analysis-kotlin:
if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'static-code-analysis-kotlin' && fromJSON(github.event.inputs.client_payload).payload.workflow_slug == 'workflow-sast'
runs-on: ubuntu-22.04
timeout-minutes: 60
steps:
- name: semgrep
uses: jitsecurity-controls/[email protected]
with:
security_control: registry.jit.io/control-semgrep-alpine:latest
static-code-analysis-php:
if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'static-code-analysis-php' && fromJSON(github.event.inputs.client_payload).payload.workflow_slug == 'workflow-sast'
runs-on: ubuntu-22.04
timeout-minutes: 60
steps:
- name: semgrep
uses: jitsecurity-controls/[email protected]
with:
security_control: registry.jit.io/control-semgrep-alpine:latest
static-code-analysis-python-semgrep:
if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'static-code-analysis-python-semgrep' && fromJSON(github.event.inputs.client_payload).payload.workflow_slug == 'workflow-sast'
runs-on: ubuntu-22.04
timeout-minutes: 60
steps:
- name: semgrep
uses: jitsecurity-controls/[email protected]
with:
security_control: registry.jit.io/control-semgrep-alpine:latest
static-code-analysis-ruby:
if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'static-code-analysis-ruby' && fromJSON(github.event.inputs.client_payload).payload.workflow_slug == 'workflow-sast'
runs-on: ubuntu-22.04
timeout-minutes: 60
steps:
- name: semgrep
uses: jitsecurity-controls/[email protected]
with:
security_control: registry.jit.io/control-semgrep-alpine:latest
static-code-analysis-rust:
if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'static-code-analysis-rust' && fromJSON(github.event.inputs.client_payload).payload.workflow_slug == 'workflow-sast'
runs-on: ubuntu-22.04
timeout-minutes: 60
steps:
- name: semgrep
uses: jitsecurity-controls/[email protected]
with:
security_control: registry.jit.io/control-semgrep-alpine:latest
static-code-analysis-scala:
if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'static-code-analysis-scala' && fromJSON(github.event.inputs.client_payload).payload.workflow_slug == 'workflow-sast'
runs-on: ubuntu-22.04
timeout-minutes: 60
steps:
- name: semgrep
uses: jitsecurity-controls/[email protected]
with:
security_control: registry.jit.io/control-semgrep-alpine:latest
static-code-analysis-swift:
if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'static-code-analysis-swift' && fromJSON(github.event.inputs.client_payload).payload.workflow_slug == 'workflow-sast'
runs-on: ubuntu-22.04
timeout-minutes: 60
steps:
- name: semgrep
uses: jitsecurity-controls/[email protected]
with:
security_control: registry.jit.io/control-semgrep-alpine:latest