mirror of https://github.com/gwuhaolin/livego.git
gaoshen.gs
6 months ago
1 changed files with 0 additions and 84 deletions
@ -1,84 +0,0 @@ |
|||||||
# This workflow uses actions that are not certified by GitHub. |
|
||||||
# They are provided by a third-party and are governed by |
|
||||||
# separate terms of service, privacy policy, and support |
|
||||||
# documentation. |
|
||||||
|
|
||||||
################################################################################################################################################ |
|
||||||
# Fortify Application Security provides your team with solutions to empower DevSecOps practices, enable cloud transformation, and secure your # |
|
||||||
# software supply chain. To learn more about Fortify, start a free trial or contact our sales team, visit fortify.com. # |
|
||||||
# # |
|
||||||
# Use this starter workflow as a basis for integrating Fortify Application Security Testing into your GitHub workflows. This template # |
|
||||||
# demonstrates the steps to package the code+dependencies, initiate a scan, and optionally import SAST vulnerabilities into GitHub Security # |
|
||||||
# Code Scanning Alerts. Additional information is available in the workflow comments and the Fortify AST Action / fcli / Fortify product # |
|
||||||
# documentation. If you need additional assistance, please contact Fortify support. # |
|
||||||
################################################################################################################################################ |
|
||||||
|
|
||||||
name: Fortify AST Scan |
|
||||||
|
|
||||||
# Customize trigger events based on your DevSecOps process and/or policy |
|
||||||
on: |
|
||||||
push: |
|
||||||
branches: [ "master" ] |
|
||||||
pull_request: |
|
||||||
# The branches below must be a subset of the branches above |
|
||||||
branches: [ "master" ] |
|
||||||
schedule: |
|
||||||
- cron: '31 1 * * 0' |
|
||||||
workflow_dispatch: |
|
||||||
|
|
||||||
jobs: |
|
||||||
Fortify-AST-Scan: |
|
||||||
# Use the appropriate runner for building your source code. Ensure dev tools required to build your code are present and configured appropriately (MSBuild, Python, etc). |
|
||||||
runs-on: ubuntu-latest |
|
||||||
permissions: |
|
||||||
actions: read |
|
||||||
contents: read |
|
||||||
security-events: write |
|
||||||
|
|
||||||
steps: |
|
||||||
# Check out source code |
|
||||||
- name: Check Out Source Code |
|
||||||
uses: actions/checkout@v4 |
|
||||||
|
|
||||||
# Java is required to run the various Fortify utilities. Ensuring proper version is installed on the runner. |
|
||||||
- name: Setup Java |
|
||||||
uses: actions/setup-java@v4 |
|
||||||
with: |
|
||||||
java-version: 17 |
|
||||||
distribution: 'temurin' |
|
||||||
|
|
||||||
# Perform SAST and optionally SCA scan via Fortify on Demand/Fortify Hosted/Software Security Center, then |
|
||||||
# optionally export SAST results to the GitHub code scanning dashboard. In case further customization is |
|
||||||
# required, you can use sub-actions like fortify/github-action/setup@v1 to set up the various Fortify tools |
|
||||||
# and run them directly from within your pipeline; see https://github.com/fortify/github-action#readme for |
|
||||||
# details. |
|
||||||
- name: Run FoD SAST Scan |
|
||||||
uses: fortify/github-action@a92347297e02391b857e7015792cd1926a4cd418 |
|
||||||
with: |
|
||||||
sast-scan: true |
|
||||||
env: |
|
||||||
### Required configuration when integrating with Fortify on Demand |
|
||||||
FOD_URL: https://ams.fortify.com |
|
||||||
FOD_TENANT: ${{secrets.FOD_TENANT}} |
|
||||||
FOD_USER: ${{secrets.FOD_USER}} |
|
||||||
FOD_PASSWORD: ${{secrets.FOD_PAT}} |
|
||||||
### Optional configuration when integrating with Fortify on Demand |
|
||||||
# EXTRA_PACKAGE_OPTS: -oss # Extra 'scancentral package' options, like '-oss'' if |
|
||||||
# Debricked SCA scan is enabled on Fortify on Demand |
|
||||||
# EXTRA_FOD_LOGIN_OPTS: --socket-timeout=60s # Extra 'fcli fod session login' options |
|
||||||
# FOD_RELEASE: MyApp:MyRelease # FoD release name, default: <org>/<repo>:<branch>; may |
|
||||||
# replace app+release name with numeric release ID |
|
||||||
# DO_WAIT: true # Wait for scan completion, implied if 'DO_EXPORT: true' |
|
||||||
# DO_EXPORT: true # Export SAST results to GitHub code scanning dashboard |
|
||||||
### Required configuration when integrating with Fortify Hosted / Software Security Center & ScanCentral |
|
||||||
# SSC_URL: ${{secrets.SSC_URL}} # SSC URL |
|
||||||
# SSC_TOKEN: ${{secrets.SSC_TOKEN}} # SSC CIToken or AutomationToken |
|
||||||
# SC_SAST_TOKEN: ${{secrets.SC_SAST_TOKEN}} # ScanCentral SAST client auth token |
|
||||||
# SC_SAST_SENSOR_VERSION: ${{vars.SC_SAST_SENSOR_VERSION}} # Sensor version on which to run the scan; |
|
||||||
# usually defined as organization or repo variable |
|
||||||
### Optional configuration when integrating with Fortify Hosted / Software Security Center & ScanCentral |
|
||||||
# EXTRA_SC_SAST_LOGIN_OPTS: --socket-timeout=60s # Extra 'fcli sc-sast session login' options |
|
||||||
# SSC_APPVERSION: MyApp:MyVersion # SSC application version, default: <org>/<repo>:<branch> |
|
||||||
# EXTRA_PACKAGE_OPTS: -bv myCustomPom.xml # Extra 'scancentral package' options |
|
||||||
# DO_WAIT: true # Wait for scan completion, implied if 'DO_EXPORT: true' |
|
||||||
# DO_EXPORT: true # Export SAST results to GitHub code scanning dashboard |
|
||||||
Loading…
Reference in new issue