From 2e144a101de7280d90f3a2d03753a376dcc8dc37 Mon Sep 17 00:00:00 2001 From: Gian Miguel Del Mundo Date: Mon, 29 Apr 2024 13:57:27 +0800 Subject: [PATCH] Added vuln scan step for testing PRs (#12) * Added vuln scan step for testing PRs * Changed vuln scan to use default args * Changed MacOS version in test pipeline * Moved vulnerability scan to separate jobs --- .github/workflows/test-pull-request.yml | 14 +++++++++++--- .trivyignore | 5 +++++ 2 files changed, 16 insertions(+), 3 deletions(-) create mode 100644 .trivyignore diff --git a/.github/workflows/test-pull-request.yml b/.github/workflows/test-pull-request.yml index 79e82e0..22d8b16 100644 --- a/.github/workflows/test-pull-request.yml +++ b/.github/workflows/test-pull-request.yml @@ -8,10 +8,9 @@ on: workflow_dispatch: jobs: - swift-code-checks: name: Code Tests - runs-on: macos-latest + runs-on: macos-12 steps: - uses: actions/checkout@v3 @@ -23,4 +22,13 @@ jobs: run: xcodebuild -scheme UID2GMAPlugin -sdk iphonesimulator16.2 -destination "OS=16.2,name=iPhone 14" - name: Run unit tests - run: xcodebuild test -scheme UID2GMAPluginTests -sdk iphonesimulator16.2 -destination "OS=16.2,name=iPhone 14" \ No newline at end of file + run: xcodebuild test -scheme UID2GMAPluginTests -sdk iphonesimulator16.2 -destination "OS=16.2,name=iPhone 14" + + vulnerability-scan: + name: Vulnerability Scan + runs-on: ubuntu-latest + needs: [swift-code-checks] + + steps: + - name: Vulnerability Scan + uses: IABTechLab/uid2-shared-actions/actions/vulnerability_scan_filesystem@v2 diff --git a/.trivyignore b/.trivyignore new file mode 100644 index 0000000..3aa85f5 --- /dev/null +++ b/.trivyignore @@ -0,0 +1,5 @@ +# List any vulnerability that are to be accepted +# See https://aquasecurity.github.io/trivy/v0.35/docs/vulnerability/examples/filter/ +# for more details +# e.g. +# CVE-2022-3996