Run Gosec and ZAP Scan #9
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Run Gosec and ZAP Scan | |
| on: | |
| workflow_dispatch: | |
| jobs: | |
| tests: | |
| runs-on: ubuntu-latest | |
| env: | |
| GO111MODULE: on | |
| steps: | |
| - name: Set up Nodejs | |
| uses: actions/setup-node@v3 | |
| with: | |
| node-version: 20 | |
| - name: Set up Go | |
| uses: actions/setup-go@v3 | |
| with: | |
| go-version: 1.21.x | |
| - name: Install Protoc | |
| uses: arduino/setup-protoc@v2 | |
| - name: Set up Nodejs | |
| uses: actions/setup-node@v3 | |
| with: | |
| node-version: 20 | |
| - name: Checkout Source | |
| id: checkout | |
| uses: actions/checkout@v3 | |
| - name: Generate SBOM | |
| id: sbom | |
| uses: anchore/sbom-action@v0 | |
| - name: GitLeaks | |
| id: gitleaks | |
| uses: gitleaks/gitleaks-action@v2 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Run Gosec Security Scanner | |
| id: gosec | |
| uses: securego/gosec@master | |
| with: | |
| args: '-no-fail -fmt sarif -out results.sarif ./...' | |
| - name: Save Gosec output as artifact | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: gosec-results | |
| path: results.sarif | |
| - name: Upload SARIF file | |
| uses: github/codeql-action/upload-sarif@v3 | |
| with: | |
| sarif_file: results.sarif | |
| - name: Build App | |
| run: go build -o blackdagger main.go | |
| - name: Change Permissions | |
| run: chmod +x blackdagger | |
| - name: Start App | |
| run: './blackdagger server & sleep 10' | |
| - name: ZAP Full Scan | |
| id: zap-scan | |
| uses: zaproxy/action-full-scan@v0.10.0 | |
| with: | |
| token: ${{ secrets.github_token }} | |
| target: http://localhost:8080 |