Skip to content
DevSecOps

DevSecOps #23

Sign in to view logs

DevSecOps

DevSecOps #23

Workflow file for this run

.github/workflows/devsecops.yml at 633603d
name: DevSecOps
on:
workflow_dispatch:
inputs:
testing:
type: choice
options:
- DevOps
- SAST/SCA
- DAST/IAST
required: true
jobs:
akto:
runs-on: ubuntu-latest
steps:
- name: akto
env:
AKTO_DASHBOARD_URL: ${{ secrets.AKTO_DASHBOARD_URL }}
AKTO_API_KEY: ${{ secrets.AKTO_API_KEY }}
run: docker run -v ${PWD}:/out -e AKTO_DASHBOARD_URL=$AKTO_DASHBOARD_URL -e TEST_IDS="JWT_NONE_ALGO REMOVE_TOKENS" -e API_COLLECTION_NAME=juice_shop_demo -e AKTO_API_KEY=$AKTO_API_KEY -e OUTPUT_LEVEL=SUMMARY aktosecurity/akto-api-testing-cli:latest
secret-leaks:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: trufflehog
run: docker run --rm -t -v "$PWD:/pwd" trufflesecurity/trufflehog:latest filesystem /pwd/lib/ >> $GITHUB_STEP_SUMMARY
semgrep:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: semgrep
run: docker run --rm -v "${PWD}:/src" returntocorp/semgrep semgrep scan * >> $GITHUB_STEP_SUMMARY
build:
runs-on: ubuntu-latest
needs: [secret-leaks, semgrep]
steps:
- name: "npm build"
run: echo "Build complete"
test:
runs-on: ubuntu-latest
needs: build
steps:
- name: "Execute unit tests and smoke tests"
run: echo "Test complete"
terrascan:
runs-on: ubuntu-latest
needs: test
steps:
- uses: actions/checkout@v3
- name: terrascan
run: docker run --rm -t -v "${PWD}:/pwd" tenable/terrascan scan -i cft -d /pwd/aws >> $GITHUB_STEP_SUMMARY
package:
needs: terrascan
runs-on: ubuntu-latest
steps:
- name: "Prepare Docker image"
run: echo "Image pushed"
deploy:
runs-on: ubuntu-latest
needs: package
steps:
- name: "Trigger deployment"
run: echo "Deployed successfully"