forked from juice-shop/juice-shop
-
Notifications
You must be signed in to change notification settings - Fork 10
66 lines (55 loc) · 1.45 KB
/
devsecops.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
name: DevSecOps
on:
workflow_dispatch:
inputs:
testing:
type: choice
options:
- DevOps
- SAST/SCA
- DAST/IAST
required: true
jobs:
secret-leaks:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: trufflehog
run: docker run --rm -t -v "$PWD:/pwd" trufflesecurity/trufflehog:latest filesystem /pwd/lib/ >> $GITHUB_STEP_SUMMARY
semgrep:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: semgrep
run: docker run --rm -v "${PWD}:/src" returntocorp/semgrep semgrep scan * >> $GITHUB_STEP_SUMMARY
build:
runs-on: ubuntu-latest
needs: [secret-leaks, semgrep]
steps:
- name: "npm build"
run: echo "Build complete"
test:
runs-on: ubuntu-latest
needs: build
steps:
- name: "Execute unit tests and smoke tests"
run: echo "Test complete"
terrascan:
runs-on: ubuntu-latest
needs: test
steps:
- uses: actions/checkout@v3
- name: terrascan
run: docker run --rm -t -v "${PWD}:/pwd" tenable/terrascan scan -i cft -d /pwd/aws >> $GITHUB_STEP_SUMMARY
package:
needs: terrascan
runs-on: ubuntu-latest
steps:
- name: "Prepare Docker image"
run: echo "Image pushed"
deploy:
runs-on: ubuntu-latest
needs: package
steps:
- name: "Trigger deployment"
run: echo "Deployed successfully"