implement semgrep in github worflow for project (#1979)
This commit is contained in:
Lenin Alevski
GitHub
36
.github/workflows/jobs.yaml
vendored
36
.github/workflows/jobs.yaml
vendored
@@ -24,6 +24,7 @@ jobs:
|
||||
- no-warnings-and-make-assets
|
||||
- reuse-golang-dependencies
|
||||
- vulnerable-dependencies-checks
|
||||
- semgrep-static-code-analysis
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
strategy:
|
||||
@@ -92,6 +93,7 @@ jobs:
|
||||
- no-warnings-and-make-assets
|
||||
- reuse-golang-dependencies
|
||||
- vulnerable-dependencies-checks
|
||||
- semgrep-static-code-analysis
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
strategy:
|
||||
@@ -160,6 +162,7 @@ jobs:
|
||||
- no-warnings-and-make-assets
|
||||
- reuse-golang-dependencies
|
||||
- vulnerable-dependencies-checks
|
||||
- semgrep-static-code-analysis
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
strategy:
|
||||
@@ -256,6 +259,22 @@ jobs:
|
||||
curl -L -o nancy https://github.com/sonatype-nexus-community/nancy/releases/download/${nancy_version}/nancy-${nancy_version}-linux-amd64 && chmod +x nancy
|
||||
go list -deps -json ./... | jq -s 'unique_by(.Module.Path)|.[]|select(has("Module"))|.Module' | ./nancy sleuth
|
||||
|
||||
semgrep-static-code-analysis:
|
||||
name: "semgrep checks"
|
||||
runs-on: ${{ matrix.os }}
|
||||
container:
|
||||
image: "returntocorp/semgrep"
|
||||
strategy:
|
||||
matrix:
|
||||
os: [ ubuntu-latest ]
|
||||
steps:
|
||||
- name: Check out source code
|
||||
uses: actions/checkout@v2
|
||||
- name: Scanning code on ${{ matrix.os }}
|
||||
continue-on-error: false
|
||||
run: |
|
||||
semgrep --config semgrep.yaml $(pwd)/portal-ui --error
|
||||
|
||||
no-warnings-and-make-assets:
|
||||
name: "React Code Has No Warnings and then Make Assets"
|
||||
runs-on: ${{ matrix.os }}
|
||||
@@ -350,6 +369,7 @@ jobs:
|
||||
- no-warnings-and-make-assets
|
||||
- reuse-golang-dependencies
|
||||
- vulnerable-dependencies-checks
|
||||
- semgrep-static-code-analysis
|
||||
runs-on: ${{ matrix.os }}
|
||||
strategy:
|
||||
matrix:
|
||||
@@ -428,6 +448,7 @@ jobs:
|
||||
- no-warnings-and-make-assets
|
||||
- reuse-golang-dependencies
|
||||
- vulnerable-dependencies-checks
|
||||
- semgrep-static-code-analysis
|
||||
runs-on: ${{ matrix.os }}
|
||||
strategy:
|
||||
matrix:
|
||||
@@ -506,6 +527,7 @@ jobs:
|
||||
- no-warnings-and-make-assets
|
||||
- reuse-golang-dependencies
|
||||
- vulnerable-dependencies-checks
|
||||
- semgrep-static-code-analysis
|
||||
runs-on: ${{ matrix.os }}
|
||||
strategy:
|
||||
matrix:
|
||||
@@ -585,6 +607,7 @@ jobs:
|
||||
- no-warnings-and-make-assets
|
||||
- reuse-golang-dependencies
|
||||
- vulnerable-dependencies-checks
|
||||
- semgrep-static-code-analysis
|
||||
runs-on: ${{ matrix.os }}
|
||||
timeout-minutes: 5
|
||||
strategy:
|
||||
@@ -654,6 +677,7 @@ jobs:
|
||||
- no-warnings-and-make-assets
|
||||
- reuse-golang-dependencies
|
||||
- vulnerable-dependencies-checks
|
||||
- semgrep-static-code-analysis
|
||||
runs-on: ${{ matrix.os }}
|
||||
strategy:
|
||||
matrix:
|
||||
@@ -722,6 +746,7 @@ jobs:
|
||||
- no-warnings-and-make-assets
|
||||
- reuse-golang-dependencies
|
||||
- vulnerable-dependencies-checks
|
||||
- semgrep-static-code-analysis
|
||||
runs-on: ${{ matrix.os }}
|
||||
strategy:
|
||||
matrix:
|
||||
@@ -790,6 +815,7 @@ jobs:
|
||||
- no-warnings-and-make-assets
|
||||
- reuse-golang-dependencies
|
||||
- vulnerable-dependencies-checks
|
||||
- semgrep-static-code-analysis
|
||||
runs-on: ${{ matrix.os }}
|
||||
strategy:
|
||||
matrix:
|
||||
@@ -863,6 +889,7 @@ jobs:
|
||||
- no-warnings-and-make-assets
|
||||
- reuse-golang-dependencies
|
||||
- vulnerable-dependencies-checks
|
||||
- semgrep-static-code-analysis
|
||||
runs-on: ${{ matrix.os }}
|
||||
strategy:
|
||||
matrix:
|
||||
@@ -900,6 +927,7 @@ jobs:
|
||||
- no-warnings-and-make-assets
|
||||
- reuse-golang-dependencies
|
||||
- vulnerable-dependencies-checks
|
||||
- semgrep-static-code-analysis
|
||||
runs-on: ${{ matrix.os }}
|
||||
strategy:
|
||||
matrix:
|
||||
@@ -937,6 +965,7 @@ jobs:
|
||||
- no-warnings-and-make-assets
|
||||
- reuse-golang-dependencies
|
||||
- vulnerable-dependencies-checks
|
||||
- semgrep-static-code-analysis
|
||||
runs-on: ${{ matrix.os }}
|
||||
strategy:
|
||||
matrix:
|
||||
@@ -974,6 +1003,7 @@ jobs:
|
||||
- no-warnings-and-make-assets
|
||||
- reuse-golang-dependencies
|
||||
- vulnerable-dependencies-checks
|
||||
- semgrep-static-code-analysis
|
||||
runs-on: ${{ matrix.os }}
|
||||
strategy:
|
||||
matrix:
|
||||
@@ -1011,6 +1041,7 @@ jobs:
|
||||
- no-warnings-and-make-assets
|
||||
- reuse-golang-dependencies
|
||||
- vulnerable-dependencies-checks
|
||||
- semgrep-static-code-analysis
|
||||
runs-on: ${{ matrix.os }}
|
||||
strategy:
|
||||
matrix:
|
||||
@@ -1048,6 +1079,7 @@ jobs:
|
||||
- no-warnings-and-make-assets
|
||||
- reuse-golang-dependencies
|
||||
- vulnerable-dependencies-checks
|
||||
- semgrep-static-code-analysis
|
||||
runs-on: ${{ matrix.os }}
|
||||
strategy:
|
||||
matrix:
|
||||
@@ -1085,6 +1117,7 @@ jobs:
|
||||
- no-warnings-and-make-assets
|
||||
- reuse-golang-dependencies
|
||||
- vulnerable-dependencies-checks
|
||||
- semgrep-static-code-analysis
|
||||
runs-on: ${{ matrix.os }}
|
||||
strategy:
|
||||
matrix:
|
||||
@@ -1122,6 +1155,7 @@ jobs:
|
||||
- no-warnings-and-make-assets
|
||||
- reuse-golang-dependencies
|
||||
- vulnerable-dependencies-checks
|
||||
- semgrep-static-code-analysis
|
||||
runs-on: ${{ matrix.os }}
|
||||
strategy:
|
||||
matrix:
|
||||
@@ -1167,6 +1201,7 @@ jobs:
|
||||
- no-warnings-and-make-assets
|
||||
- reuse-golang-dependencies
|
||||
- vulnerable-dependencies-checks
|
||||
- semgrep-static-code-analysis
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
strategy:
|
||||
@@ -1235,6 +1270,7 @@ jobs:
|
||||
- no-warnings-and-make-assets
|
||||
- reuse-golang-dependencies
|
||||
- vulnerable-dependencies-checks
|
||||
- semgrep-static-code-analysis
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
|
||||
Reference in New Issue
Block a user