From 62b5ab1d8d90cbcebdcfe48f17e1c0d5b5dc23ae Mon Sep 17 00:00:00 2001 From: ShiftLeft Date: Thu, 16 Jul 2020 16:12:50 -0300 Subject: [PATCH 1/2] adding ShiftLeft action workflow config --- .github/workflows/shiftleft.yml | 41 +++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100644 .github/workflows/shiftleft.yml diff --git a/.github/workflows/shiftleft.yml b/.github/workflows/shiftleft.yml new file mode 100644 index 000000000..8542ead21 --- /dev/null +++ b/.github/workflows/shiftleft.yml @@ -0,0 +1,41 @@ +--- +# This workflow integrates ShiftLeft NG SAST with GitHub +# Visit https://docs.shiftleft.io for help +name: ShiftLeft + +on: + pull_request: + +jobs: + NextGen-Static-Analyis: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + # We are building this application with Java 11 + - name: Setup Java JDK + uses: actions/setup-java@v1.3.0 + with: + java-version: 11.0.x + - name: Package with maven + run: mvn compile package + - name: Download ShiftLeft CLI + run: | + curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl + # ShiftLeft requires Java 1.8. Post the package step override the version + - name: Setup Java JDK + uses: actions/setup-java@v1.3.0 + with: + java-version: 1.8 + - name: NextGen Static Analysis + run: ${GITHUB_WORKSPACE}/sl analyze --app shiftleft-java-demo --tag branch=${{ github.head_ref }} --java --cpg target/hello-shiftleft-0.0.1.jar + env: + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} + SHIFTLEFT_API_HOST: www-ext.stg.shiftleft.io + SHIFTLEFT_GRPC_API_HOST: api-ext.stg.shiftleft.io:443 + - name: Create status check + run: | + URL="https://www.stg.shiftleft.io/violationlist/shiftleft-java-demo?apps=shiftleft-java-demo&isApp=1" + GH_CHECK_URL="https://api.github.com/repos/${GITHUB_REPOSITORY}/check-runs" + curl -XPOST $GH_CHECK_URL -H "Authorization: Token ${GITHUB_TOKEN}" -H "accept: application/vnd.github.antiope-preview+json" -H "Content-Type: application/json" -d "{\"name\": \"ShiftLeft Inspect\", \"head_sha\": \"${GITHUB_REF}\", \"external_id\": \"shiftleft-java-demo\", \"details_url\": \"${URL}\", \"status\": \"completed\", \"conclusion\": \"action_required\", \"output\": {\"title\": \"ShiftLeft Inspect Findings\", \"summary\": \"Visit ${URL} for the findings\"}}" + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file From aa3e3074dbff1872b007930d9e7c8d092775ed4a Mon Sep 17 00:00:00 2001 From: sldiegotest2 <68074349+sldiegotest2@users.noreply.github.com> Date: Thu, 16 Jul 2020 16:26:30 -0300 Subject: [PATCH 2/2] Update shiftleft.yml --- .github/workflows/shiftleft.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/shiftleft.yml b/.github/workflows/shiftleft.yml index 8542ead21..6368f635e 100644 --- a/.github/workflows/shiftleft.yml +++ b/.github/workflows/shiftleft.yml @@ -1,6 +1,7 @@ --- # This workflow integrates ShiftLeft NG SAST with GitHub # Visit https://docs.shiftleft.io for help +# a second try name: ShiftLeft on: @@ -38,4 +39,4 @@ jobs: GH_CHECK_URL="https://api.github.com/repos/${GITHUB_REPOSITORY}/check-runs" curl -XPOST $GH_CHECK_URL -H "Authorization: Token ${GITHUB_TOKEN}" -H "accept: application/vnd.github.antiope-preview+json" -H "Content-Type: application/json" -d "{\"name\": \"ShiftLeft Inspect\", \"head_sha\": \"${GITHUB_REF}\", \"external_id\": \"shiftleft-java-demo\", \"details_url\": \"${URL}\", \"status\": \"completed\", \"conclusion\": \"action_required\", \"output\": {\"title\": \"ShiftLeft Inspect Findings\", \"summary\": \"Visit ${URL} for the findings\"}}" env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}