Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add Build Rules #34

Open
wants to merge 167 commits into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
167 commits
Select commit Hold shift + click to select a range
eb7ca8f
adding ShiftLeft GitHub action
Nov 30, 2022
b092bb2
adding ShiftLeft GitHub action
Feb 23, 2023
a162e4d
adding ShiftLeft GitHub action
Mar 9, 2023
104657e
adding ShiftLeft GitHub action
Mar 13, 2023
6e1e57d
adding ShiftLeft GitHub action
Mar 15, 2023
e196b1f
adding ShiftLeft GitHub action
Mar 16, 2023
18f3a47
adding ShiftLeft GitHub action
Mar 16, 2023
5230e1a
adding ShiftLeft GitHub action
Mar 16, 2023
6e6aab6
adding ShiftLeft GitHub action
Mar 16, 2023
92fe084
adding ShiftLeft GitHub action
Apr 10, 2023
4b3ea99
adding ShiftLeft GitHub action
Apr 11, 2023
ea9954b
adding ShiftLeft GitHub action
Apr 11, 2023
c530607
adding ShiftLeft GitHub action
Apr 20, 2023
faebafd
adding ShiftLeft GitHub action
May 1, 2023
5ede6ec
adding ShiftLeft GitHub action
May 3, 2023
b61d26f
adding ShiftLeft GitHub action
May 3, 2023
e5f21c0
adding ShiftLeft GitHub action
May 16, 2023
82ef06a
adding ShiftLeft GitHub action
May 16, 2023
aae8551
Update shiftleft.yml
ongamse May 19, 2023
d036bd1
Create WORKSPACE
ongamse May 19, 2023
3ce4abb
Update shiftleft.yml
ongamse May 19, 2023
b2bc4ca
adding ShiftLeft GitHub action
May 30, 2023
716a2e2
adding ShiftLeft GitHub action
Jun 8, 2023
7b1a7f0
adding ShiftLeft GitHub action
Jun 27, 2023
32d5751
adding ShiftLeft GitHub action
Jun 27, 2023
df0be9c
adding ShiftLeft GitHub action
Jul 7, 2023
5f46a97
adding ShiftLeft GitHub action
Jul 10, 2023
30468f5
adding ShiftLeft GitHub action
Jul 19, 2023
8dfb516
adding ShiftLeft GitHub action
Jul 24, 2023
5900221
Update shiftleft.yml
ongamse Jul 25, 2023
2737d2f
Update shiftleft.yml
ongamse Jul 26, 2023
d1d1cb7
Update shiftleft.yml
ongamse Jul 26, 2023
0732345
adding ShiftLeft GitHub action
Jul 26, 2023
9a8e55d
adding ShiftLeft GitHub action
Aug 7, 2023
f3e290b
adding ShiftLeft GitHub action
Aug 8, 2023
bbf2825
Create test.yml
ongamse Aug 8, 2023
4db4eb7
Update test.yml
ongamse Aug 8, 2023
bae7ea4
Update test.yml
ongamse Aug 8, 2023
83ac586
Update test.yml
ongamse Aug 8, 2023
22989fc
Update test.yml
ongamse Aug 8, 2023
5e0bd66
Update shiftleft.yml
ongamse Aug 15, 2023
5e07632
adding ShiftLeft GitHub action
Aug 15, 2023
d4f73c7
adding ShiftLeft GitHub action
Aug 22, 2023
b0e825f
Update test.yml
ongamse Aug 23, 2023
6ae6abb
Update shiftleft.yml
ongamse Aug 23, 2023
a2fb3c6
Update shiftleft.yml
ongamse Aug 23, 2023
4831f7d
Update shiftleft.yml
ongamse Aug 23, 2023
99b6766
Update shiftleft.yml
ongamse Aug 30, 2023
c336d6a
Update shiftleft.yml
ongamse Aug 31, 2023
1b3e5b4
Update test.yml
ongamse Sep 12, 2023
831f16b
Update test.yml
ongamse Sep 12, 2023
e02d832
Update shiftleft.yml
ongamse Sep 26, 2023
17ee0f1
Update shiftleft.yml
ongamse Sep 26, 2023
e0a599f
Update shiftleft.yml
ongamse Sep 26, 2023
46bc14d
Update shiftleft.yml
ongamse Sep 26, 2023
41d031a
adding ShiftLeft GitHub action
Oct 9, 2023
9fc8de8
Added pipeline .harness/pipelines/shiftleft-java-demo-1696867734408.yaml
ongamse Oct 9, 2023
946ef4e
Added input set .harness/Build_shiftleft_java_demo_1696867748935-pr-t…
ongamse Oct 9, 2023
779c9f3
Added input set .harness/Build_shiftleft_java_demo_1696867748935-push…
ongamse Oct 9, 2023
2691a12
Added pipeline .harness/pipelines/shiftleft-java-demo-1696878690934.yaml
ongamse Oct 9, 2023
3058268
Added input set .harness/Build_shiftleft_java_demo_1696878707672-pr-t…
ongamse Oct 9, 2023
a0bbb10
Added input set .harness/Build_shiftleft_java_demo_1696878707672-push…
ongamse Oct 9, 2023
6fe4838
adding ShiftLeft GitHub action
Oct 11, 2023
a79fec1
Update test.yml
ongamse Oct 12, 2023
c5bc29c
Update test.yml
ongamse Oct 12, 2023
ce7269f
Update test.yml
ongamse Oct 17, 2023
04b9631
Update test.yml
ongamse Oct 17, 2023
e64f0f3
Update shiftleft.yml
ongamse Oct 25, 2023
f55c448
Update shiftleft.yml
ongamse Oct 30, 2023
f8239dc
Update test.yml
ongamse Oct 30, 2023
999e726
Create TSdemo.yml
ongamse Oct 30, 2023
2587f77
Update test.yml
ongamse Oct 30, 2023
c86742a
adding ShiftLeft GitHub action
Nov 13, 2023
a78e57c
Update test.yml
ongamse Nov 14, 2023
155e1ec
Update test.yml
ongamse Nov 14, 2023
c985598
Update test.yml
ongamse Nov 30, 2023
a8f2da1
Update test.yml
ongamse Nov 30, 2023
9e787cc
Update test.yml
ongamse Dec 5, 2023
ada7d02
Update test.yml
ongamse Dec 5, 2023
85a1a1d
adding ShiftLeft GitHub action
Dec 6, 2023
3c525b5
Update test.yml
ongamse Dec 6, 2023
e7fd815
Update test.yml
ongamse Dec 6, 2023
674392e
Update test.yml
ongamse Dec 18, 2023
efc02e4
Update test.yml
ongamse Dec 18, 2023
c1b62b3
Create QwietMLtest.yml
ongamse Jan 22, 2024
b45d8e4
Update shiftleft.yml
ongamse Jan 29, 2024
3a34854
Update shiftleft.yml
ongamse Jan 29, 2024
5dde714
Update test.yml
ongamse Jan 29, 2024
f386b88
Update test.yml
ongamse Jan 29, 2024
27846da
Update test.yml
ongamse Feb 8, 2024
f5d71b6
adding ShiftLeft GitHub action
Feb 9, 2024
4d5f0ae
Update test.yml
ongamse Feb 20, 2024
fd1e4f3
Update shiftleft.yml
ongamse Mar 6, 2024
67d710d
Update test.yml
ongamse Apr 5, 2024
01f85ca
Update test.yml
ongamse Apr 5, 2024
852feb0
Update test.yml
ongamse Apr 5, 2024
b5ba1f4
Create main.yml
ongamse Apr 8, 2024
b994b20
adding ShiftLeft GitHub action
Apr 10, 2024
f2d044a
Update shiftleft.yml
ongamse Apr 18, 2024
ebfc5ea
Update test.yml
ongamse Apr 18, 2024
9397987
Update shiftleft.yml
ongamse Apr 18, 2024
d78d2a8
Update SearchController.java
ongamse Apr 18, 2024
9fd38ef
Update shiftleft.yml
ongamse Apr 18, 2024
7ddb9c2
Update shiftleft.yml
ongamse Apr 18, 2024
deff313
Update SearchController.java
ongamse Apr 18, 2024
627063c
Update SearchController.java
ongamse Apr 18, 2024
10d31a8
Update SearchController.java
ongamse Apr 18, 2024
1249864
Create maven.sh
ongamse Apr 22, 2024
9ab2c15
Update maven.sh
ongamse Apr 22, 2024
0f71056
Update main.yml
ongamse May 13, 2024
4a30158
Update main.yml
ongamse May 13, 2024
23a9d3f
Update main.yml
ongamse May 13, 2024
5abb797
Update main.yml
ongamse May 14, 2024
366ac7d
Update main.yml
ongamse May 14, 2024
55927e7
Update test.yml
ongamse May 23, 2024
2c42735
Update test.yml
ongamse May 23, 2024
349879d
Update test.yml
ongamse May 23, 2024
e130b7c
Update test.yml
ongamse May 23, 2024
cf626d0
Update test.yml
ongamse May 23, 2024
8aeb0c1
Update test.yml
ongamse May 23, 2024
940732e
Update test.yml
ongamse May 23, 2024
b79acc1
Update test.yml
ongamse May 23, 2024
41c19dd
Update test.yml
ongamse May 23, 2024
852f177
Update test.yml
ongamse May 23, 2024
2a067ef
Update test.yml
ongamse May 28, 2024
b16e8d3
Update test.yml
ongamse May 28, 2024
8d7aea5
Update and rename main.yml to QwietPRBF.yml
ongamse May 30, 2024
d62d78d
Create shiftleft.yml
ongamse May 30, 2024
567ad3e
Update QwietPRBF.yml
ongamse May 30, 2024
3ddb870
Update QwietPRBF.yml
ongamse May 31, 2024
47537ea
Update QwietPRBF.yml
ongamse Jun 4, 2024
7bfae29
Update QwietPRBF.yml
ongamse Jun 4, 2024
35f2a7d
Update QwietPRBF.yml
ongamse Jul 1, 2024
018c366
Update QwietPRBF.yml
ongamse Jul 8, 2024
c12e9ed
Update QwietPRBF.yml
ongamse Jul 12, 2024
0ffaebd
Update QwietPRBF.yml
ongamse Jul 12, 2024
2a5823e
Update QwietPRBF.yml
ongamse Jul 12, 2024
d8c2f49
Update QwietPRBF.yml
ongamse Jul 12, 2024
b78857b
Update QwietPRBF.yml
ongamse Jul 12, 2024
70e8512
Create AutofixPRnBR.yml
ongamse Jul 16, 2024
d24a3c5
adding ShiftLeft GitHub action
Jul 26, 2024
f860945
adding ShiftLeft GitHub action
Jul 26, 2024
6546f2f
Update QwietPRBF.yml
ongamse Aug 6, 2024
5cd7a72
Update QwietPRBF.yml
ongamse Aug 6, 2024
4a41ab8
Update QwietPRBF.yml
ongamse Aug 6, 2024
ea82258
Update QwietPRBF.yml
ongamse Sep 7, 2024
9e76800
Update QwietPRBF.yml
ongamse Sep 7, 2024
2dce731
Update QwietPRBF.yml
ongamse Sep 9, 2024
f246e75
Update CustomerController.java
ongamse Sep 9, 2024
91f8871
Fixing src/main/java/io/shiftleft/controller/SearchController.java fo…
ongamse Sep 9, 2024
1530c87
Merge pull request #54 from ongamse/qwietai/autofix/fix0001
ongamse Sep 9, 2024
9e2db7e
Update AdminController.java
ongamse Sep 9, 2024
15419a2
Create poc.yml
ongamse Sep 10, 2024
1b4bd6d
Update AdminController.java
ongamse Sep 10, 2024
bd17acf
Update SearchController.java
ongamse Sep 10, 2024
06bd2b4
Update poc.yml
ongamse Sep 10, 2024
d5771d0
Update poc.yml
ongamse Sep 10, 2024
92462f2
Update poc.yml
ongamse Oct 11, 2024
d188796
Update poc.yml
ongamse Oct 11, 2024
5a891a2
Create codeql.yml
ongamse Oct 11, 2024
e4a7b33
Update poc.yml
ongamse Oct 22, 2024
9632da4
Update poc.yml
ongamse Dec 4, 2024
6c01f9b
Update poc.yml
ongamse Dec 19, 2024
e69b2e6
Update poc.yml
ongamse Dec 19, 2024
6fc0350
Create TestSecTab.yml
ongamse Dec 23, 2024
1ac0f44
Update TestSecTab.yml
ongamse Dec 23, 2024
4cbb4b1
Update TestSecTab.yml
ongamse Dec 23, 2024
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
41 changes: 41 additions & 0 deletions .github/workflows/AutofixPRnBR.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@

---
# This workflow integrates ShiftLeft NG SAST with GitHub
# Visit https://docs.shiftleft.io for help
name: QwietAFPRnBR

on:
pull_request:
workflow_dispatch:
schedule:
# * is a special character in YAML so you have to quote this string
- cron: '0 11 * * 6'
jobs:
NextGen-Static-Analysis:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
# We are building this application with Java 11
- name: Setup Java JDK
uses: actions/[email protected]
with:
java-version: 1.8
#- name: Package with maven
# run: mvn clean package
- name: Download ShiftLeft CLI
run: |
curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl
- name: Extract branch name
shell: bash
run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})"
id: extract_branch
- name: NextGen Static Analysis
#run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar
run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app Qwiet-java-GH --container 18fgsa/s3-resource --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }}
#run: QWIET_ENABLE_MULTI_LANGUAGE_ANALYSIS=true ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app Qwiet-Multi-GH --container 18fgsa/s3-resource --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }}
env:
SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }}
SHIFTLEFT_API_HOST: www.shiftleft.io
SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443
SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443

41 changes: 41 additions & 0 deletions .github/workflows/QwietMLtest.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@

---
# This workflow integrates ShiftLeft NG SAST with GitHub
# Visit https://docs.shiftleft.io for help
name: ShiftLeft

on:
pull_request:
workflow_dispatch:

jobs:
NextGen-Static-Analysis:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
# We are building this application with Java 11
- name: Setup Java JDK
uses: actions/setup-java@v3
with:
java-version: 11.0.x
distribution: zulu
- name: Download ShiftLeft CLI
run: |
curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl
# ShiftLeft requires Java 1.8. Post the package step override the version
- name: Setup Java JDK
uses: actions/setup-java@v3
with:
distribution: zulu
java-version: 8
- name: Extract branch name
shell: bash
run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})"
id: extract_branch
- name: NextGen Static Analysis
run: QWIET_ENABLE_MULTI_LANGUAGE_ANALYSIS=true ${GITHUB_WORKSPACE}/sl analyze
env:
SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }}
SHIFTLEFT_API_HOST: www.shiftleft.io
SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443
SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443
85 changes: 85 additions & 0 deletions .github/workflows/QwietPRBF.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,85 @@

---
# This workflow integrates ShiftLeft NG SAST with GitHub
# Visit https://docs.shiftleft.io for help
name: QwietQual

on:
pull_request:
workflow_dispatch:
schedule:
# * is a special character in YAML so you have to quote this string
- cron: '0 11 * * 6'
jobs:
NextGen-Static-Analysis:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
# We are building this application with Java 11
- name: Setup Java JDK
uses: actions/setup-java@v3
with:
distribution: zulu
java-version: 11
#- name: Package with maven
# run: mvn clean package
- name: Download ShiftLeft CLI
run: |
curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl
- name: Extract branch name
shell: bash
run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})"
id: extract_branch
- name: NextGen Static Analysis
#run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar
run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app Qwiet-javatoo --container 18fgsa/s3-resource --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }}
#run: QWIET_ENABLE_MULTI_LANGUAGE_ANALYSIS=true ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app Qwiet-Multi-GH --container 18fgsa/s3-resource --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }}
env:
SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN_POC }}
SHIFTLEFT_API_HOST: www.shiftleft.io
SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443
SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443
- name: Run Bestfix script to generate report
shell: bash
if: github.event_name == 'pull_request'
run: |
git clone https://github.com/gzttech/beautifulspoon.git
pip3 install beautifulspoon
git clone https://github.com/ShiftLeftSecurity/field-integrations.git
pip3 install -r field-integrations/shiftleft-utils/requirements.txt
python3 field-integrations/shiftleft-utils/bestfix.py -a ${{ github.event.repository.name }} -o $GITHUB_WORKSPACE/ngsast-bestfix-report.html
bspoon $GITHUB_WORKSPACE/ngsast-bestfix-report.html --select body > $GITHUB_WORKSPACE/qwiet.html
BESTFIX_OUTPUT=$(cat $GITHUB_WORKSPACE/ngsast-bestfix-report.html)
BESTFIX_BODY=$(jq -n --arg body "$BESTFIX_OUTPUT" '{body: $body}')

url="https://api.github.com/repos/${{ github.repository_owner }}/${{ github.event.repository.name }}/issues/${{github.event.number}}/comments"

curl -s -X POST \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer ${GH_API_TOKEN}" \
-d "${BESTFIX_BODY}" \
"${url}"
env:
GH_API_TOKEN: ${{ secrets.API_TOKEN }}
SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN_POC }}
Build-Rules:
runs-on: ubuntu-latest
needs: NextGen-Static-Analysis
steps:
- uses: actions/checkout@v3
- name: Download ShiftLeft CLI
run: |
curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl
- name: Validate Build Rules
run: |
${GITHUB_WORKSPACE}/sl check-analysis --app Qwiet-javatoo \
--github-pr-number=${{github.event.number}} \
--github-pr-user=${{ github.repository_owner }} \
--github-pr-repo=${{ github.event.repository.name }} \
--github-token=${{ secrets.GITHUB_TOKEN }}
env:
SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }}
SHIFTLEFT_API_HOST: www.shiftleft.io
SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443
SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443

59 changes: 59 additions & 0 deletions .github/workflows/TSdemo.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@

---
# This workflow integrates ShiftLeft NG SAST with GitHub
# Visit https://docs.shiftleft.io for help
name: QwietTest

on:
pull_request:
workflow_dispatch:
schedule:
# * is a special character in YAML so you have to quote this string
- cron: '0 11 * * 6'
jobs:
NextGen-Static-Analysis:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
# We are building this application with Java 11
- name: Setup Java JDK
uses: actions/[email protected]
with:
java-version: 1.8
- name: Package with maven
run: mvn clean package
- name: Download ShiftLeft CLI
run: |
curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl
- name: Extract branch name
shell: bash
run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})"
id: extract_branch
- name: NextGen Static Analysis
run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar
env:
SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN0 }}
SHIFTLEFT_API_HOST: www.shiftleft.io
SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443
SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443
Build-Rules:
runs-on: ubuntu-latest
needs: NextGen-Static-Analysis
steps:
- uses: actions/checkout@v3
- name: Download ShiftLeft CLI
run: |
curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl
- name: Validate Build Rules
run: |
${GITHUB_WORKSPACE}/sl check-analysis --app shiftleft-java-demo \
--github-pr-number=${{github.event.number}} \
--github-pr-user=${{ github.repository_owner }} \
--github-pr-repo=${{ github.event.repository.name }} \
--github-token=${{ secrets.GITHUB_TOKEN }}
env:
SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN0 }}
SHIFTLEFT_API_HOST: www.shiftleft.io
SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443
SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443

68 changes: 68 additions & 0 deletions .github/workflows/TestSecTab.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,68 @@
# This workflow integrates QwietAI preZero SAST with GitHub and exports SARIF results to the Security Tab
name: QwietAFPRnBR2

on:
pull_request:
workflow_dispatch:
schedule:
# * is a special character in YAML so you have to quote this string
- cron: '0 11 * * 6'

permissions:
security-events: write # Ensure proper permissions to upload SARIF results

jobs:
QwietAI-preZero-Analysis:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3

- name: Setup Java JDK v8
uses: actions/setup-java@v3
with:
distribution: zulu
java-version: 8

- name: Download QwietAI CLI
run: |
curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl

- name: Extract branch name
shell: bash
run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})"
id: extract_branch

- name: QwietAI preZero Analysis
run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwietjavatab --verbose --container 18fgsa/s3-resource --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} . -- --exclude common.py,export2.py,export3.py,export4.py
env:
SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }}
SHIFTLEFT_API_HOST: www.shiftleft.io
SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443
SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443

- name: Download export.py and requirements.txt
run: |
curl -O https://raw.githubusercontent.com/ShiftLeftSecurity/field-integrations/master/shiftleft-utils/export.py
curl -O https://raw.githubusercontent.com/ShiftLeftSecurity/field-integrations/master/shiftleft-utils/config.py
curl -O https://raw.githubusercontent.com/ShiftLeftSecurity/field-integrations/master/shiftleft-utils/common.py
curl -O https://raw.githubusercontent.com/ShiftLeftSecurity/field-integrations/master/shiftleft-utils/requirements.txt
- name: Verify export.py file exists
run: |
ls -la ${GITHUB_WORKSPACE}

- name: Install Python dependencies
run: |
python3 -m pip install --upgrade pip
python3 -m pip install -r requirements.txt

- name: Run export.py and generate SARIF report
run: |
#APP_NAME=${{ github.event.repository.name }}
python3 ${GITHUB_WORKSPACE}/export.py -f sarif -a Qwietjavatab
env:
SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }}

- name: Upload SARIF file to GitHub Security Tab
uses: github/codeql-action/upload-sarif@v3 # Updated to v3
with:
sarif_file: ./ngsast-report-Qwietjavatab.sarif # Correct dynamic path for SARIF output
94 changes: 94 additions & 0 deletions .github/workflows/codeql.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,94 @@
# For most projects, this workflow file will not need changing; you simply need
# to commit it to your repository.
#
# You may wish to alter this file to override the set of languages analyzed,
# or to provide custom queries or build logic.
#
# ******** NOTE ********
# We have attempted to detect the languages in your repository. Please check
# the `language` matrix defined below to confirm you have the correct set of
# supported CodeQL languages.
#
name: "CodeQL Advanced"

on:
push:
branches: [ "master" ]
pull_request:
branches: [ "master" ]
schedule:
- cron: '26 23 * * 1'

jobs:
analyze:
name: Analyze (${{ matrix.language }})
# Runner size impacts CodeQL analysis time. To learn more, please see:
# - https://gh.io/recommended-hardware-resources-for-running-codeql
# - https://gh.io/supported-runners-and-hardware-resources
# - https://gh.io/using-larger-runners (GitHub.com only)
# Consider using larger runners or machines with greater resources for possible analysis time improvements.
runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
permissions:
# required for all workflows
security-events: write

# required to fetch internal or private CodeQL packs
packages: read

# only required for workflows in private repositories
actions: read
contents: read

strategy:
fail-fast: false
matrix:
include:
- language: java-kotlin
build-mode: none # This mode only analyzes Java. Set this to 'autobuild' or 'manual' to analyze Kotlin too.
- language: python
build-mode: none
# CodeQL supports the following values keywords for 'language': 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'swift'
# Use `c-cpp` to analyze code written in C, C++ or both
# Use 'java-kotlin' to analyze code written in Java, Kotlin or both
# Use 'javascript-typescript' to analyze code written in JavaScript, TypeScript or both
# To learn more about changing the languages that are analyzed or customizing the build mode for your analysis,
# see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning.
# If you are analyzing a compiled language, you can modify the 'build-mode' for that language to customize how
# your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages
steps:
- name: Checkout repository
uses: actions/checkout@v4

# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
build-mode: ${{ matrix.build-mode }}
# If you wish to specify custom queries, you can do so here or in a config file.
# By default, queries listed here will override any specified in a config file.
# Prefix the list here with "+" to use these queries and those in the config file.

# For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
# queries: security-extended,security-and-quality

# If the analyze step fails for one of the languages you are analyzing with
# "We were unable to automatically build your code", modify the matrix above
# to set the build mode to "manual" for that language. Then modify this step
# to build your code.
# ℹ️ Command-line programs to run using the OS shell.
# 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
- if: matrix.build-mode == 'manual'
shell: bash
run: |
echo 'If you are using a "manual" build mode for one or more of the' \
'languages you are analyzing, replace this with the commands to build' \
'your code, for example:'
echo ' make bootstrap'
echo ' make release'
exit 1

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
with:
category: "/language:${{matrix.language}}"
Loading