-
Notifications
You must be signed in to change notification settings - Fork 275
47 lines (46 loc) · 1.82 KB
/
complete-workflow.yml
File metadata and controls
47 lines (46 loc) · 1.82 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
name: Build code, run unit test, run SAST, SCA, DAST security scans-10
on: push
jobs:
build:
runs-on: ubuntu-latest
name: Run unit tests and SAST scan on the source code #Name of Job
steps:
- uses: actions/checkout@v2
- name: Set up JDK 11
uses: actions/setup-java@v2
with:
java-version: '11'
distribution: 'temurin'
cache: maven
- name: Build with Maven cloud
run: mvn -B verify sonar:sonar -Dsonar.projectKey=java-case-study-1960-project-key -Dsonar.organization=java-case-study-1960 -Dsonar.host.url=https://sonarcloud.io -Dsonar.login=$SONAR_TOKEN
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
security:
runs-on: ubuntu-latest
needs: build #For Sequnetial flow (Before run Security, Run the Build job)
name: Run the SCA scan on the source code
steps:
- uses: actions/checkout@master # checkout Action
- name: RunSnyk to check for vulnerabilities # Name of Snyk Action
uses: snyk/actions/maven@master # Snyk Action
continue-on-error: true # Build not fail in case of error
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
zap_scan:
runs-on: ubuntu-latest
needs: security #For Sequnetial flow (Before run Zap_scan, Run the Security job)
name: Run DAST scan on the web application
steps:
- name: Checkout
uses: actions/checkout@v2
with:
ref: master # Refering to Master Branch
- name: ZAP Scan
uses: zaproxy/action-baseline@v0.6.1
with:
docker_name: 'owasp/zap2docker-stable'
target: 'http://testphp.vulnweb.com/'
rules_file_name: '.zap/rules.tsv'
cmd_options: '-a'