From f04b84bbb23c77382b4cd1052c5799e9199ac75d Mon Sep 17 00:00:00 2001 From: Aravind Kumar Date: Fri, 17 May 2024 21:11:36 +0530 Subject: [PATCH 1/4] sca-scan.yml --- .github/workflows/sca-scan.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/sca-scan.yml b/.github/workflows/sca-scan.yml index bf9c1eb..f09161f 100644 --- a/.github/workflows/sca-scan.yml +++ b/.github/workflows/sca-scan.yml @@ -3,7 +3,7 @@ on: pull_request: types: [opened, synchronize, reopened] jobs: - security: + security-sca: runs-on: ubuntu-latest steps: - uses: actions/checkout@master From 1c66dfd45e7119afd2f76fc6e01f71f98143fc4c Mon Sep 17 00:00:00 2001 From: Aravind Kumar Date: Fri, 17 May 2024 21:11:47 +0530 Subject: [PATCH 2/4] jira.yml --- .github/workflows/jira.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/.github/workflows/jira.yml b/.github/workflows/jira.yml index 5ddf87a..caa4bbd 100644 --- a/.github/workflows/jira.yml +++ b/.github/workflows/jira.yml @@ -3,7 +3,7 @@ on: pull_request: types: [opened] jobs: - security: + security-jira: if: ${{ github.actor == 'dependabot[bot]' || github.actor == 'snyk-bot' || contains(github.event.pull_request.head.ref, 'snyk-fix-') || contains(github.event.pull_request.head.ref, 'snyk-upgrade-')}} runs-on: ubuntu-latest steps: @@ -26,3 +26,8 @@ jobs: PR: ${{ github.event.pull_request.html_url }} fields: "${{ secrets.JIRA_FIELDS }}" + - name: Transition issue + uses: atlassian/gajira-transition@v3 + with: + issue: ${{ steps.create.outputs.issue }} + transition: ${{ secrets.JIRA_TRANSITION }} From f76a0bba07f933b88f5fd231ec3ef744dca6843f Mon Sep 17 00:00:00 2001 From: Aravind Kumar Date: Fri, 17 May 2024 21:11:48 +0530 Subject: [PATCH 3/4] sast-scan.yml --- .github/workflows/sast-scan.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/sast-scan.yml b/.github/workflows/sast-scan.yml index f931630..3b9521a 100644 --- a/.github/workflows/sast-scan.yml +++ b/.github/workflows/sast-scan.yml @@ -3,9 +3,9 @@ on: pull_request: types: [opened, synchronize, reopened] jobs: - security: + security-sast: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 - - name: Horusec Scan - run: docker run -v /var/run/docker.sock:/var/run/docker.sock -v $(pwd):/src horuszup/horusec-cli:latest horusec start -p /src -P $(pwd) \ No newline at end of file + - name: Semgrep Scan + run: docker run -v /var/run/docker.sock:/var/run/docker.sock -v "${PWD}:/src" returntocorp/semgrep semgrep scan --config auto \ No newline at end of file From 9097fccc3392df3010ffb99ed00a4fb855547c8c Mon Sep 17 00:00:00 2001 From: Aravind Kumar Date: Fri, 17 May 2024 21:11:49 +0530 Subject: [PATCH 4/4] Delete secrets-scan.yml --- .github/workflows/secrets-scan.yml | 11 ----------- 1 file changed, 11 deletions(-) delete mode 100644 .github/workflows/secrets-scan.yml diff --git a/.github/workflows/secrets-scan.yml b/.github/workflows/secrets-scan.yml deleted file mode 100644 index 1e8f176..0000000 --- a/.github/workflows/secrets-scan.yml +++ /dev/null @@ -1,11 +0,0 @@ -name: Secrets Scan -on: - pull_request: - types: [opened, synchronize, reopened] -jobs: - security: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - name: Gittyleaks - uses: gupy-io/gittyleaks-action@v0.1 \ No newline at end of file