Create xanitizer-analysis.yml
This commit is contained in:
parent
ed87561059
commit
82af7bd2a8
|
@ -0,0 +1,87 @@
|
||||||
|
# This workflow downloads and installs the latest version of Xanitizer, builds your project, runs a Xanitizer security analysis on it,
|
||||||
|
# and then archives the findings list reports and uploads the findings into the GitHub code scanning alert section of your repository.
|
||||||
|
#
|
||||||
|
# Documentation for the `RIGS-IT/xanitizer-action` is located here: https://github.com/RIGS-IT/xanitizer-action
|
||||||
|
#
|
||||||
|
# To use this basic workflow, you will need to complete the following setup steps:
|
||||||
|
#
|
||||||
|
# 1. The underlying Xanitizer, used in this workflow, needs a separate license file.
|
||||||
|
# Licenses are free of charge for open source projects and for educational usage.
|
||||||
|
# To get more information about the Xanitizer licenses and how to obtain a license file,
|
||||||
|
# please consult https://www.xanitizer.com/xanitizer-pricing/.
|
||||||
|
#
|
||||||
|
# 2. The content of the license file has to be stored as a GitHub secret (e.g. XANITIZER_LICENSE) on this repository.
|
||||||
|
# Please consult https://docs.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets for details.
|
||||||
|
#
|
||||||
|
# 3. Reference the GitHub secret in the step using the `RIGS-IT/xanitizer-action` GitHub action.
|
||||||
|
# Example:
|
||||||
|
# - name: Xanitizer Security Analysis
|
||||||
|
# uses: RIGS-IT/xanitizer-action@v1
|
||||||
|
# with:
|
||||||
|
# license: ${{ secrets.XANITIZER_LICENSE }}
|
||||||
|
#
|
||||||
|
# 4. As a static application security testing (SAST) tool,
|
||||||
|
# Xanitizer requires that all dependencies of the artifacts being analyzed can be resolved successfully.
|
||||||
|
# So you have to install all used libraries and build your project before running the security analysis,
|
||||||
|
# e.g. via `mvn compile` for Java or `npm install` for JavaScript
|
||||||
|
|
||||||
|
name: "Xanitizer Security Analysis"
|
||||||
|
|
||||||
|
on:
|
||||||
|
push:
|
||||||
|
branches: [ main, upload-artifact ]
|
||||||
|
pull_request:
|
||||||
|
# The branches below must be a subset of the branches above
|
||||||
|
branches: [ main ]
|
||||||
|
schedule:
|
||||||
|
- cron: '45 16 * * 4'
|
||||||
|
workflow_dispatch:
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
xanitizer-security-analysis:
|
||||||
|
# Xanitizer runs on ubuntu-latest and windows-latest.
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
|
||||||
|
steps:
|
||||||
|
# Check out the repository
|
||||||
|
- name: Checkout
|
||||||
|
uses: actions/checkout@v2
|
||||||
|
|
||||||
|
# Set up the correct Java version for your project
|
||||||
|
# Please comment out, if your project does not contain Java source code.
|
||||||
|
- name: Set up JDK 11
|
||||||
|
uses: actions/setup-java@v1
|
||||||
|
with:
|
||||||
|
java-version: 11
|
||||||
|
|
||||||
|
# Compile the code for Java projects and get all libraries, e.g. via Maven
|
||||||
|
# Please adapt, if your project uses another build system to compile Java source code.
|
||||||
|
# Please comment out, if your project does not contain Java source code.
|
||||||
|
- name: Compile Java code
|
||||||
|
run: mvn -B compile
|
||||||
|
|
||||||
|
# Install all dependent libraries for JavaScript/TypeScript projects, e.g. via npm
|
||||||
|
# Please adapt to run `npm install` in the correct directories.
|
||||||
|
# Please adapt, if your project uses another package manager for getting JavaScript libraries.
|
||||||
|
# Please comment out, if your project does not use a package manager for getting JavaScript libraries.
|
||||||
|
- name: Install JavaScript libraries
|
||||||
|
run: npm install
|
||||||
|
|
||||||
|
# Run the security analysis with default settings
|
||||||
|
- name: Xanitizer Security Analysis
|
||||||
|
uses: RIGS-IT/xanitizer-action@v1
|
||||||
|
with:
|
||||||
|
license: ${{ secrets.XANITIZER_LICENSE }}
|
||||||
|
|
||||||
|
# Archiving the findings list reports
|
||||||
|
- uses: actions/upload-artifact@v2
|
||||||
|
with:
|
||||||
|
name: Xanitizer-Reports
|
||||||
|
path: |
|
||||||
|
*-Findings-List.pdf
|
||||||
|
*-Findings-List.sarif
|
||||||
|
|
||||||
|
# Uploads the findings into the GitHub code scanning alert section using the upload-sarif action
|
||||||
|
- uses: github/codeql-action/upload-sarif@v1
|
||||||
|
with:
|
||||||
|
sarif_file: Xanitizer-Findings-List.sarif
|
Loading…
Reference in New Issue