-
Notifications
You must be signed in to change notification settings - Fork 5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add CRDA starter workflow and modify openshift workflow #1564
Conversation
8345206
to
a6c7441
Compare
# - Install the CRDA command line tool | ||
# - Auto detect the manifest file and install the project's dependencies | ||
# - Perform the security scan using CRDA | ||
# - Upload the SARIF result to the GitHub Code Scanning which can be viewed under the security tab |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this performed by the crda action? If not, then it can be added as a step like this :
- name: Upload the SARIF result
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: results.sarif
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@Phantsure Yes, SARIF upload is performed by this action itself, no need to use upload-sarif
action.
@divyansh42 Can you please re-base this branch? |
Signed-off-by: divyansh42 <diagrawa@redhat.com>
a6c7441
to
beafd2d
Compare
@Phantsure done, please check. |
Signed-off-by: divyansh42 diagrawa@redhat.com
Pre-requisites
Please note that at this time we are only accepting new starter workflows for Code Scanning. Updates to existing starter workflows are fine.
Tasks
For all workflows, the workflow:
.yml
file with the language or platform as its filename, in lower, kebab-cased format (for example,docker-image.yml
). Special characters should be removed or replaced with words as appropriate (for example, "dotnet" instead of ".NET").GITHUB_TOKEN
so that the workflow runs successfully.For CI workflows, the workflow:
ci
directory.ci/properties/*.properties.json
file (for example,ci/properties/docker-publish.properties.json
).push
tobranches: [ $default-branch ]
andpull_request
tobranches: [ $default-branch ]
.release
withtypes: [ created ]
.docker-publish.yml
).For Code Scanning workflows, the workflow:
code-scanning
directory.code-scanning/properties/*.properties.json
file (for example,code-scanning/properties/codeql.properties.json
), with properties set as follows:name
: Name of the Code Scanning integration.organization
: Name of the organization producing the Code Scanning integration.description
: Short description of the Code Scanning integration.categories
: Array of languages supported by the Code Scanning integration.iconName
: Name of the SVG logo representing the Code Scanning integration. This SVG logo must be present in theicons
directory.push
tobranches: [ $default-branch, $protected-branches ]
andpull_request
tobranches: [ $default-branch ]
. We also recommend aschedule
trigger ofcron: $cron-weekly
(for example,codeql.yml
).Some general notes:
actions
organization, or