From 3b40b33cb3ef81417d5081b87c0df8d4bdaae6a4 Mon Sep 17 00:00:00 2001 From: Jonathan Serafini Date: Fri, 11 Nov 2022 10:17:52 -0500 Subject: [PATCH] update the boostsec github workflow --- .github/workflows/boost.yml | 29 +++++++++++++++++++++-------- .github/workflows/sbom.yaml | 15 --------------- 2 files changed, 21 insertions(+), 23 deletions(-) delete mode 100644 .github/workflows/sbom.yaml diff --git a/.github/workflows/boost.yml b/.github/workflows/boost.yml index 91b2a12..dab919f 100644 --- a/.github/workflows/boost.yml +++ b/.github/workflows/boost.yml @@ -1,5 +1,6 @@ -name: SAST +name: boostsecurity.io on: + workflow_dispatch: push: branches: - main @@ -9,16 +10,28 @@ on: types: - opened - synchronize - jobs: - boost_security_sast: - name: Boost Security Scanner + boost-sast: + name: SAST runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v2 - - name: Native Scanner - uses: boostsecurityio/boostsec-scanner-github@v3 + uses: actions/checkout@v3 + - name: Run Native Scanner + uses: boostsecurityio/boostsec-scanner-github@v4 with: - action: scan api_token: ${{ secrets.BOOST_API_TOKEN }} + registry_module: boostsecurityio/native-scanner + boost-sbom: + name: SBOM + if: github.event_name != 'pull_request' + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + - name: Upload SBOM from Trivy + uses: boostsecurityio/boostsec-scanner-github@v4 + with: + api_token: ${{ secrets.BOOST_API_TOKEN }} + registry_module: boostsecurityio/trivy-sbom + diff --git a/.github/workflows/sbom.yaml b/.github/workflows/sbom.yaml deleted file mode 100644 index 2c8afb8..0000000 --- a/.github/workflows/sbom.yaml +++ /dev/null @@ -1,15 +0,0 @@ -name: SBOM -on: - push: - branches: - - main -jobs: - sbom: - name: Generate and store artifact - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v2 - - uses: anchore/sbom-action@v0 - with: - format: cyclonedx-json