diff --git a/.github/workflows/oss_pygoat-devsecops-advanced.yml b/.github/workflows/oss_pygoat-devsecops-advanced.yml
index 1cf050b..db26b96 100644
--- a/.github/workflows/oss_pygoat-devsecops-advanced.yml
+++ b/.github/workflows/oss_pygoat-devsecops-advanced.yml
@@ -204,30 +204,30 @@ jobs:
steps:
- name: checkout
uses: actions/checkout@v4.1.0
- # - name: Gitleaks
- # continue-on-error: true
- # # You may pin to the exact commit or the version.
- # # uses: gitleaks/gitleaks-action@e6dab246340401bf53eec993b8f05aebe80ac636
- # uses: gitleaks/gitleaks-action@v2.3.4
- # env:
- # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- # #GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE}} # Only required for Organizations, not personal accounts.
- # - name: Depcheck
- # uses: dependency-check/Dependency-Check_Action@main
- # id: Depcheck
- # with:
- # project: 'test'
- # path: '.'
- # format: 'HTML'
- # out: 'reports' # this is the default, no need to specify unless you wish to override it
- # args: >
- # --failOnCVSS 7
- # --enableRetired
- # - name: Upload Test results
- # uses: actions/upload-artifact@master
- # with:
- # name: Depcheck report
- # path: ${{github.workspace}}/reports
+ - name: Gitleaks
+ continue-on-error: true
+ # You may pin to the exact commit or the version.
+ # uses: gitleaks/gitleaks-action@e6dab246340401bf53eec993b8f05aebe80ac636
+ uses: gitleaks/gitleaks-action@v2.3.4
+ env:
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ #GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE}} # Only required for Organizations, not personal accounts.
+ - name: Depcheck
+ uses: dependency-check/Dependency-Check_Action@main
+ id: Depcheck
+ with:
+ project: 'test'
+ path: '.'
+ format: 'HTML'
+ out: 'reports' # this is the default, no need to specify unless you wish to override it
+ args: >
+ --failOnCVSS 7
+ --enableRetired
+ - name: Upload Test results
+ uses: actions/upload-artifact@master
+ with:
+ name: Depcheck report
+ path: ${{github.workspace}}/reports
test-run_devopsshield_scan_linux:
name: Run DevOps Shield Scan Linux
needs:
diff --git a/labs/lab05.md b/labs/lab05.md
index 246fe1d..edd0deb 100644
--- a/labs/lab05.md
+++ b/labs/lab05.md
@@ -1,4 +1,4 @@
-# 5 - Custom actions
+# 5 - Holistic Compliance View with DevOps Shield UI
In this lab you will create and use custom actions.
> Duration: 15-20 minutes
@@ -9,9 +9,12 @@ References:
- [GitHub Actions Toolkit](https://github.com/actions/toolkit)
- [actions/github-script](https://github.com/actions/github-script)
-## 5.1 Use the github-script action to apply a label to an issue
+## 5.1 Run the Docker Container of DevOps Shield
-1. Open the workflow file [github-script.yml](/.github/workflows/github-script.yml)
+1. As per [DevOps Shield on DockerHub](https://hub.docker.com/r/devopsshield/devopsshield)
+```
+docker run -d -p 8080:8080 devopsshield/devopsshield
+```
2. Edit the file and copy the following YAML content at the end of the file:
```YAML
apply-label:
diff --git a/labs/lab06.md b/labs/lab06.md
deleted file mode 100644
index b81baea..0000000
--- a/labs/lab06.md
+++ /dev/null
@@ -1,50 +0,0 @@
-# 6 - Self-hosted runners
-In this lab you will create and use your self-hosted runners.
-> Duration: 10-15 minutes
-
-References:
-- [Adding self-hosted runners](https://docs.github.com/en/actions/hosting-your-own-runners/adding-self-hosted-runners)
-- [Using self-hosted runners in a workflow](https://docs.github.com/en/actions/hosting-your-own-runners/using-self-hosted-runners-in-a-workflow)
-
-## (Optional) 6.1 Add a self-hosted runner
-> Prerequisites: Access to a Cloud platform to create a runner machine
-
-1. If you have access to an Azure subscription, follow the guide to create a Linux virtual machine
- - [Create a Linux virtual machine](https://docs.microsoft.com/en-us/learn/modules/host-build-agent/4-create-build-agent)
-2. Create a new private repository `my-private-repo`
- - [Creating a new repository](https://docs.github.com/en/repositories/creating-and-managing-repositories/creating-a-new-repository)
-3. Follow the guide to install the agent on the runner
- - [Adding a self-hosted runner to a repository](https://docs.github.com/en/actions/hosting-your-own-runners/adding-self-hosted-runners#adding-a-self-hosted-runner-to-a-repository)
-4. Follow the guide to use the self-hosted runner in a workflow
- - [Using self-hosted runners in a workflow](https://docs.github.com/en/actions/hosting-your-own-runners/using-self-hosted-runners-in-a-workflow)
-5. Create a new workflow `.github/workflows/self-hosted-runners.yml` in your private repository and run the workflow on the self-hosted runner
-```YAML
-name: Self-Hosted Runners Hello
-
-on:
- workflow_dispatch:
- inputs:
- name:
- description: 'What is your name?'
- required: true
- default: 'World'
-
-jobs:
- say_hello_linux:
- name: Say Hello from Linux Self-Hosted Runner
- runs-on: [self-hosted, linux, x64, self-hosted-linux]
- steps:
- - name: Say hello from self-hosted linux runner
- run: |
- echo "Hello ${{ github.event.inputs.name }}, from self-hosted linux runner!"
-
- say_hello_windows:
- name: Say Hello from Windows Self-Hosted Runner
- runs-on: [self-hosted, windows, x64, self-hosted-windows]
- needs: say_hello_linux
- steps:
- - name: Say hello from self-hosted windows runner
- run: |
- echo "Hello ${{ github.event.inputs.name }}, from self-hosted windows runner!"
-```
-6. Clean up your runner resources if not needed
\ No newline at end of file
diff --git a/labs/lab07.md b/labs/lab07.md
deleted file mode 100644
index 44ea79c..0000000
--- a/labs/lab07.md
+++ /dev/null
@@ -1,230 +0,0 @@
-# 7 - CI/CD
-In this lab you will use CI/CD workflows.
-> Duration: 15-20 minutes
-
-References:
-- [About continuous integration](https://docs.github.com/en/actions/automating-builds-and-tests/about-continuous-integration)
-- [Using a build matrix for your jobs](https://docs.github.com/en/actions/using-jobs/using-a-build-matrix-for-your-jobs)
-- [Storing workflow data as artifacts](https://docs.github.com/en/actions/using-workflows/storing-workflow-data-as-artifacts)
-- [About continuous deployment](https://docs.github.com/en/actions/deployment/about-deployments/about-continuous-deployment)
-- [Using concurrency](https://docs.github.com/en/actions/using-jobs/using-concurrency)
-
-## 7.1 Update the CI workflow
-
-1. Open the workflow file [ci-workflow.yml](/.github/workflows/ci-workflow.yml)
-2. Edit the file and copy the following YAML content to replace the `strategy` of the `ci` job:
-```YAML
- strategy:
- # Cancel all matrix jobs if one of them fails
- fail-fast: true
- matrix:
- # our matrix for testing across node versions and OSs
- node-version: [12, 14, 16]
- os: [macos-latest, windows-latest, ubuntu-latest]
-```
-3. In the `ci` job, before the `deploy-test` job, copy the following YAML content to use the `upload-artifact` action:
-```YAML
- - shell: bash
- run: |
- echo 'Test upload artifact' > output.log
- - name: Upload output file
- uses: actions/upload-artifact@v4
- with:
- name: output-log-file
- path: output.log
-```
-4. In the `deploy-test` job, after the `checkout` action, copyt the following YAML content to use the `download-artifact` action
-```YAML
- - name: Download a single artifact
- uses: actions/download-artifact@v4
- with:
- name: output-log-file
-```
-5. Commit the changes into a new `feature/lab07` branch
-6. Open a new pull request from `Pull requests`
-> Make sure it is your repository pull request to not propose changes to the upstream repository. From the drop-down list choose the base repository to be yours.
-7. Once PR opened, go to `Actions` and see the details of your running workflow
-8. Once all checks have passed, click on the button `Merge pull request` to complete the PR
-9. Go to `Actions` and see the details of your running workflow
-
-## 7.2 Update the CD workflow
-
-1. Open the workflow file [cd-workflow.yml](/.github/workflows/cd-workflow.yml)
-2. Edit the file and copy the following YAML content before the `Deploy to production` step:
-```YAML
- - name: Download artifact from build job
- uses: actions/download-artifact@v4
- with:
- name: node-app
-```
-3. Update the workflow to run on push events
-```YAML
-on:
- push:
- branches: [main]
-```
-4. Commit the changes into the `main` branch
-5. Go to `Actions` and see the details of your running workflow
-
-## 7.3 Final
-
- ci-workflow.yml
-
-```YAML
-name: 07-1. CI Workflow
-
-# Trigger CI for every PR event, when PR has target branch = main
-on:
- push:
- branches: [main]
- pull_request:
- branches: [main]
-
-jobs:
- # The first job lints the code base
- lint:
- uses: githubabcs/gh-abcs-actions/.github/workflows/super-linter.yml@main
-
- # CI job to run a test suite on the code base
- ci:
- name: CI
- # We want to test across mutiple OSs, defined by our matrix
- runs-on: ${{ matrix.os }}
- needs: lint
- strategy:
- # Cancel all matrix jobs if one of them fails
- fail-fast: true
- matrix:
- # our matrix for testing across node versions and OSs
- node-version: [12, 14, 16]
- os: [macos-latest, windows-latest, ubuntu-latest]
-
- steps:
- - name: Checkout
- uses: actions/checkout@v4
-
- # Configure our node environment according to matrix
- - name: Setup node ${{ matrix.node-version }} on ${{ matrix.os }}
- uses: actions/setup-node@v4
- with:
- node-version: ${{ matrix.node-version }}
-
- - name: Run test suite
- run: |
- echo npm ci
- echo npm run build --if-present
- echo npm test
-
- # Add here the upload-artifact action
- - shell: bash
- run: |
- echo 'Test upload artifact' > output.log
- - name: Upload output file
- uses: actions/upload-artifact@v4
- with:
- name: output-log-file
- path: output.log
-
- # If both linting and CI succeeds we want to deploy the code to a test environment
- deploy-test:
- name: Deploy to test env
- runs-on: ubuntu-latest
- needs: ci
- environment:
- name: TEST
- url: https://test.company.com
- steps:
- - name: Checkout
- uses: actions/checkout@v4
-
- # Add here the download-artifact step
- - name: Download a single artifact
- uses: actions/download-artifact@v4
- with:
- name: output-log-file
-
- # Placeholder - this step would be some action or run commands that deploys the code
- - name: Deploy to test env
- if: ${{ success() }}
- run: |
- echo "Deploying to test environment"
-
-```
-
-
-
- cd-workflow.yml
-
-```YAML
-name: 07-2. CD Workflow
-
-on:
- push:
- branches: [main]
-
-env:
- AZURE_WEBAPP_NAME: your-app-name # set this to your application's name
- AZURE_WEBAPP_PACKAGE_PATH: '.' # set this to the path to your web app project, defaults to the repository root
- NODE_VERSION: '14.x' # set this to the node version to use
-
-# We only want to allow one deploy-to-prod workflow running at any point in time
-concurrency:
- group: cd-${{ github.ref }}
- cancel-in-progress: true
-
-jobs:
- build:
- name: Build
- runs-on: ubuntu-latest
- steps:
- - uses: actions/checkout@v4
-
- - name: Set up Node.js
- uses: actions/setup-node@v4
- with:
- node-version: ${{ env.NODE_VERSION }}
-
- - name: npm install, build, and test
- run: |
- echo npm install
- echo npm run build --if-present
- echo npm run test --if-present
-
- - name: Upload artifact for deployment job
- uses: actions/upload-artifact@v4
- with:
- name: node-app
- path: .
-
- deploy:
- name: Deploy
- runs-on: ubuntu-latest
- needs: build
-
- environment:
- name: PROD
- url: ${{ steps.deploy-to-webapp.outputs.webapp-url }}
-
- steps:
-
- # Add here the download-artifact step
- - name: Download artifact from build job
- uses: actions/download-artifact@v4
- with:
- name: node-app
-
- - name: Deploy to Prod
- if: ${{ success() }}
- run: echo "Specific deploy steps..."
-
- - name: 'Deploy to Azure WebApp'
- id: deploy-to-webapp
- uses: azure/webapps-deploy@v3
- continue-on-error: true
- with:
- app-name: ${{ env.AZURE_WEBAPP_NAME }}
- publish-profile: ${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE }}
- package: ${{ env.AZURE_WEBAPP_PACKAGE_PATH }}
-
-```
-
\ No newline at end of file
diff --git a/labs/setup.md b/labs/setup.md
index 7723391..fbcb714 100644
--- a/labs/setup.md
+++ b/labs/setup.md
@@ -24,9 +24,7 @@ References:
- [ ] Module 1: Introduction to Defect Dojo
- [ ] Module 2: Explore Your Kubernetes Cluster
- [ ] Module 3: Running the Basic and Advanced DevSecOps Pipelines
-- [ ] Module 4: Workflow Templates
-- [ ] Module 5: Custom actions
-- [ ] Module 6: Self-hosted runners
-- [ ] Module 7: CI/CD
+- [ ] Module 4: Adding Additional DevSecOps Controls
+- [ ] Module 5: Holistic Compliance View with DevOps Shield UI
```
7. Fetch upstream to get the latest changes from the upstream repository