From b9b0ee00f1a459b28686c129f4ecca168547940f Mon Sep 17 00:00:00 2001 From: Dixit Date: Tue, 26 Aug 2025 09:08:39 +0530 Subject: [PATCH] cleanup github integrations --- .github/dependabot.yml | 2 +- .github/workflows/codeql-evidence-example.yml | 15 ++++++++------- .github/workflows/dependabot-evidence-example.yml | 5 +++-- examples/{ => github}/codeql/README.md | 1 + examples/{ => github}/codeql/codeql-config.yml | 2 +- examples/{ => github}/codeql/go/go.mod | 0 examples/{ => github}/codeql/go/main.go | 0 examples/{ => github}/codeql/js/index.js | 0 examples/{ => github}/codeql/js/package.json | 0 .../codeql/queries/go/codeql-pack.lock.yml | 0 .../codeql/queries/go/go-too-many-params.ql | 0 .../{ => github}/codeql/queries/go/qlpack.yml | 0 .../codeql/queries/js/codeql-pack.lock.yml | 0 .../codeql/queries/js/js-too-many-params.ql | 0 .../{ => github}/codeql/queries/js/qlpack.yml | 0 examples/{ => github}/codeql/sarif_to_markdown.py | 0 examples/{ => github}/dependabot/Dockerfile | 2 +- examples/{ => github}/dependabot/README.md | 3 ++- .../{ => github}/dependabot/markdown_helper.py | 0 examples/{ => github}/dependabot/requirements.txt | 0 20 files changed, 17 insertions(+), 13 deletions(-) rename examples/{ => github}/codeql/README.md (99%) rename examples/{ => github}/codeql/codeql-config.yml (90%) rename examples/{ => github}/codeql/go/go.mod (100%) rename examples/{ => github}/codeql/go/main.go (100%) rename examples/{ => github}/codeql/js/index.js (100%) rename examples/{ => github}/codeql/js/package.json (100%) rename examples/{ => github}/codeql/queries/go/codeql-pack.lock.yml (100%) rename examples/{ => github}/codeql/queries/go/go-too-many-params.ql (100%) rename examples/{ => github}/codeql/queries/go/qlpack.yml (100%) rename examples/{ => github}/codeql/queries/js/codeql-pack.lock.yml (100%) rename examples/{ => github}/codeql/queries/js/js-too-many-params.ql (100%) rename examples/{ => github}/codeql/queries/js/qlpack.yml (100%) rename examples/{ => github}/codeql/sarif_to_markdown.py (100%) rename examples/{ => github}/dependabot/Dockerfile (70%) rename examples/{ => github}/dependabot/README.md (97%) rename examples/{ => github}/dependabot/markdown_helper.py (100%) rename examples/{ => github}/dependabot/requirements.txt (100%) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 94dffb5..feb6a41 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,6 +1,6 @@ version: 2 updates: - package-ecosystem: "pip" - directory: "/examples/dependabot" + directory: "/examples/github/dependabot" schedule: interval: "monthly" diff --git a/.github/workflows/codeql-evidence-example.yml b/.github/workflows/codeql-evidence-example.yml index 147514a..0eff980 100644 --- a/.github/workflows/codeql-evidence-example.yml +++ b/.github/workflows/codeql-evidence-example.yml @@ -18,9 +18,9 @@ jobs: matrix: language_details: - name: javascript - queries_path: ./examples/codeql/queries/js + queries_path: ./examples/github/codeql/queries/js - name: go - queries_path: ./examples/codeql/queries/go + queries_path: ./examples/github/codeql/queries/go steps: # Build and publish the packages to JFrog Artifactory @@ -32,12 +32,12 @@ jobs: - uses: actions/checkout@v4 with: sparse-checkout: | - examples/codeql/** + examples/github/codeql/** sparse-checkout-cone-mode: false - name: Build and Publish ${{ matrix.language_details.name }} package env: - GO_CODE_PATH: examples/codeql/go - JS_CODE_PATH: examples/codeql/js + GO_CODE_PATH: examples/github/codeql/go + JS_CODE_PATH: examples/github/codeql/js run: | if [ ${{ matrix.language_details.name }} == 'go' ]; then cd $GO_CODE_PATH @@ -62,7 +62,7 @@ jobs: uses: github/codeql-action/init@v3 with: languages: ${{ matrix.language_details.name }} - config-file: examples/codeql/codeql-config.yml + config-file: examples/github/codeql/codeql-config.yml queries: ${{ matrix.language_details.queries_path }} - name: Run CodeQL Analysis for ${{ matrix.language_details.name }} @@ -76,7 +76,7 @@ jobs: - name: Generate optional custom markdown report if: env.ATTACH_OPTIONAL_CUSTOM_MARKDOWN_TO_EVIDENCE == 'true' run: | - python ./examples/codeql/sarif_to_markdown.py \ + python ./examples/github/codeql/sarif_to_markdown.py \ results-${{ matrix.language_details.name }}/${{ matrix.language_details.name }}.sarif \ results-${{ matrix.language_details.name }}/${{ matrix.language_details.name }}-report.md @@ -104,5 +104,6 @@ jobs: --key-alias "${{ vars.EVIDENCE_KEY_ALIAS }}" \ --predicate "results-javascript/javascript.sarif" \ --predicate-type "http://github.com/CodeQL/static-analysis" \ + --provider-id "github" \ ${{ env.ATTACH_OPTIONAL_CUSTOM_MARKDOWN_TO_EVIDENCE == 'true' && '--markdown "results-javascript/javascript-report.md"' || '' }} fi diff --git a/.github/workflows/dependabot-evidence-example.yml b/.github/workflows/dependabot-evidence-example.yml index 80b41cc..21f456a 100644 --- a/.github/workflows/dependabot-evidence-example.yml +++ b/.github/workflows/dependabot-evidence-example.yml @@ -28,7 +28,7 @@ jobs: uses: actions/checkout@v4 - name: Build and Push Docker Image to Artifactory run: | - docker build -f ./examples/dependabot/Dockerfile . --tag $REGISTRY_DOMAIN/$REPO_NAME/$IMAGE_NAME:$VERSION + docker build -f ./examples/github/dependabot/Dockerfile . --tag $REGISTRY_DOMAIN/$REPO_NAME/$IMAGE_NAME:$VERSION jf rt docker-push $REGISTRY_DOMAIN/$REPO_NAME/$IMAGE_NAME:$VERSION $REPO_NAME --build-name=$BUILD_NAME --build-number=$VERSION # Fetch Dependabot Vulnerability Snapshot @@ -64,7 +64,7 @@ jobs: IMAGE_ID=$(docker images --format "{{.ID}}" "$ARTIFACT_NAME") IMAGE_SIZE=$(docker images --format "{{.Size}}" "$ARTIFACT_NAME" | sed 's/MB//' | awk '{print $1 * 1024 * 1024}') SCAN_DATE=$(date -u +"%Y-%m-%dT%H:%M:%SZ") - python ./examples/dependabot/markdown_helper.py \ + python ./examples/github/dependabot/markdown_helper.py \ "dependabot.json" \ "dependabot_report.md" \ "$REGISTRY_DOMAIN/$REPO_NAME/$IMAGE_NAME:$VERSION" \ @@ -83,4 +83,5 @@ jobs: --key-alias "${{ vars.EVIDENCE_KEY_ALIAS }}" \ --predicate ./dependabot.json \ --predicate-type http://Github.com/Dependabot/static-analysis \ + --provider-id "github" \ ${{ env.ATTACH_OPTIONAL_CUSTOM_MARKDOWN_TO_EVIDENCE == 'true' && '--markdown "dependabot_report.md"' || '' }} \ No newline at end of file diff --git a/examples/codeql/README.md b/examples/github/codeql/README.md similarity index 99% rename from examples/codeql/README.md rename to examples/github/codeql/README.md index ad2f257..887b8f9 100644 --- a/examples/codeql/README.md +++ b/examples/github/codeql/README.md @@ -94,6 +94,7 @@ jf evd create \ --key-alias ${{ vars.CODEQL_KEY_ALIAS }} \ --predicate "results-javascript/javascript.sarif" \ --predicate-type "http://github.com/CodeQL/static-analysis" \ +--provider-id "github" \ --markdown "results-javascript/javascript-report.md" ``` diff --git a/examples/codeql/codeql-config.yml b/examples/github/codeql/codeql-config.yml similarity index 90% rename from examples/codeql/codeql-config.yml rename to examples/github/codeql/codeql-config.yml index 4ed78c1..d66df40 100644 --- a/examples/codeql/codeql-config.yml +++ b/examples/github/codeql/codeql-config.yml @@ -13,4 +13,4 @@ paths-ignore: - '**/*.spec.ts' paths: - - examples/codeql/ + - examples/github/codeql/ diff --git a/examples/codeql/go/go.mod b/examples/github/codeql/go/go.mod similarity index 100% rename from examples/codeql/go/go.mod rename to examples/github/codeql/go/go.mod diff --git a/examples/codeql/go/main.go b/examples/github/codeql/go/main.go similarity index 100% rename from examples/codeql/go/main.go rename to examples/github/codeql/go/main.go diff --git a/examples/codeql/js/index.js b/examples/github/codeql/js/index.js similarity index 100% rename from examples/codeql/js/index.js rename to examples/github/codeql/js/index.js diff --git a/examples/codeql/js/package.json b/examples/github/codeql/js/package.json similarity index 100% rename from examples/codeql/js/package.json rename to examples/github/codeql/js/package.json diff --git a/examples/codeql/queries/go/codeql-pack.lock.yml b/examples/github/codeql/queries/go/codeql-pack.lock.yml similarity index 100% rename from examples/codeql/queries/go/codeql-pack.lock.yml rename to examples/github/codeql/queries/go/codeql-pack.lock.yml diff --git a/examples/codeql/queries/go/go-too-many-params.ql b/examples/github/codeql/queries/go/go-too-many-params.ql similarity index 100% rename from examples/codeql/queries/go/go-too-many-params.ql rename to examples/github/codeql/queries/go/go-too-many-params.ql diff --git a/examples/codeql/queries/go/qlpack.yml b/examples/github/codeql/queries/go/qlpack.yml similarity index 100% rename from examples/codeql/queries/go/qlpack.yml rename to examples/github/codeql/queries/go/qlpack.yml diff --git a/examples/codeql/queries/js/codeql-pack.lock.yml b/examples/github/codeql/queries/js/codeql-pack.lock.yml similarity index 100% rename from examples/codeql/queries/js/codeql-pack.lock.yml rename to examples/github/codeql/queries/js/codeql-pack.lock.yml diff --git a/examples/codeql/queries/js/js-too-many-params.ql b/examples/github/codeql/queries/js/js-too-many-params.ql similarity index 100% rename from examples/codeql/queries/js/js-too-many-params.ql rename to examples/github/codeql/queries/js/js-too-many-params.ql diff --git a/examples/codeql/queries/js/qlpack.yml b/examples/github/codeql/queries/js/qlpack.yml similarity index 100% rename from examples/codeql/queries/js/qlpack.yml rename to examples/github/codeql/queries/js/qlpack.yml diff --git a/examples/codeql/sarif_to_markdown.py b/examples/github/codeql/sarif_to_markdown.py similarity index 100% rename from examples/codeql/sarif_to_markdown.py rename to examples/github/codeql/sarif_to_markdown.py diff --git a/examples/dependabot/Dockerfile b/examples/github/dependabot/Dockerfile similarity index 70% rename from examples/dependabot/Dockerfile rename to examples/github/dependabot/Dockerfile index fe51350..dc34f32 100644 --- a/examples/dependabot/Dockerfile +++ b/examples/github/dependabot/Dockerfile @@ -2,7 +2,7 @@ FROM python:3.7-slim-buster WORKDIR /app -COPY ./examples/dependabot/requirements.txt . +COPY ./examples/github/dependabot/requirements.txt . RUN pip install --no-cache-dir -r requirements.txt diff --git a/examples/dependabot/README.md b/examples/github/dependabot/README.md similarity index 97% rename from examples/dependabot/README.md rename to examples/github/dependabot/README.md index c679e42..b8d6b1e 100644 --- a/examples/dependabot/README.md +++ b/examples/github/dependabot/README.md @@ -72,7 +72,7 @@ The Fetch Dependabot Vulnerability Snapshot step retrieves Dependabot alerts and The workflow first builds a Docker image and pushes it to your Artifactory instance. This image acts as the "subject" to which the Dependabot evidence will be attached. ```bash - docker build -f ./examples/dependabot/Dockerfile . --tag $REGISTRY_DOMAIN/$REPO_NAME/$IMAGE_NAME:$VERSION + docker build -f ./examples/github/dependabot/Dockerfile . --tag $REGISTRY_DOMAIN/$REPO_NAME/$IMAGE_NAME:$VERSION jf rt docker-push $REGISTRY_DOMAIN/$REPO_NAME/$IMAGE_NAME:$VERSION $REPO_NAME --build-name=$BUILD_NAME --build-number=$VERSION ``` - **Fetch Dependabot Vulnerability Snapshot** @@ -108,6 +108,7 @@ The Fetch Dependabot Vulnerability Snapshot step retrieves Dependabot alerts and --package-repo-name $REPO_NAME \ --key "${{ secrets.TEST_PRVT_KEY }}" \ --key-alias ${{ vars.TEST_PUB_KEY_ALIAS }} \ + --provider-id "github" \ --predicate ./dependabot.json \ --predicate-type http://Github.com/Dependabot/static-analysis ``` diff --git a/examples/dependabot/markdown_helper.py b/examples/github/dependabot/markdown_helper.py similarity index 100% rename from examples/dependabot/markdown_helper.py rename to examples/github/dependabot/markdown_helper.py diff --git a/examples/dependabot/requirements.txt b/examples/github/dependabot/requirements.txt similarity index 100% rename from examples/dependabot/requirements.txt rename to examples/github/dependabot/requirements.txt