Workflows generated by the MVS plan #7
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Workflows generated by the MVS plan | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| client_payload: | |
| description: The Client payload | |
| required: true | |
| permissions: | |
| contents: read | |
| id-token: write | |
| jobs: | |
| enrich: | |
| if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'enrich' && fromJSON(github.event.inputs.client_payload).payload.workflow_slug == 'workflow-enrichment-code' | |
| runs-on: ubuntu-20.04 | |
| timeout-minutes: 20 | |
| steps: | |
| - name: enrichment | |
| uses: jitsecurity-controls/jit-github-action@v4.0.1 | |
| with: | |
| security_control: registry.jit.io/control-enrichment-slim:latest | |
| remediation-pr: | |
| if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'remediation-pr' && fromJSON(github.event.inputs.client_payload).payload.workflow_slug == 'workflow-remediation-pr' | |
| runs-on: ubuntu-20.04 | |
| timeout-minutes: 20 | |
| steps: | |
| - name: remediation-pr | |
| uses: jitsecurity-controls/jit-github-action@v4.0.1 | |
| with: | |
| security_control: registry.jit.io/open-remediation-pr-alpine:latest | |
| security_control_output_file: /opt/code/jit-report/results.json | |
| secret-detection: | |
| if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'secret-detection' && fromJSON(github.event.inputs.client_payload).payload.workflow_slug == 'workflow-secret-detection' | |
| runs-on: ubuntu-20.04 | |
| timeout-minutes: 20 | |
| steps: | |
| - name: gitleaks | |
| uses: jitsecurity-controls/jit-github-action@v4.0.1 | |
| with: | |
| security_control: registry.jit.io/control-gitleaks-alpine:latest | |
| security_control_output_file: /tmp/report.json | |
| software-component-analysis-go: | |
| if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'software-component-analysis-go' && fromJSON(github.event.inputs.client_payload).payload.workflow_slug == 'workflow-sca' | |
| runs-on: ubuntu-20.04 | |
| timeout-minutes: 20 | |
| steps: | |
| - name: nancy | |
| uses: jitsecurity-controls/jit-github-action@v4.0.1 | |
| with: | |
| security_control: registry.jit.io/control-nancy-alpine:latest | |
| software-component-analysis-js: | |
| if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'software-component-analysis-js' && fromJSON(github.event.inputs.client_payload).payload.workflow_slug == 'workflow-sca' | |
| runs-on: ubuntu-20.04 | |
| timeout-minutes: 20 | |
| steps: | |
| - name: npm-audit | |
| uses: jitsecurity-controls/jit-github-action@v4.0.1 | |
| with: | |
| security_control: registry.jit.io/control-npm-audit-slim:latest | |
| security_control_output_file: /code/jit-report/enriched-audit-results.json | |
| software-component-analysis-php: | |
| if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'software-component-analysis-php' && fromJSON(github.event.inputs.client_payload).payload.workflow_slug == 'workflow-sca' | |
| runs-on: ubuntu-20.04 | |
| timeout-minutes: 20 | |
| steps: | |
| - name: osv-scanner | |
| uses: jitsecurity-controls/jit-github-action@v4.0.1 | |
| with: | |
| security_control: registry.jit.io/control-osv-scanner-alpine:latest | |
| security_control_output_file: /code/jit-report/osv-scanner-results.json | |
| software-component-analysis-python: | |
| if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'software-component-analysis-python' && fromJSON(github.event.inputs.client_payload).payload.workflow_slug == 'workflow-sca' | |
| runs-on: ubuntu-20.04 | |
| timeout-minutes: 20 | |
| steps: | |
| - name: osv-scanner | |
| uses: jitsecurity-controls/jit-github-action@v4.0.1 | |
| with: | |
| security_control: registry.jit.io/control-osv-scanner-alpine:latest | |
| security_control_output_file: /code/jit-report/enriched-osv-scanner-results.json | |
| static-code-analysis-csharp: | |
| if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'static-code-analysis-csharp' && fromJSON(github.event.inputs.client_payload).payload.workflow_slug == 'workflow-sast' | |
| runs-on: ubuntu-20.04 | |
| timeout-minutes: 20 | |
| steps: | |
| - name: semgrep | |
| uses: jitsecurity-controls/jit-github-action@v4.0.1 | |
| with: | |
| security_control: registry.jit.io/control-semgrep-alpine:latest | |
| static-code-analysis-go: | |
| if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'static-code-analysis-go' && fromJSON(github.event.inputs.client_payload).payload.workflow_slug == 'workflow-sast' | |
| runs-on: ubuntu-20.04 | |
| timeout-minutes: 20 | |
| steps: | |
| - name: gosec | |
| uses: jitsecurity-controls/jit-github-action@v4.0.1 | |
| with: | |
| security_control: registry.jit.io/control-gosec-alpine:latest | |
| static-code-analysis-java: | |
| if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'static-code-analysis-java' && fromJSON(github.event.inputs.client_payload).payload.workflow_slug == 'workflow-sast' | |
| runs-on: ubuntu-20.04 | |
| timeout-minutes: 20 | |
| steps: | |
| - name: semgrep | |
| uses: jitsecurity-controls/jit-github-action@v4.0.1 | |
| with: | |
| security_control: registry.jit.io/control-semgrep-alpine:latest | |
| static-code-analysis-js: | |
| if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'static-code-analysis-js' && fromJSON(github.event.inputs.client_payload).payload.workflow_slug == 'workflow-sast' | |
| runs-on: ubuntu-20.04 | |
| timeout-minutes: 20 | |
| steps: | |
| - name: semgrep | |
| uses: jitsecurity-controls/jit-github-action@v4.0.1 | |
| with: | |
| security_control: registry.jit.io/control-semgrep-alpine:latest | |
| static-code-analysis-kotlin: | |
| if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'static-code-analysis-kotlin' && fromJSON(github.event.inputs.client_payload).payload.workflow_slug == 'workflow-sast' | |
| runs-on: ubuntu-20.04 | |
| timeout-minutes: 20 | |
| steps: | |
| - name: semgrep | |
| uses: jitsecurity-controls/jit-github-action@v4.0.1 | |
| with: | |
| security_control: registry.jit.io/control-semgrep-alpine:latest | |
| static-code-analysis-php: | |
| if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'static-code-analysis-php' && fromJSON(github.event.inputs.client_payload).payload.workflow_slug == 'workflow-sast' | |
| runs-on: ubuntu-20.04 | |
| timeout-minutes: 20 | |
| steps: | |
| - name: semgrep | |
| uses: jitsecurity-controls/jit-github-action@v4.0.1 | |
| with: | |
| security_control: registry.jit.io/control-semgrep-alpine:latest | |
| static-code-analysis-python-semgrep: | |
| if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'static-code-analysis-python-semgrep' && fromJSON(github.event.inputs.client_payload).payload.workflow_slug == 'workflow-sast' | |
| runs-on: ubuntu-20.04 | |
| timeout-minutes: 20 | |
| steps: | |
| - name: semgrep | |
| uses: jitsecurity-controls/jit-github-action@v4.0.1 | |
| with: | |
| security_control: registry.jit.io/control-semgrep-alpine:latest | |
| static-code-analysis-rust: | |
| if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'static-code-analysis-rust' && fromJSON(github.event.inputs.client_payload).payload.workflow_slug == 'workflow-sast' | |
| runs-on: ubuntu-20.04 | |
| timeout-minutes: 20 | |
| steps: | |
| - name: semgrep | |
| uses: jitsecurity-controls/jit-github-action@v4.0.1 | |
| with: | |
| security_control: registry.jit.io/control-semgrep-alpine:latest | |
| static-code-analysis-scala: | |
| if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'static-code-analysis-scala' && fromJSON(github.event.inputs.client_payload).payload.workflow_slug == 'workflow-sast' | |
| runs-on: ubuntu-20.04 | |
| timeout-minutes: 20 | |
| steps: | |
| - name: semgrep | |
| uses: jitsecurity-controls/jit-github-action@v4.0.1 | |
| with: | |
| security_control: registry.jit.io/control-semgrep-alpine:latest | |
| static-code-analysis-swift: | |
| if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'static-code-analysis-swift' && fromJSON(github.event.inputs.client_payload).payload.workflow_slug == 'workflow-sast' | |
| runs-on: ubuntu-20.04 | |
| timeout-minutes: 20 | |
| steps: | |
| - name: semgrep | |
| uses: jitsecurity-controls/jit-github-action@v4.0.1 | |
| with: | |
| security_control: registry.jit.io/control-semgrep-alpine:latest | |