Skip to content

Sample Secure Pipeline with GithHub Actions - Ideal for Open Source Projects

License

Notifications You must be signed in to change notification settings

rmkanda/gh-actions-secure-pipeline-java-demo

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

[Java] [GitHub Actions] Secure Pipelines Demo

Secure Pipeline Demo - Java

Sample Secure Pipeline with GithHub Actions - Ideal for Open Source Projects

Setup

  • Add Snyk API Token in GitHub Repositority Secrets - SNYK_TOKEN
  • Add Git Guardian API Token for in GitHub Repositority Secrets - GITGUARDIAN_API_KEY

Actions Used

Step Github Action Comments Open Source Alternative
Secrets Scanner GitGuardian truffleHog
SCA - Dependency Checker snyk OWASP Dependency Check
Static Code Analysis Spot Bugs
Static Code Analysis CodeQL
Container Scan Anchore
Container Lint Dockle
K8s Hardening Dockle
License Checker License finder
DAST OWASP ZAP Basline Scan

Pipeline

GitHub Pipeline