Skip to content

Commit ae40d5d

Browse files
abhisheksr01abhisheksr01
committed
ci(pipeline.yml): #276 add static analysis jobs in github action
1 parent 81ae1a1 commit ae40d5d

File tree

2 files changed

+22
-56
lines changed

2 files changed

+22
-56
lines changed

.github/workflows/pipeline.yml

Lines changed: 22 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,7 @@ name: CICD Pipeline
22
on:
33
push:
44
branches: [ 'main' ]
5+
pull_request:
56

67
jobs:
78
build:
@@ -22,7 +23,6 @@ jobs:
2223
~/.gradle/wrapper
2324
- run: ( ./gradlew build -x test )
2425
name: "Executing build"
25-
2626
unit-test:
2727
runs-on: ubuntu-latest
2828
needs: build
@@ -83,4 +83,24 @@ jobs:
8383
- run: ( ./gradlew dependencyCheckAnalyze -PUseNVDKey )
8484
name: "Executing dependency vulnerability checks"
8585
env:
86-
NVD_API_KEY: ${{ secrets.NVD_API_KEY }}
86+
NVD_API_KEY: ${{ secrets.NVD_API_KEY }}
87+
sast-code-snyk:
88+
runs-on: ubuntu-latest
89+
needs: build
90+
steps:
91+
- uses: actions/checkout@v4
92+
- name: Run Snyk to static code analysis for vulnerabilities
93+
uses: snyk/actions/node@master
94+
env:
95+
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}§
96+
sast-dockerfile-trivy:
97+
runs-on: ubuntu-latest
98+
needs: build
99+
steps:
100+
- uses: actions/checkout@v4
101+
- name: Run Trivy vulnerability scanner in IaC mode
102+
uses: aquasecurity/[email protected]
103+
with:
104+
scan-type: 'config'
105+
exit-code: '1'
106+
severity: 'CRITICAL,HIGH'

.github/workflows/pr.yml

Lines changed: 0 additions & 54 deletions
This file was deleted.

0 commit comments

Comments
 (0)