BST-17999 Add the github-actions scan tests (#269)

lindycoder · web-flow · commit 9c021ee6080d · 2025-12-04T11:55:52.000-05:00
diff --git a/.github/workflows/scan-test.yml b/.github/workflows/scan-test.yml
@@ -0,0 +1,37 @@
+name: Scan Tests
+
+on:
+  pull_request:
+    types: [opened, synchronize, reopened]
+    paths: ['scanners/**']
+
+jobs:
+  github-action:
+    name: Github Actions
+    runs-on: ubuntu-latest
+    steps:
+      - name: Generate GitHub App Token
+        id: github-token
+        uses: actions/create-github-app-token@v1
+        with:
+          app-id: ${{ secrets.BOOST_SCAN_RUNNER_GITHUB_APP_ID }}
+          private-key: ${{ secrets.BOOST_SCAN_RUNNER_GITHUB_APP_PRIVATE_KEY }}
+          owner: boostsecurityio
+          repositories: scan-test-runner-gitbub-actions
+      - name: Checkout scanner registry
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0  # Need full history to detect changes
+      - name: Run Tests
+        uses: boostsecurityio/scan-test-action@53e2f687ab93ac5d150b88abd7341b72f6fbf384
+        with:
+          provider: github-actions
+          provider-config: |
+            {
+              "token": "${{ steps.github-token.outputs.token }}",
+              "owner": "boostsecurityio",
+              "repo": "scan-test-runner-gitbub-actions",
+              "workflow_id": "test-scanner.yml"
+            }
+          registry-repo: "${{ github.repository_owner }}/${{ github.event.repository.name }}"
+          base-ref: "${{ github.base_ref }}"
diff --git a/scanners/boostsecurityio/trivy-fs/tests.yaml b/scanners/boostsecurityio/trivy-fs/tests.yaml
@@ -1,12 +1,12 @@
 version: "1.0"
 tests:
-  - name: "gitleaks"
-    type: "source-code"
-    source:
-      url: "git@github.com:gitleaks/gitleaks.git"
-      ref: "v8.15.2"
   - name: "osv-scanner"
     type: "source-code"
     source:
       url: "git@github.com:google/osv-scanner.git"
       ref: "main"
+  - name: "gitleaks"
+    type: "source-code"
+    source:
+      url: "git@github.com:gitleaks/gitleaks.git"
+      ref: "v8.15.2"
diff --git a/scanners/boostsecurityio/trivy-image/tests.yaml b/scanners/boostsecurityio/trivy-image/tests.yaml
@@ -6,5 +6,5 @@ tests:
       url: "https://github.com/martin-boost-dev/boost-poc-registry-testing-trivy"
       ref: "main"
     scan_paths:
-      - "rclone"
       - "osv-scanner"
+      - "rclone"
