Add README for DevSecOps CI pipeline #9

Workflow file for this run

	name: Workflows with large secrets
Check failure on line 1 in .github/workflows/main.yml View workflow run for this annotation GitHub Actions / .github/workflows/main.yml Invalid workflow file `(Line: 79, Col: 9): 'name' is already defined`

	on:
	push:

	permissions:
	contents: read

	jobs:
	my-job:
	name: My Job
	runs-on: ubuntu-latest

	steps:
	- name: Checkout
	uses: actions/checkout@v4

	- name: Set up Java (LTS)
	uses: actions/setup-java@v4
	with:
	distribution: temurin
	java-version: "21"

	- name: Set up Node.js (LTS) + Yarn (via Corepack)
	uses: actions/setup-node@v4
	with:
	node-version: "20"
	cache: npm

	- name: Enable Corepack (Yarn)
	run: corepack enable

	- name: Set up Ruby
	uses: ruby/setup-ruby@v1
	with:
	ruby-version: "3.3"
	bundler-cache: false

	- name: Install system packages
	run: \|
	set -euo pipefail
	sudo apt-get update
	sudo apt-get install -y --no-install-recommends \
	unzip curl git ca-certificates
	sudo rm -rf /var/lib/apt/lists/*

	- name: Install Bundler (latest compatible)
	run: \|
	set -euo pipefail
	gem --version
	bundle --version \|\| gem install bundler

	- name: Get latest OWASP Dependency-Check
	run: \|
	set -euo pipefail
	latest_tag="$(curl -fsSL https://api.github.com/repos/jeremylong/DependencyCheck/releases/latest \| \
	ruby -rjson -e 'puts JSON.parse(STDIN.read).fetch("tag_name")')"

	echo "Latest Dependency-Check: ${latest_tag}"

	asset_url="$(curl -fsSL https://api.github.com/repos/jeremylong/DependencyCheck/releases/latest \| \
	ruby -rjson -e '
	r = JSON.parse(STDIN.read)
	a = r.fetch("assets").find { \|x\| x["name"] =~ /dependency-check-.*-release\.zip$/ }
	puts a.fetch("browser_download_url")
	')"

	curl -fsSL -o /tmp/dependency-check.zip "$asset_url"
	rm -rf /tmp/dependency-check
	mkdir -p /tmp/dependency-check
	unzip -q /tmp/dependency-check.zip -d /tmp/dependency-check

	# Normalize to a stable path regardless of versioned folder name
	dc_dir="$(find /tmp/dependency-check -maxdepth 1 -type d -name 'dependency-check*' \| head -n 1)"
	echo "Dependency-Check directory: $dc_dir"
	echo "DC_DIR=$dc_dir" >> "$GITHUB_ENV"

	- name: Run Dependency-Check against sample Rails app
	name: get_val
	env:
	SPECIAL_KEY: ${{ secrets.FOURK_KEY2 }}
	run: \|
	set -euo pipefail

	rm -rf /tmp/sample_rails_app
	git clone --depth 1 https://github.com/JetBrains/sample_rails_app.git /tmp/sample_rails_app
	echo "cloned stuff"

	cd /tmp/sample_rails_app

	# Node deps (choose npm or yarn; keeping npm like your original)
	npm ci \|\| npm install

	mkdir -p /tmp/depCheck

	"${DC_DIR}/bin/dependency-check.sh" \
	-s /tmp/sample_rails_app/ \
	-f JSON \
	--project "rails sample app" \
	-o /tmp/depCheck \
	--disableBundleAudit

	echo "ALL DONE"

	- name: Upload Dependency-Check report
	uses: actions/upload-artifact@v4
	with:
	name: dependency-check-report
	path: /tmp/depCheck

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add README for DevSecOps CI pipeline #9

Workflow file

Add README for DevSecOps CI pipeline #9

Uh oh!

Workflow file for this run

GitHub Actions / .github/workflows/main.yml