From 65982ed9121b49aead52c90e70f8ed004527e31f Mon Sep 17 00:00:00 2001 From: pratik-blueconchtech <91747326+pratik-blueconchtech@users.noreply.github.com> Date: Tue, 23 Nov 2021 17:42:17 +0530 Subject: [PATCH 1/4] Update README.md --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 4205b287..bc79389e 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ This is a sample Web Application to use during Continuous Integration demos. -#Build Instruction +#Build Instruction 12345 ``` mvn3 clean package @@ -12,4 +12,4 @@ Deploy ```target/WebApp.war``` on Tomcat #TODO -Add instruction to deploy to ElasticBeanstalk \ No newline at end of file +Add instruction to deploy to ElasticBeanstalk From 3787e2f67cb3f3fb5075ae8197cda17431bd9cfa Mon Sep 17 00:00:00 2001 From: pratik-blueconchtech <91747326+pratik-blueconchtech@users.noreply.github.com> Date: Wed, 24 Nov 2021 16:00:38 +0530 Subject: [PATCH 2/4] Create shiftleft-analysis.yml --- .github/workflows/shiftleft-analysis.yml | 47 ++++++++++++++++++++++++ 1 file changed, 47 insertions(+) create mode 100644 .github/workflows/shiftleft-analysis.yml diff --git a/.github/workflows/shiftleft-analysis.yml b/.github/workflows/shiftleft-analysis.yml new file mode 100644 index 00000000..5ff65d69 --- /dev/null +++ b/.github/workflows/shiftleft-analysis.yml @@ -0,0 +1,47 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +# This workflow integrates Scan with GitHub's code scanning feature +# Scan is a free open-source security tool for modern DevOps teams from ShiftLeft +# Visit https://slscan.io/en/latest/integrations/code-scan for help +name: SL Scan + +on: + push: + branches: [ master ] + pull_request: + # The branches below must be a subset of the branches above + branches: [ master ] + schedule: + - cron: '24 13 * * 4' + +jobs: + Scan-Build: + # Scan runs on ubuntu, mac and windows + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + # Instructions + # 1. Setup JDK, Node.js, Python etc depending on your project type + # 2. Compile or build the project before invoking scan + # Example: mvn compile, or npm install or pip install goes here + # 3. Invoke Scan with the github token. Leave the workspace empty to use relative url + + - name: Perform Scan + uses: ShiftLeftSecurity/scan-action@39af9e54bc599c8077e710291d790175c9231f64 + env: + WORKSPACE: "" + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + SCAN_AUTO_BUILD: true + with: + output: reports + # Scan auto-detects the languages in your project. To override uncomment the below variable and set the type + # type: credscan,java + # type: python + + - name: Upload report + uses: github/codeql-action/upload-sarif@v1 + with: + sarif_file: reports From cf2cb15c7d5d26f898d34baf3e818c74a292c2ae Mon Sep 17 00:00:00 2001 From: pratik-blueconchtech <91747326+pratik-blueconchtech@users.noreply.github.com> Date: Wed, 24 Nov 2021 18:52:54 +0530 Subject: [PATCH 3/4] Update codeql-analysis.yml --- .github/workflows/codeql-analysis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index bd55bae8..12cd5c49 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -32,7 +32,7 @@ jobs: strategy: fail-fast: false matrix: - language: [ 'java' ] + language: [ 'javascript' ] # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ] # Learn more about CodeQL language support at https://git.io/codeql-language-support From aef537f4d77a74db3b102315bb3bf79c311b46dc Mon Sep 17 00:00:00 2001 From: pratik-blueconchtech <91747326+pratik-blueconchtech@users.noreply.github.com> Date: Sun, 28 Nov 2021 17:29:46 +0530 Subject: [PATCH 4/4] Update codeql-analysis.yml --- .github/workflows/codeql-analysis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 12cd5c49..bd55bae8 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -32,7 +32,7 @@ jobs: strategy: fail-fast: false matrix: - language: [ 'javascript' ] + language: [ 'java' ] # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ] # Learn more about CodeQL language support at https://git.io/codeql-language-support