Skip to content

Commit

Permalink
Sync with plan
Browse files Browse the repository at this point in the history
  • Loading branch information
jit-ci[bot] authored Nov 2, 2023
1 parent 10a4f8b commit 76e373e
Showing 1 changed file with 111 additions and 0 deletions.
111 changes: 111 additions & 0 deletions .github/workflows/jit-security.yml
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,17 @@ jobs:
with:
security_control: registry.jit.io/control-enrichment-slim:latest

remediation-pr:
if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'remediation-pr' && fromJSON(github.event.inputs.client_payload).payload.workflow_slug == 'workflow-remediation-pr'
runs-on: ubuntu-20.04
timeout-minutes: 20
steps:
- name: remediation-pr
uses: jitsecurity-controls/[email protected]
with:
security_control: registry.jit.io/open-remediation-pr-alpine:latest
security_control_output_file: /opt/code/jit-report/results.json

secret-detection:
if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'secret-detection' && fromJSON(github.event.inputs.client_payload).payload.workflow_slug == 'workflow-secret-detection'
runs-on: ubuntu-20.04
Expand All @@ -32,4 +43,104 @@ jobs:
with:
security_control: registry.jit.io/control-gitleaks-alpine:latest
security_control_output_file: /tmp/report.json

static-code-analysis-csharp:
if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'static-code-analysis-csharp' && fromJSON(github.event.inputs.client_payload).payload.workflow_slug == 'workflow-sast'
runs-on: ubuntu-20.04
timeout-minutes: 20
steps:
- name: semgrep
uses: jitsecurity-controls/[email protected]
with:
security_control: registry.jit.io/control-semgrep-alpine:latest

static-code-analysis-go:
if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'static-code-analysis-go' && fromJSON(github.event.inputs.client_payload).payload.workflow_slug == 'workflow-sast'
runs-on: ubuntu-20.04
timeout-minutes: 20
steps:
- name: gosec
uses: jitsecurity-controls/[email protected]
with:
security_control: registry.jit.io/control-gosec-alpine:latest

static-code-analysis-java:
if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'static-code-analysis-java' && fromJSON(github.event.inputs.client_payload).payload.workflow_slug == 'workflow-sast'
runs-on: ubuntu-20.04
timeout-minutes: 20
steps:
- name: semgrep
uses: jitsecurity-controls/[email protected]
with:
security_control: registry.jit.io/control-semgrep-alpine:latest

static-code-analysis-js:
if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'static-code-analysis-js' && fromJSON(github.event.inputs.client_payload).payload.workflow_slug == 'workflow-sast'
runs-on: ubuntu-20.04
timeout-minutes: 20
steps:
- name: semgrep
uses: jitsecurity-controls/[email protected]
with:
security_control: registry.jit.io/control-semgrep-alpine:latest

static-code-analysis-kotlin:
if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'static-code-analysis-kotlin' && fromJSON(github.event.inputs.client_payload).payload.workflow_slug == 'workflow-sast'
runs-on: ubuntu-20.04
timeout-minutes: 20
steps:
- name: semgrep
uses: jitsecurity-controls/[email protected]
with:
security_control: registry.jit.io/control-semgrep-alpine:latest

static-code-analysis-php:
if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'static-code-analysis-php' && fromJSON(github.event.inputs.client_payload).payload.workflow_slug == 'workflow-sast'
runs-on: ubuntu-20.04
timeout-minutes: 20
steps:
- name: semgrep
uses: jitsecurity-controls/[email protected]
with:
security_control: registry.jit.io/control-semgrep-alpine:latest

static-code-analysis-python-semgrep:
if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'static-code-analysis-python-semgrep' && fromJSON(github.event.inputs.client_payload).payload.workflow_slug == 'workflow-sast'
runs-on: ubuntu-20.04
timeout-minutes: 20
steps:
- name: semgrep
uses: jitsecurity-controls/[email protected]
with:
security_control: registry.jit.io/control-semgrep-alpine:latest

static-code-analysis-rust:
if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'static-code-analysis-rust' && fromJSON(github.event.inputs.client_payload).payload.workflow_slug == 'workflow-sast'
runs-on: ubuntu-20.04
timeout-minutes: 20
steps:
- name: semgrep
uses: jitsecurity-controls/[email protected]
with:
security_control: registry.jit.io/control-semgrep-alpine:latest

static-code-analysis-scala:
if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'static-code-analysis-scala' && fromJSON(github.event.inputs.client_payload).payload.workflow_slug == 'workflow-sast'
runs-on: ubuntu-20.04
timeout-minutes: 20
steps:
- name: semgrep
uses: jitsecurity-controls/[email protected]
with:
security_control: registry.jit.io/control-semgrep-alpine:latest

static-code-analysis-swift:
if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'static-code-analysis-swift' && fromJSON(github.event.inputs.client_payload).payload.workflow_slug == 'workflow-sast'
runs-on: ubuntu-20.04
timeout-minutes: 20
steps:
- name: semgrep
uses: jitsecurity-controls/[email protected]
with:
security_control: registry.jit.io/control-semgrep-alpine:latest

0 comments on commit 76e373e

Please sign in to comment.