Xygeni Scan with malicious package #7
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Xygeni Scan with malicious package | |
| on: | |
| workflow_dispatch: # Allows manual triggering | |
| # no push triggers | |
| # no pull request triggers | |
| # no schedule triggers | |
| jobs: | |
| xygeni-scan: | |
| name: Xygeni Scan | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Set up JDK 21 | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: '21' | |
| distribution: 'temurin' | |
| - uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 # Shallow clones should be disabled for better relevancy of analysis | |
| - name: Copying malicious files | |
| #if: ${{ github.event.inputs.dep-malware == 'true' }} | |
| run: | | |
| echo "Substituting package.json with package.json.unsafe !!!" | |
| cp package.json.unsafe package.json | |
| - name: Xygeni-Scanner | |
| uses: xygeni/[email protected] | |
| id: Xygeni-Scanner | |
| with: | |
| xygeni_url: https://api.xygeni.io | |
| token: ${{ secrets.XY_TOKEN_PRO_TRIAL3 }} | |
| gh_token: ${{ secrets.GH_PAT }} | |
| command: scan --run="deps,suspectdeps,misconf" --fail-on="file:${GITHUB_WORKSPACE}/GuardRails/deps-critical.xyflow" -n ${{ github.event.repository.name }}-${{ github.ref_name }} |