lint, dast,sast

seaniesean · Jan 31, 2024 · 5ba3463 · 5ba3463
1 parent db65527
commit 5ba3463
Show file tree

Hide file tree

Showing 6 changed files with 118 additions and 69 deletions.
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
@@ -0,0 +1,39 @@
+name: "linting-tool-scan"
+
+on:
+  push:
+    branches: [githubcicd]
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        node-version: [16.x]
+
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Install Dependencies
+        if: steps.cache-nodemodules.outputs.cache-hit != 'true'
+        run: |
+          npm ci --force
+
+      - name: Installing JSHint
+        run: |
+          sudo npm install -g jshint
+
+      - name: Change script permission
+        run: |
+          chmod +x scripts/jshint-script.sh
+
+      - name: Run scan with JSHint
+        run: scripts/jshint-script.sh
+
+      - name: Archive production artifacts
+        uses: actions/upload-artifact@v2
+        with:
+          name: linting tool report
+          path: |
+            ./JSHint-report
diff --git a/.github/workflows/sast-scan.yml b/.github/workflows/sast-scan.yml
@@ -0,0 +1,37 @@
+name: "sast-scan"
+
+on:
+  push:
+    branches: [githubcicd]
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        node-version: [16.x]
+
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Install Dependencies
+        if: steps.cache-nodemodules.outputs.cache-hit != 'true'
+        run: |
+          npm ci --force
+
+      - name: OWASP Dependency Check
+        run: |
+          wget https://github.com/jeremylong/DependencyCheck/releases/download/v7.2.0/dependency-check-7.2.0-release.zip
+          unzip dependency-check-7.2.0-release.zip
+
+      - name: Run scan with ODC
+        run: |
+          dependency-check/bin/dependency-check.sh --project "bitcoin" --scan . > ODC-report
+
+      - name: Archive production artifacts
+        uses: actions/upload-artifact@v2
+        with:
+          name: sast report
+          path: |
+            ./ODC-report
diff --git a/.github/workflows/zap-scan.yml b/.github/workflows/zap-scan.yml
@@ -0,0 +1,31 @@
+name: "owasp-scan"
+
+on:
+  push:
+    branches: [githubcicd]
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        node-version: [16.x]
+
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Change script permission
+        run: |
+          chmod +x scripts/zap-script.sh
+
+      - name: ZAP scan
+        run: scripts/zap-script.sh
+
+      - name: Archive production artifacts
+        uses: actions/upload-artifact@v2
+        with:
+          name: zap report
+          path: |
+            ./zap_baseline_report.html
+
diff --git a/github/workflows/build.yml b/github/workflows/build.yml
diff --git a/scripts/jshint-script.sh b/scripts/jshint-script.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+jshint --exclude="node_modules/" --reporter=unix . > JSHint-report
+
+echo $? > /dev/null
diff --git a/scripts/zap-script.sh b/scripts/zap-script.sh
@@ -0,0 +1,6 @@
+#!/bin/bash
+
+docker pull owasp/zap2docker-stable
+docker run -i owasp/zap2docker-stable zap-baseline.py -t "https://kenken64.github.io/bitcoin-order-app/" -l PASS > zap_baseline_report.html
+
+echo $? > /dev/null