Skip to content

affinidi/pipeline-security

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

157 Commits
.github
.github
 
 
.snyk-global
.snyk-global
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Pipeline-security

This repository contains the various security actions required within the workflows of the Affinidi projects .

Scanners

The following scanners have been enabled in this repo and should be called from the desired repo to trigger the security scanning tools.

  • Secret Detection : Gitleaks is used to find any potential secrets,passwords,keys etc that may have been committed by accident.

Usage

In your repo, ensure that you add the following code snippet to call the security scanners:

 jobs:
  call-security-scanners-workflow:
    uses: affinidi/pipeline-security/.github/workflows/security-scanners.yml@main
    with:
        config-path: .github/labeler.yml
    secrets: inherit

For enabling wizcli-scanner, add the following code snippet to .github/workflows/checks.yaml and .github/workflows/release.yaml in your repo:

  # Run pipeline in context of branch, but with action config from main for opened and rebased mr's
  # also run on  branch main

  name: Wiz Scanner

  on:
  push:
    branches:
      - main
  pull_request_target:
    types:
      - opened
      - synchronize

  jobs:
    call-workflow:
      uses: affinidi/pipeline-security/.github/workflows/wizcli-dirscan.yml@main
      secrets: inherit

For enabling dart-scanner, add the following code snippet to .github/workflows/checks.yaml and .github/workflows/release.yaml in your repo:

  # Run pipeline in context of branch, but with action config from main for opened and rebased mr's
  # also run on  branch main

  name: Dart Scanner

  on:
    push:
      branches:
        - main
    pull_request:
      types:
        - opened
        - synchronize

  jobs:
    dart-security-scan:
      uses: affinidi/pipeline-security/.github/workflows/dart-scanner.yml@main
      secrets: inherit

Ensure the following secrets are available in your GitHub org or at repo:

  • SNYK_SCANNER_TOKEN
  • SNYK_SCANNER_REGION
  • SNYK_GLOBAL_POLICY

For enabling rust-scanner, add the following code snippet to .github/workflows/checks.yaml and .github/workflows/release.yaml in your repo:

  # Run pipeline in context of branch, but with action config from main for opened and rebased mr's
  # also run on  branch main
  
  name: Rust Scanner

  on:
    push:
      branches:
        - main
    pull_request:
      types:
        - opened
        - synchronize

  jobs:
    rust-security-scan:
      uses: affinidi/pipeline-security/.github/workflows/rust-scanner.yml@main
      secrets: inherit

Ensure the following secrets are available in your GitHub org or at repo:

  • SNYK_SCANNER_TOKEN
  • SNYK_SCANNER_REGION
  • SNYK_GLOBAL_POLICY

About

various automated security scanners run in the workflow stages

Topics

affinidi

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 9