mirror of
https://github.com/puppetlabs/vmpooler-provider-ec2.git
synced 2026-01-26 10:28:41 -05:00
Migrate Snyk to Mend Scanning
This commit is contained in:
Jake Spain
parent
d2ecc03d9a
commit
7f6eaf1f4e
2 changed files with 39 additions and 25 deletions
39
.github/workflows/security.yml
vendored
Normal file
39
.github/workflows/security.yml
vendored
Normal file
|
|
@ -0,0 +1,39 @@
|
||||||
|
name: Security
|
||||||
|
on:
|
||||||
|
workflow_dispatch:
|
||||||
|
push:
|
||||||
|
branches:
|
||||||
|
- main
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
scan:
|
||||||
|
name: Mend Scanning
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
- name: checkout repo content
|
||||||
|
uses: actions/checkout@v3
|
||||||
|
with:
|
||||||
|
fetch-depth: 1
|
||||||
|
- name: setup ruby
|
||||||
|
uses: ruby/setup-ruby@v1
|
||||||
|
with:
|
||||||
|
ruby-version: 2.7
|
||||||
|
# setup a package lock if one doesn't exist, otherwise do nothing
|
||||||
|
- name: check lock
|
||||||
|
run: '[ -f "Gemfile.lock" ] && echo "package lock file exists, skipping" || bundle lock'
|
||||||
|
# install java
|
||||||
|
- uses: actions/setup-java@v3
|
||||||
|
with:
|
||||||
|
distribution: 'temurin' # See 'Supported distributions' for available options
|
||||||
|
java-version: '17'
|
||||||
|
# download mend
|
||||||
|
- name: download_mend
|
||||||
|
run: curl -o wss-unified-agent.jar https://unified-agent.s3.amazonaws.com/wss-unified-agent.jar
|
||||||
|
- name: run mend
|
||||||
|
run: java -jar wss-unified-agent.jar
|
||||||
|
env:
|
||||||
|
WS_APIKEY: ${{ secrets.MEND_API_KEY }}
|
||||||
|
WS_WSS_URL: https://saas-eu.whitesourcesoftware.com/agent
|
||||||
|
WS_USERKEY: ${{ secrets.MEND_TOKEN }}
|
||||||
|
WS_PRODUCTNAME: RE
|
||||||
|
WS_PROJECTNAME: ${{ github.event.repository.name }}
|
||||||
25
.github/workflows/snyk.yml
vendored
25
.github/workflows/snyk.yml
vendored
|
|
@ -1,25 +0,0 @@
|
||||||
name: Snyk Scan
|
|
||||||
|
|
||||||
on:
|
|
||||||
workflow_dispatch:
|
|
||||||
push:
|
|
||||||
branches:
|
|
||||||
- main
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
security:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v2
|
|
||||||
- name: Setup Ruby
|
|
||||||
uses: ruby/setup-ruby@v1
|
|
||||||
with:
|
|
||||||
ruby-version: jruby-9.3.6.0
|
|
||||||
- name: Bundle Install
|
|
||||||
run: bundle install
|
|
||||||
- name: Run Snyk to check for vulnerabilities
|
|
||||||
uses: snyk/actions/ruby@master
|
|
||||||
env:
|
|
||||||
SNYK_TOKEN: ${{ secrets.SNYK_RE_KEY }}
|
|
||||||
with:
|
|
||||||
command: monitor
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue