|
| 1 | +--- |
| 2 | +name: Securin-ASPM |
| 3 | +on: |
| 4 | + pull_request: |
| 5 | + branches: |
| 6 | + - master |
| 7 | + workflow_dispatch: |
| 8 | + inputs: |
| 9 | + logLevel: |
| 10 | + description: Log level |
| 11 | +jobs: |
| 12 | + scanning: |
| 13 | + env: |
| 14 | + APP_ID: a804c36e5686bbe83060895305c0f92d718158a0d4f322994941ec2b02246014 |
| 15 | + BRANCH_NAME: master |
| 16 | + SCAN_ID: a7add0302194143f5f10454d8310bb198bdb31f467d0fcbeb281f663cdafa5d0 |
| 17 | + REQ_URL_MAP: "${{toJSON('{\"SL_RESULT_API_HOST\":\"https://slresultapi.securin.io/resultapi\"\ |
| 18 | + ,\"SL_RESULTPARSER_API_HOST\":\"https://slresultparserapi.securin.io/resultparserapi\"\ |
| 19 | + }')}}" |
| 20 | + steps: |
| 21 | + - name: Retrieve Token Info |
| 22 | + id: auth_token |
| 23 | + run: "respJson=$(curl --location --request GET 'https://slresultapi.securin.io/resultapi/aws/ecr/token'\ |
| 24 | + \ --header 'X-ASPM-Auth-Key: ${{secrets.ORG_API_KEY}}' --data-raw ' ' )\ |
| 25 | + \ \necho \"authTokenJson=$respJson\" >> $GITHUB_OUTPUT" |
| 26 | + - uses: actions/checkout@v3 |
| 27 | + - name: Scan Initiated |
| 28 | + id: sec_scan_init |
| 29 | + run: "usrVal=$(echo '${{fromJson(steps.auth_token.outputs.authTokenJson).user}}'\ |
| 30 | + \ | openssl enc -aes-256-cbc -d -a -K ${{secrets.ENC_KEY}} -iv ${{secrets.ENC_IV}}\ |
| 31 | + \ ) \nusrPassword=$(echo '${{fromJson(steps.auth_token.outputs.authTokenJson).password}}'\ |
| 32 | + \ | openssl enc -aes-256-cbc -d -base64 -A -K ${{secrets.ENC_KEY}} -iv ${{secrets.ENC_IV}}\ |
| 33 | + \ ) \nusrPrxyUrl=$(echo '${{fromJson(steps.auth_token.outputs.authTokenJson).proxyUrl}}'\ |
| 34 | + \ | openssl enc -aes-256-cbc -d -a -K ${{secrets.ENC_KEY}} -iv ${{secrets.ENC_IV}}\ |
| 35 | + \ ) \nusrImgTag=$(echo '${{fromJson(steps.auth_token.outputs.authTokenJson).imageTag}}'\ |
| 36 | + \ | openssl enc -aes-256-cbc -d -a -K ${{secrets.ENC_KEY}} -iv ${{secrets.ENC_IV}}\ |
| 37 | + \ ) \ndocker login --username $usrVal --password $usrPassword $usrPrxyUrl\ |
| 38 | + \ \ndocker pull -q $usrImgTag \ndocker run -v ${{github.workspace}}:/src \ |
| 39 | + \ --volume ${{github.workspace}}:/workdir -v /var/run/docker.sock:/var/run/docker.sock\ |
| 40 | + \ $usrImgTag -api_key ${{secrets.ORG_API_KEY}} -wrkspc_id ${{secrets.WORKSPACE_ID}}\ |
| 41 | + \ -app_id ${{ env.APP_ID }} -scan_id ${{ env.SCAN_ID }} -branch_name ${{ env.BRANCH_NAME\ |
| 42 | + \ }} -req_url_map ${{ env.REQ_URL_MAP }} -tool_name github event:${{ github.event_name\ |
| 43 | + \ }} pr_number:${{ github.event.number }} -upload_log true" |
| 44 | + - name: Evaluate build status |
| 45 | + run: "cat ${{github.workspace}}/results/status.txt\nexit 1\n" |
| 46 | + if: hashFiles('**/status.txt') !='' |
| 47 | + runs-on: ubuntu-latest |
0 commit comments