Configurado todo o processo de scan em imagem docker com SCA #37
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Node.js Tests with Docker | ||
on: | ||
push: | ||
branches: | ||
- main | ||
pull_request: | ||
branches: | ||
- main | ||
container-test-job: | ||
runs-on: ubuntu-latest | ||
container: | ||
image: docker.io/evernow/fortify-sca:23.1 | ||
options: --user root | ||
credentials: | ||
username: ${{ secrets.DOCKER_USER }} | ||
password: ${{ secrets.DOCKER_PASSWD }} | ||
steps: | ||
- name: Testes | ||
run: | | ||
curl -v https://update.fortify.com | ||
cat /etc/os-release | ||
yum install -y tar gzip | ||
echo $PATH | ||
ls -la /opt/fortify/bin | ||
- name: Checkout code | ||
uses: actions/checkout@v4 | ||
- name: Run fortifyupdate | ||
run: fortifyupdate -url https://update.fortify.com | ||
- name: Run Fortify SCA clean | ||
run: sourceanalyzer -b webgoat -clean | ||
- name: Run Fortify SCA translate | ||
run: sourceanalyzer -b webgoat . | ||
- name: Run Fortify SCA scan | ||
run: sourceanalyzer -b webgoat -scan -f webgoat.fpr | ||
- name: Setup Fortify tools | ||
uses: fortify/github-action/setup@v1 | ||
with: | ||
tool-definitions: https://github.com/fortify/tool-definitions/releases/download/v1/tool-definitions.yaml.zip | ||
export-path: true | ||
fcli: latest | ||
- name: Run fcli from PATH | ||
run: fcli -V | ||
- name: Run fcli using FCLI_CMD environment variable | ||
run: ${FCLI_CMD} -V | ||
- name: Login SSC do lab via FCLI | ||
run: fcli ssc session login --url=https://ssc.evernow.com.br/ --user ${{ secrets.SSC_USER }} --password ${{ secrets.SSC_PASSWD }} | ||
- name: Upload artifact via FCLI | ||
run: fcli ssc artifact upload --appversion=88 --file=webgoat.fpr |