Update readme #1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Repo tests | |
| on: | |
| push: | |
| branches: | |
| - master | |
| - feature/* | |
| - release/* | |
| - fix/* | |
| workflow_dispatch: | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| if: "! contains(github.event.head_commit.message, '[ci skip]')" | |
| strategy: | |
| matrix: | |
| node-version: [18.x] | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Set up JDK 8 and SBT | |
| uses: olafurpg/setup-scala@v11 | |
| with: | |
| java-version: adopt@1.8 | |
| - name: Use Node.js ${{ matrix.node-version }} | |
| uses: actions/setup-node@v3 | |
| with: | |
| node-version: ${{ matrix.node-version }} | |
| - name: Install bazelisk | |
| run: | | |
| curl -LO "https://github.com/bazelbuild/bazelisk/releases/download/v1.15.0/bazelisk-linux-amd64" | |
| sudo mv bazelisk-linux-amd64 /usr/local/bin/bazel | |
| sudo chmod +x /usr/local/bin/bazel | |
| - name: npm install, build and test | |
| run: | | |
| npm install | |
| npm run build --if-present | |
| npm run lint | |
| npm test | |
| mkdir -p repotests | |
| mkdir -p bomresults | |
| env: | |
| CI: true | |
| - uses: swift-actions/setup-swift@v1 | |
| - uses: actions/checkout@v3 | |
| with: | |
| repository: 'ShiftLeftSecurity/shiftleft-java-example' | |
| path: 'repotests/shiftleft-java-example' | |
| - uses: actions/checkout@v3 | |
| with: | |
| repository: 'ShiftLeftSecurity/shiftleft-ts-example' | |
| path: 'repotests/shiftleft-ts-example' | |
| - uses: actions/checkout@v3 | |
| with: | |
| repository: 'ShiftLeftSecurity/shiftleft-go-example' | |
| path: 'repotests/shiftleft-go-example' | |
| - uses: actions/checkout@v3 | |
| with: | |
| repository: 'prabhu/shiftleft-scala-example' | |
| path: 'repotests/shiftleft-scala-example' | |
| - uses: actions/checkout@v3 | |
| with: | |
| repository: 'HooliCorp/vulnerable_net_core' | |
| path: 'repotests/vulnerable_net_core' | |
| - uses: actions/checkout@v3 | |
| with: | |
| repository: 'HooliCorp/Goatly.NET' | |
| path: 'repotests/Goatly.NET' | |
| - uses: actions/checkout@v3 | |
| with: | |
| repository: 'HooliCorp/DjanGoat' | |
| path: 'repotests/DjanGoat' | |
| - uses: actions/checkout@v3 | |
| with: | |
| repository: 'prabhu/Vulnerable-Web-Application' | |
| path: 'repotests/Vulnerable-Web-Application' | |
| - uses: actions/checkout@v3 | |
| with: | |
| repository: 'prabhu/railsgoat' | |
| path: 'repotests/railsgoat' | |
| - uses: actions/checkout@v3 | |
| with: | |
| repository: 'bazelbuild/examples' | |
| path: 'repotests/bazel-examples' | |
| - uses: actions/checkout@v3 | |
| with: | |
| repository: 'flutter/gallery' | |
| path: 'repotests/gallery' | |
| - uses: actions/checkout@v3 | |
| with: | |
| repository: 'gojek/ziggurat' | |
| path: 'repotests/ziggurat' | |
| - uses: actions/checkout@v3 | |
| with: | |
| repository: 'apple/swift-markdown' | |
| path: 'repotests/swift-markdown' | |
| - uses: actions/checkout@v3 | |
| with: | |
| repository: 'GoogleCloudPlatform/microservices-demo' | |
| path: 'repotests/microservices-demo' | |
| - name: repotests | |
| run: | | |
| wget https://github.com/CycloneDX/cyclonedx-cli/releases/download/v0.24.2/cyclonedx-linux-x64 | |
| mv cyclonedx-linux-x64 cyclonedx | |
| chmod +x cyclonedx | |
| pip install -r contrib/requirements.txt | |
| bin/cdxgen.js -p -r -t java repotests/shiftleft-java-example -o bomresults/bom-java.json --generate-key-and-sign | |
| # python contrib/bom-validate.py --json bomresults/bom-java.json | |
| SBOM_SIGN_ALGORITHM=RS512 SBOM_SIGN_PRIVATE_KEY=bomresults/private.key SBOM_SIGN_PUBLIC_KEY=bomresults/public.key bin/cdxgen.js -p -r -t github repotests/shiftleft-java-example -o bomresults/bom-github.json | |
| # python contrib/bom-validate.py --json bomresults/bom-github.json | |
| FETCH_LICENSE=true bin/cdxgen.js -p -r -t js repotests/shiftleft-ts-example -o bomresults/bom-ts.json | |
| python contrib/bom-validate.py --json bomresults/bom-ts.json | |
| FETCH_LICENSE=1 bin/cdxgen.js -p -r -t js repotests/shiftleft-ts-example --required-only -o bomresults/bom-ts.json | |
| python contrib/bom-validate.py --json bomresults/bom-ts.json | |
| FETCH_LICENSE=false bin/cdxgen.js -p -r -t go repotests/shiftleft-go-example -o bomresults/bom-go.json | |
| python contrib/bom-validate.py --json bomresults/bom-go.json | |
| FETCH_LICENSE=true bin/cdxgen.js -p -r -t csharp repotests/vulnerable_net_core -o bomresults/bom-csharp2.json | |
| python contrib/bom-validate.py --json bomresults/bom-csharp2.json | |
| FETCH_LICENSE=0 bin/cdxgen.js -p -r repotests/Goatly.NET -o bomresults/bom-csharp3.json | |
| python contrib/bom-validate.py --json bomresults/bom-csharp3.json | |
| FETCH_LICENSE=true bin/cdxgen.js -p -r -t python repotests/DjanGoat -o bomresults/bom-python.json | |
| python contrib/bom-validate.py --json bomresults/bom-python.json | |
| bin/cdxgen.js -p -r -t php repotests/Vulnerable-Web-Application -o bomresults/bom-php.json | |
| python contrib/bom-validate.py --json bomresults/bom-php.json | |
| bin/cdxgen.js -p -r -t ruby repotests/railsgoat -o bomresults/bom-ruby.json | |
| python contrib/bom-validate.py --json bomresults/bom-ruby.json | |
| bin/cdxgen.js -p -r -t java repotests/bazel-examples/java-maven -o bomresults/bom-bazel.json | |
| python contrib/bom-validate.py --json bomresults/bom-bazel.json | |
| bin/cdxgen.js -p -r -t dart repotests/gallery -o bomresults/bom-pub.json | |
| python contrib/bom-validate.py --json bomresults/bom-pub.json | |
| CDXGEN_DEBUG_MODE=debug bin/cdxgen.js -p -r -t clojure repotests/ziggurat -o bomresults/bom-clj.json | |
| python contrib/bom-validate.py --json bomresults/bom-clj.json | |
| CDXGEN_DEBUG_MODE=debug bin/cdxgen.js -r -t swift repotests/swift-markdown -o bomresults/bom-swift.json | |
| python contrib/bom-validate.py --json bomresults/bom-swift.json | |
| CDXGEN_DEBUG_MODE=debug bin/cdxgen.js -r repotests/microservices-demo -o bomresults/bom-msd.json | |
| python contrib/bom-validate.py --json bomresults/bom-msd.json | |
| CDXGEN_DEBUG_MODE=debug bin/cdxgen.js -r -t yaml-manifest repotests/microservices-demo -o bomresults/bom-yaml.json | |
| python contrib/bom-validate.py --json bomresults/bom-yaml.json | |
| mkdir -p jenkins | |
| wget https://updates.jenkins.io/download/plugins/sonar/2.14/sonar.hpi | |
| wget https://updates.jenkins.io/download/plugins/bouncycastle-api/2.26/bouncycastle-api.hpi | |
| wget https://updates.jenkins.io/download/plugins/jsch/0.1.55.61.va_e9ee26616e7/jsch.hpi | |
| wget https://updates.jenkins.io/download/plugins/momentjs/1.1.1/momentjs.hpi | |
| mv *.hpi jenkins | |
| CDXGEN_DEBUG_MODE=debug bin/cdxgen.js -p -r -t jenkins jenkins -o bomresults/bom-jenkins.json | |
| python contrib/bom-validate.py --json bomresults/bom-jenkins.json | |
| ls -ltr bomresults | |
| - uses: actions/upload-artifact@v1 | |
| with: | |
| name: bomresults | |
| path: bomresults |