Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: add security scanning on CI workflow (#112)
* feat: added security scanning on docker images with trivy * chore: tigger CI workflow * chore: tigger CI workflow * fix: removed security scannning until tirvy-actions is on the allowed list-a * feat: added security scanning on php dependencies with snyk * chore: tigger CI workflow * chore: tigger CI workflow * fix: auth snyk before scanning * fix: correctly run the snyk command * fix: checkout before scanning * fix: reverting last commit * feat: changing way to get snyk working, installing package * fix: add checkout * feat: auth and run test * fix: change of plan, use snyk action set up * fix: add the php snyk actions * fix: setup snyk with php * chore: checking if snyk is installed * fix: using synk test to scan * fix: syntax error * fix: added secret to php.yaml * fix: using synk test to scan * feat: testing adding a sperate security workflow * fix: track security.yaml * feat: snyk tests run on security * feat: adding checkout action * fix: remvoed snyk from php.yaml * fix: scheduled everymonday at 00:00UTC * fix: only run security checks on images that have changed * fix: remove scheduling in security.yaml * chore: remove debugging echo * feat: add docker scanning with trivy * fix: add env variables to security.yaml * fix: image-ref points to correct branch * fix: image-ref points to the dockerfile * fix: image-ref points to the built image in GHCR * chore: trying to find where the docker images are * fix: clean up security.yaml * feat: adding scheduing to security.yaml * fix: each repo scan in its own job * fix: added working-directory * refactor: remove dependancy-scan, each check if scheduled run or not * fix: syntax error * refactor: chaning names * fix: track dependency-scan.yaml * fix: remove ref * refactor: chaning names and reverting changing * fix: track security-app.yaml * chore: triggering ci * feat: added terraform scanning * fix: remove need to check if terraform scanning works * fix: uploading trivy scan * fix: continue on error * fix: display trivy results * fix: upload to github code scanning * fix: run on all branches * fix: run on call * fix: display trivy results * fix: trivy uploading to code scanning * feat: terraform scanning is now on schedule * refactor: clearn-up * feat: add docker scanning with trivy * fix: changed trivy version * fix: try and find the image refs * fix: try and find the image refs * fix: scanning with a diffrent image ref * fix: remove echo * fix: changed trivy image ref * ci: add local registry * ci: build and push to local registry * ci: add diver-opts to buildx setup * ci: revert docker.yaml * ci: set working directory in terraform folder * ci: fail when vunrability found * ci: scan terrform directory within step * ci: exclude downloaded modules for terraform scanning * ci: cat results * ci: cat results * ci: exclude downloaded modules for terraform scanning * ci: upload sarif to gh code scanning * fix: empty commit * fix: revert dockerfile back * feat: upload results from app scan to github * feat: upload results from app scan to github for api and selfserve * feat: on fail, still uplaod to github. changed sarif upload paths * fix: revert dockerfile * ci: cleaned up and updated workflows * fix: removed continue-on-error in security-app.yaml Co-authored-by: JoshuaLicense <JoshuaLicense@users.noreply.github.com> * fix: removed all continue-on-error in security-app.yaml --------- Co-authored-by: JoshuaLicense <JoshuaLicense@users.noreply.github.com>
- Loading branch information