Initial Import #2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Create GitHub Action Secrets for your version of the application: | |
# DEBRICKEN_TOKEN should be an API Access Token from your Debricked tenant. | |
name: OSS SCA with Debricked | |
on: | |
# Triggers the workflow on push or pull request events but only for the main and dev branches | |
push: | |
paths: | |
- 'pom.xml' | |
#- 'build.gradle' | |
#- 'frontend/build.gradle' | |
- 'frontend/package.json' | |
- 'libs/**' | |
branches: | |
- '**' # matches every branch | |
pull_request: | |
branches: [ main, develop ] | |
# Allows you to run this workflow manually from the Actions tab | |
workflow_dispatch: | |
# Global environment variables | |
env: | |
DEFAULT_APP_NAME: "DebrickedDemoApp" | |
jobs: | |
Debricked-SCA: | |
runs-on: ubuntu-latest | |
if: ${{ (github.event_name == 'push') || (github.event_name == 'pull_request') || (github.event.inputs.runDebrickedScan == 'true') }} | |
steps: | |
- name: Setup Maven Action | |
uses: s4u/[email protected] | |
with: | |
java-version: '11' | |
java-distribution: 'temurin' | |
# Install Fortify/Debricked CLI | |
- name: Setup Fortify tools | |
uses: fortify/github-action/[email protected] | |
with: | |
export-path: true | |
fcli: latest | |
debricked-cli: latest | |
- name: Run debricked scan | |
shell: bash | |
run: | | |
# we are excluding Gradle and using Maven so we can callgraph works | |
debricked scan --callgraph -r "${DEFAULT_APP_NAME}" --access-token="${DEBRICKED_TOKEN}" -e "**/build.gradle" -e "**/node_modules/**" -e "**/*.json" -e "*/**.lock" -e "**/build/classes/test/**" -e "**/target/classes/test-classes/**" . | |
env: | |
APP_NAME: ${{ env.DEFAULT_APP_NAME }} | |
DEBRICKED_TOKEN: ${{ secrets.DEBRICKED_TOKEN }} |