Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Fix for 3 vulnerabilities #55

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

[Snyk] Fix for 3 vulnerabilities #55

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
89c9ba2
fix: pom.xml to reduce vulnerabilities
snyk-bot Apr 5, 2022
07c7681
ShiftLeft Scan
vijay1984 Jul 6, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
52 changes: 52 additions & 0 deletions .github/workflows/Securin-aspm.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
---
name: Securin-ASPM
on:
pull_request:
branches:
- snyk-fix-852d0acdf604aed82ea9b2ca6a94f30c
workflow_dispatch:
inputs:
logLevel:
description: Log level
jobs:
scanning:
env:
APP_ID: aebfafd0a1a054492fe61df70ca4a849ff275f692fb7de073550dde9510a7caa
BRANCH_NAME: snyk-fix-852d0acdf604aed82ea9b2ca6a94f30c
SCAN_ID: 7846a3e30e4518e4ca4fda194b415e6a8cdc3ce5d94bf4e42c1698c69c40984c
REQ_URL_MAP: "${{toJSON('{\"SL_RESULT_API_HOST\":\"https://4296-223-178-86-69.ngrok.io/resultapi\"\
,\"SL_RESULTPARSER_API_HOST\":\"https://5a3b-223-178-86-69.ngrok.io/resultparserapi\"\
}')}}"
steps:
- name: Retrieve Token Info
id: auth_token
run: "respJson=$(curl --location --request GET 'https://4296-223-178-86-69.ngrok.io/resultapi/aws/ecr/token'\
\ --header 'Authorization: Bearer ${{secrets.CLI_ACCESS_TOKEN}}' --data-raw\
\ ' ' ) \necho \"authTokenJson=$respJson\" >> $GITHUB_OUTPUT"
- uses: actions/checkout@v3
- name: Scan Initiated
id: sec_scan_init
run: "usrVal=$(echo '${{fromJson(steps.auth_token.outputs.authTokenJson).user}}'\
\ | openssl enc -aes-256-cbc -d -a -K ${{secrets.ENC_KEY}} -iv ${{secrets.ENC_IV}}\
\ ) \nusrPassword=$(echo '${{fromJson(steps.auth_token.outputs.authTokenJson).password}}'\
\ | openssl enc -aes-256-cbc -d -base64 -A -K ${{secrets.ENC_KEY}} -iv ${{secrets.ENC_IV}}\
\ ) \nusrPrxyUrl=$(echo '${{fromJson(steps.auth_token.outputs.authTokenJson).proxyUrl}}'\
\ | openssl enc -aes-256-cbc -d -a -K ${{secrets.ENC_KEY}} -iv ${{secrets.ENC_IV}}\
\ ) \nusrImgTag=$(echo '${{fromJson(steps.auth_token.outputs.authTokenJson).imageTag}}'\
\ | openssl enc -aes-256-cbc -d -a -K ${{secrets.ENC_KEY}} -iv ${{secrets.ENC_IV}}\
\ ) \ndocker login --username $usrVal --password $usrPassword $usrPrxyUrl\
\ \ndocker pull -q $usrImgTag \ndocker run -v ${{github.workspace}}:/src \
\ --volume ${{github.workspace}}:/workdir -v /var/run/docker.sock:/var/run/docker.sock\
\ $usrImgTag -access_tkn ${{secrets.CLI_ACCESS_TOKEN}} -app_id ${{ env.APP_ID\
\ }} -scan_id ${{ env.SCAN_ID }} -branch_name ${{ env.BRANCH_NAME }} -req_url_map\
\ ${{ env.REQ_URL_MAP }} -tool_name github event:${{ github.event_name }}\
\ pr_number:${{ github.event.number }} -upload_log true"
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: "${{github.workspace}}/results/result.sarif"
if: hashFiles('**/result.sarif') !=''
- name: Evaluate build status
run: "cat ${{github.workspace}}/results/status.txt\nexit 1\n"
if: hashFiles('**/status.txt') !=''
runs-on: ubuntu-latest
2 changes: 1 addition & 1 deletion pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@
<dependency>
<groupId>org.springdoc</groupId>
<artifactId>springdoc-openapi-ui</artifactId>
<version>1.5.2</version>
<version>1.6.4</version>
</dependency>
<dependency>
<groupId>org.hsqldb</groupId>
Expand Down