Skip to content

feat: add special rules with hardcoded-password rule #316

feat: add special rules with hardcoded-password rule

feat: add special rules with hardcoded-password rule #316

Workflow file for this run

name: PR Validation
on:
pull_request:
branches:
- master
merge_group:
jobs:
test:
strategy:
matrix:
os: [ubuntu-latest]
runs-on: ${{ matrix.os }}
steps:
- name: Checkout code
uses: actions/checkout@v3
with:
fetch-depth: 0 # Required for 2ms to have visibility to all commit history
- uses: actions/setup-go@v4
with:
go-version: "^1.20"
- name: go mod tidy
run: |
go mod tidy
git diff --exit-code
- name: Go Linter
run: docker run --rm -v $(pwd):/app -w /app golangci/golangci-lint:v1.52.0 golangci-lint run -v -E gofmt --timeout=5m --out-format github-actions
- name: Run 2ms Scan
run: docker run -v $(pwd):/repo checkmarx/2ms:2.8.1 git /repo --config /repo/.2ms.yml
- name: Go Test
run: go test -v ./...
build:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- run: make build
- name: Run docker and check its output
run:
if docker run -v "$(pwd)":/repo -t checkmarx/2ms:latest git /repo | grep -A 5 "totalitemsscanned:"; then
echo "Docker ran as expected";
else
echo "Docker did not run as expected";
exit 1;
fi
kics:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- run: mkdir -p kics-results
- name: Run KICS scan
uses: checkmarx/kics-github-action@master
with:
path: Dockerfile
output_path: kics-results
output_formats: json,sarif
enable_comments: ${{ github.event_name == 'pull_request'}}
fail_on: high,medium
- name: Show KICS results
if: failure()
run: cat kics-results/results.json
# - name: Upload SARIF file
# uses: github/codeql-action/upload-sarif@v2
# with:
# sarif_file: kics-results/results.sarif