Merge pull request #322 from cloudfoundry-community/add_fossa_semgrep

foram-splunk · web-flow · commit 4e20f1da5b9e · 2022-07-26T11:16:46.000+05:30
Add fossa and semgrep
diff --git a/.fossa.yml b/.fossa.yml
@@ -0,0 +1,5 @@
+version: 3
+server: https://app.fossa.com
+project:
+  id: "splunk-firehose-nozzle"
+  team: "TA-Automation"
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -8,6 +8,41 @@ on:
   workflow_dispatch:
 
 jobs:
+  fossa-scan:
+    continue-on-error: true
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: run fossa anlyze and create report
+        run: |
+          curl -H 'Cache-Control: no-cache' https://raw.githubusercontent.com/fossas/fossa-cli/master/install-latest.sh | bash
+          fossa analyze  --include-unused-deps --debug
+          fossa report attribution --format text > /tmp/THIRDPARTY
+        env:
+          FOSSA_API_KEY: ${{ secrets.FOSSA_API_KEY }}
+      - name: upload THIRDPARTY file
+        uses: actions/upload-artifact@v2
+        with:
+          name: THIRDPARTY
+          path: /tmp/THIRDPARTY
+      - name: run fossa test
+        run: |
+          fossa test --debug
+        env:
+          FOSSA_API_KEY: ${{ secrets.FOSSA_API_KEY }}
+          
+  semgrep:
+    runs-on: ubuntu-latest
+    name: security-sast-semgrep
+    if: github.actor != 'dependabot[bot]'
+    steps:
+      - uses: actions/checkout@v3
+      - name: Semgrep
+        id: semgrep
+        uses: returntocorp/semgrep-action@v1
+        with:
+          publishToken: ${{ secrets.SEMGREP_PUBLISH_TOKEN }}
+
   build:
     runs-on: ubuntu-latest
     steps:
