From 26872a294f704b35ba370f17b95399be4da11a3f Mon Sep 17 00:00:00 2001 From: Tiago Tavares Date: Tue, 23 Jul 2024 09:47:20 -0300 Subject: [PATCH] sast-horusec action sample. --- .github/workflows/sast-horusec-vampi.yml | 9 ++++-- targets/apps/VAmPI-master/trigger.txt | 2 +- tools/horusec/sast-horusec.yml | 38 ++++++++++++++++++++++++ 3 files changed, 45 insertions(+), 4 deletions(-) create mode 100644 tools/horusec/sast-horusec.yml diff --git a/.github/workflows/sast-horusec-vampi.yml b/.github/workflows/sast-horusec-vampi.yml index 0c36bcd..60342d9 100644 --- a/.github/workflows/sast-horusec-vampi.yml +++ b/.github/workflows/sast-horusec-vampi.yml @@ -8,9 +8,12 @@ jobs: run-scripts: runs-on: ubuntu-latest - name: Horusec Scan + + steps: - - uses: actions/checkout@v3 + - name: Checkout repository + uses: actions/checkout@v3 + - name: SAST - Horusec Run 🐞 run: | ls -R @@ -28,7 +31,7 @@ jobs: uses: actions/upload-artifact@v3 with: name: SAST - Horusec Scan - path: reports/horusec_report.md + path: ./targets/apps/VAmPI-master/reports/horusec_report.md - name: SAST - Horusec Results In Summary 💁🏽 run: cat ./targets/apps/VAmPI-master/reports/horusec_report.md >> $GITHUB_STEP_SUMMARY diff --git a/targets/apps/VAmPI-master/trigger.txt b/targets/apps/VAmPI-master/trigger.txt index b28fbc7..22c2249 100644 --- a/targets/apps/VAmPI-master/trigger.txt +++ b/targets/apps/VAmPI-master/trigger.txt @@ -1 +1 @@ -trigger \ No newline at end of file +trigger! \ No newline at end of file diff --git a/tools/horusec/sast-horusec.yml b/tools/horusec/sast-horusec.yml new file mode 100644 index 0000000..2728e20 --- /dev/null +++ b/tools/horusec/sast-horusec.yml @@ -0,0 +1,38 @@ +name: Run Horusec (SAST), Generate Script and Save Artifact + +on: + push: + branches: + - main + pull_request: + branches: + - main + +jobs: + run-scripts: + runs-on: ubuntu-latest + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: SAST - Horusec Run 🐞 + run: | + curl -sL https://raw.githubusercontent.com/0xtiago/opensource-devsecops/main/tools/horusec/horusec_linux.sh| bash + + - name: SAST - Horusec Report Generation 📊 + run: | + cd reports + pip install -r https://raw.githubusercontent.com/0xtiago/opensource-devsecops/main/tools/horusec/horusec_json2md/requirements.txt + curl -sL https://raw.githubusercontent.com/0xtiago/opensource-devsecops/main/tools/horusec/horusec_json2md/horusec_json2md.py -o horusec_json2md.py + python3 horusec_json2md.py horusec_report.json horusec_report.md + + + - name: SAST - Horusec Upload Report Artifact 💾 + uses: actions/upload-artifact@v3 + with: + name: SAST - Horusec Scan + path: reports/horusec_report.md + + - name: SAST - Horusec Results In Summary 💁🏽 + run: cat reports/horusec_report.md >> $GITHUB_STEP_SUMMARY \ No newline at end of file