Skip to content

Commit 8993250

Browse files
authored
Added Trivy and Veracode security scans (#48)
* Added Trivy and Veracode security scans * Added permissions in workflow
1 parent 706a55c commit 8993250

3 files changed

Lines changed: 59 additions & 0 deletions

File tree

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,19 @@
1+
name: Security trivy dependency check
2+
3+
on:
4+
workflow_dispatch:
5+
schedule:
6+
- cron: "35 9 * * MON-FRI" # Every weekday at 09:35 UTC
7+
8+
permissions:
9+
contents: read
10+
actions: read
11+
security-events: write
12+
13+
jobs:
14+
security-kotlin-trivy-check:
15+
name: Project security trivy dependency check
16+
uses: ministryofjustice/hmpps-github-actions/.github/workflows/security_trivy.yml@v2 # WORKFLOW_VERSION
17+
with:
18+
channel_id: ${{ vars.SECURITY_ALERTS_SLACK_CHANNEL_ID || 'NO_SLACK' }}
19+
secrets: inherit
Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,20 @@
1+
name: Security veracode pipeline scan
2+
3+
on:
4+
workflow_dispatch:
5+
schedule:
6+
- cron: "35 9 * * MON-FRI" # Every weekday at 09:35 UTC
7+
8+
permissions:
9+
contents: read
10+
actions: read
11+
security-events: write
12+
13+
jobs:
14+
security-veracode-pipeline-scan:
15+
name: Project security veracode pipeline scan
16+
uses: ministryofjustice/hmpps-github-actions/.github/workflows/security_veracode_pipeline_scan.yml@v2 # WORKFLOW_VERSION
17+
with:
18+
channel_id: ${{ vars.SECURITY_ALERTS_SLACK_CHANNEL_ID || 'NO_SLACK' }}
19+
docker_image_app_dir: '/app'
20+
secrets: inherit
Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,20 @@
1+
name: Security veracode policy scan
2+
3+
on:
4+
workflow_dispatch:
5+
schedule:
6+
- cron: "10 9 * * 1" # Every Monday at 09:10 UTC
7+
8+
permissions:
9+
contents: read
10+
actions: read
11+
security-events: write
12+
13+
jobs:
14+
security-veracode-policy-check:
15+
name: Project security veracode policy scan
16+
uses: ministryofjustice/hmpps-github-actions/.github/workflows/security_veracode_policy_scan.yml@v2 # WORKFLOW_VERSION
17+
with:
18+
channel_id: ${{ vars.SECURITY_ALERTS_SLACK_CHANNEL_ID || 'NO_SLACK' }}
19+
docker_image_app_dir: '/app'
20+
secrets: inherit

0 commit comments

Comments
 (0)