Skip to content

Commit c656df9

Browse files
KT-DoanKT-Doan
committed
addind security scans
1 parent baa8a88 commit c656df9

File tree

2 files changed

+11
-26
lines changed

2 files changed

+11
-26
lines changed

.github/workflows/security.yml

Lines changed: 9 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -10,13 +10,11 @@ on:
1010

1111
permissions:
1212
contents: read
13-
security-events: write
14-
actions: read
1513

1614
jobs:
17-
# Static Application Security Testing (SAST) - CodeQL
18-
codeql:
19-
name: CodeQL Analysis
15+
# Static Application Security Testing (SAST) - gosec
16+
gosec:
17+
name: Go Security Check
2018
runs-on: ubuntu-slim
2119
steps:
2220
- name: Checkout
@@ -28,18 +26,11 @@ jobs:
2826
go-version-file: 'go.mod'
2927
cache: true
3028

31-
- name: Initialize CodeQL
32-
uses: github/codeql-action/init@v3
33-
with:
34-
languages: go
35-
36-
- name: Build
37-
run: go build ./...
29+
- name: Install gosec
30+
run: go install github.com/securego/gosec/v2/cmd/gosec@latest
3831

39-
- name: Perform CodeQL Analysis
40-
uses: github/codeql-action/analyze@v3
41-
with:
42-
category: "/language:go"
32+
- name: Run gosec
33+
run: gosec ./...
4334

4435
# Software Composition Analysis (SCA) - Go vulnerability check
4536
govulncheck:
@@ -102,20 +93,14 @@ jobs:
10293
with:
10394
scan-type: 'fs'
10495
scan-ref: '.'
105-
format: 'sarif'
106-
output: 'trivy-results.sarif'
96+
format: 'table'
97+
exit-code: '1'
10798
severity: 'CRITICAL,HIGH'
10899
scanners: 'vuln,secret,misconfig'
109100
env:
110101
TRIVY_SKIP_JAVA_DB_UPDATE: 'true'
111102
TRIVY_DISABLE_VEX_NOTICE: 'true'
112103

113-
- name: Upload Trivy scan results
114-
uses: github/codeql-action/upload-sarif@v3
115-
if: always()
116-
with:
117-
sarif_file: 'trivy-results.sarif'
118-
119104
# Dependency license compliance
120105
licenses:
121106
name: License Check

go.mod

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,11 +1,12 @@
11
module github.com/ory/terraform-provider-orynetwork
22

3-
go 1.24.1
3+
go 1.24.11
44

55
require (
66
github.com/hashicorp/terraform-plugin-framework v1.16.1
77
github.com/hashicorp/terraform-plugin-framework-validators v0.19.0
88
github.com/hashicorp/terraform-plugin-go v0.29.0
9+
github.com/hashicorp/terraform-plugin-log v0.9.0
910
github.com/hashicorp/terraform-plugin-testing v1.13.3
1011
github.com/ory/client-go v1.22.12
1112
github.com/ory/x v0.0.729
@@ -44,7 +45,6 @@ require (
4445
github.com/hashicorp/logutils v1.0.0 // indirect
4546
github.com/hashicorp/terraform-exec v0.23.0 // indirect
4647
github.com/hashicorp/terraform-json v0.25.0 // indirect
47-
github.com/hashicorp/terraform-plugin-log v0.9.0 // indirect
4848
github.com/hashicorp/terraform-plugin-sdk/v2 v2.37.0 // indirect
4949
github.com/hashicorp/terraform-registry-address v0.4.0 // indirect
5050
github.com/hashicorp/terraform-svchost v0.1.1 // indirect

0 commit comments

Comments
 (0)