Skip to content
Kondukto security scan

DSE-323 / DSE-322 :: Input family and Fieldset FE update (#188) #116

Sign in to view logs

DSE-323 / DSE-322 :: Input family and Fieldset FE update (#188)

DSE-323 / DSE-322 :: Input family and Fieldset FE update (#188) #116

Workflow file for this run

.github/workflows/kondukto.yml at d5db484
name: Kondukto security scan
on:
push:
branches:
- main
workflow_dispatch:
env:
TARGET_BRANCH: main
jobs:
run-scans:
runs-on: ubuntu-latest
steps:
- name: Checkout Code
uses: actions/checkout@v3
- name: Install Snyk CLI
run: |
curl -L -o $GITHUB_WORKSPACE/snyk https://github.com/snyk/cli/releases/latest/download/snyk-linux
chmod +x $GITHUB_WORKSPACE/snyk
- name: Install KDT CLI
run: |
curl -sSL https://cli.kondukto.io | sh
- name: Run Snyk Scans
env:
HOST: ${{ secrets.KONDUKTO_HOST }}
TOKEN: ${{ secrets.KONDUKTO_TOKEN }}
PROJECT_NAME: ${{ secrets.PROJECT_NAME }}
VERBOSITY: true
run: |
./.github/scripts/snyk-scans.sh \
"$TOKEN" \
"$PROJECT_NAME" \
"main" \
"$VERBOSITY" \
"${{ secrets.SNYK_TOKEN }}"
- name: List available scanners
run: kdt list scanners --host ${{ secrets.KONDUKTO_HOST }} --token ${{ secrets.KONDUKTO_TOKEN }}
- name: Scan with Dependabot
run: kdt scan --host ${{ secrets.KONDUKTO_HOST }} --token ${{ secrets.KONDUKTO_TOKEN }} -p ${{ secrets.PROJECT_NAME }} -t dependabot -b $TARGET_BRANCH --async
- name: Scan with OSV
run: kdt scan --host ${{ secrets.KONDUKTO_HOST }} --token ${{ secrets.KONDUKTO_TOKEN }} -p ${{ secrets.PROJECT_NAME }} -t osvscannersca -b $TARGET_BRANCH --async
- name: Scan with Gitleaks
run: kdt scan --host ${{ secrets.KONDUKTO_HOST }} --token ${{ secrets.KONDUKTO_TOKEN }} -p ${{ secrets.PROJECT_NAME }} -t gitleaks -b $TARGET_BRANCH --async
- name: Scan with Trufflehog
run: kdt scan --host ${{ secrets.KONDUKTO_HOST }} --token ${{ secrets.KONDUKTO_TOKEN }} -p ${{ secrets.PROJECT_NAME }} -t trufflehogsecurity -b $TARGET_BRANCH --async