enabling security scan for CRT

This commit is contained in:
Claire Labry 2021-12-16 11:49:22 -05:00
parent 49c278e5b0
commit 3414b76fce
No known key found for this signature in database
GPG Key ID: 2A8A96045C4E9B0C
3 changed files with 47 additions and 8 deletions

View File

@ -3,7 +3,9 @@ name: build
on:
push:
# Sequence of patterns matched against refs/heads
branches: [ main ]
branches:
- enable-security-scan
# [ main ]
env:
PKG_NAME: consul

View File

@ -4,17 +4,13 @@ project "consul" {
team = "consul core"
slack {
# feed-consul-ci
notification_channel = "C9KPKPKRN"
notification_channel = "C01A3A54G0L"
}
github {
organization = "hashicorp"
repository = "consul"
release_branches = [
"main",
"release/1.8.x",
"release/1.9.x",
"release/1.10.x",
"release/1.11.x"
"enable-security-scan"
]
}
}
@ -42,8 +38,36 @@ event "upload-dev" {
}
}
event "notarize-darwin-amd64" {
event "security-scan-binaries" {
depends = ["upload-dev"]
action "security-scan-binaries" {
organization = "hashicorp"
repository = "crt-workflows-common"
workflow = "security-scan-binaries"
config = "security-scan.hcl"
}
notification {
on = "fail"
}
}
event "security-scan-containers" {
depends = ["security-scan-binaries"]
action "security-scan-containers" {
organization = "hashicorp"
repository = "crt-workflows-common"
workflow = "security-scan-containers"
config = "security-scan.hcl"
}
notification {
on = "fail"
}
}
event "notarize-darwin-amd64" {
depends = ["security-scan-containers"]
action "notarize-darwin-amd64" {
organization = "hashicorp"
repository = "crt-workflows-common"

View File

@ -0,0 +1,13 @@
container {
dependencies = true
alpine_secdb = true
secrets = true
}
binary {
secrets = true
go_modules = true
osv = true
oss_index = true
nvd = true
}