enabling security scan for CRT
This commit is contained in:
parent
49c278e5b0
commit
3414b76fce
|
@ -3,7 +3,9 @@ name: build
|
|||
on:
|
||||
push:
|
||||
# Sequence of patterns matched against refs/heads
|
||||
branches: [ main ]
|
||||
branches:
|
||||
- enable-security-scan
|
||||
# [ main ]
|
||||
|
||||
env:
|
||||
PKG_NAME: consul
|
||||
|
|
|
@ -4,17 +4,13 @@ project "consul" {
|
|||
team = "consul core"
|
||||
slack {
|
||||
# feed-consul-ci
|
||||
notification_channel = "C9KPKPKRN"
|
||||
notification_channel = "C01A3A54G0L"
|
||||
}
|
||||
github {
|
||||
organization = "hashicorp"
|
||||
repository = "consul"
|
||||
release_branches = [
|
||||
"main",
|
||||
"release/1.8.x",
|
||||
"release/1.9.x",
|
||||
"release/1.10.x",
|
||||
"release/1.11.x"
|
||||
"enable-security-scan"
|
||||
]
|
||||
}
|
||||
}
|
||||
|
@ -42,8 +38,36 @@ event "upload-dev" {
|
|||
}
|
||||
}
|
||||
|
||||
event "notarize-darwin-amd64" {
|
||||
event "security-scan-binaries" {
|
||||
depends = ["upload-dev"]
|
||||
action "security-scan-binaries" {
|
||||
organization = "hashicorp"
|
||||
repository = "crt-workflows-common"
|
||||
workflow = "security-scan-binaries"
|
||||
config = "security-scan.hcl"
|
||||
}
|
||||
|
||||
notification {
|
||||
on = "fail"
|
||||
}
|
||||
}
|
||||
|
||||
event "security-scan-containers" {
|
||||
depends = ["security-scan-binaries"]
|
||||
action "security-scan-containers" {
|
||||
organization = "hashicorp"
|
||||
repository = "crt-workflows-common"
|
||||
workflow = "security-scan-containers"
|
||||
config = "security-scan.hcl"
|
||||
}
|
||||
|
||||
notification {
|
||||
on = "fail"
|
||||
}
|
||||
}
|
||||
|
||||
event "notarize-darwin-amd64" {
|
||||
depends = ["security-scan-containers"]
|
||||
action "notarize-darwin-amd64" {
|
||||
organization = "hashicorp"
|
||||
repository = "crt-workflows-common"
|
||||
|
|
|
@ -0,0 +1,13 @@
|
|||
container {
|
||||
dependencies = true
|
||||
alpine_secdb = true
|
||||
secrets = true
|
||||
}
|
||||
|
||||
binary {
|
||||
secrets = true
|
||||
go_modules = true
|
||||
osv = true
|
||||
oss_index = true
|
||||
nvd = true
|
||||
}
|
Loading…
Reference in New Issue