From 993e5052cbfb9d8f969c7d453311d2d64c4fb9a5 Mon Sep 17 00:00:00 2001 From: Shain Singh Date: Wed, 28 Jun 2023 07:35:38 +1000 Subject: [PATCH 1/2] rename workflow files --- ...-for-deployment.yaml => github-tag-for-deployment.yml} | 8 ++++---- .github/workflows/hapi.f5labs.dev-newman-tests.yaml | 2 +- .github/workflows/{semgrep.yml => secops-code-scan.yml} | 2 +- ...dependency-review.yml => secops-dependency-review.yml} | 2 +- .../workflows/{scorecards.yml => secops-scorecard.yml} | 3 +-- 5 files changed, 8 insertions(+), 9 deletions(-) rename .github/workflows/{tag-for-deployment.yaml => github-tag-for-deployment.yml} (90%) rename .github/workflows/{semgrep.yml => secops-code-scan.yml} (98%) rename .github/workflows/{dependency-review.yml => secops-dependency-review.yml} (96%) rename .github/workflows/{scorecards.yml => secops-scorecard.yml} (98%) diff --git a/.github/workflows/tag-for-deployment.yaml b/.github/workflows/github-tag-for-deployment.yml similarity index 90% rename from .github/workflows/tag-for-deployment.yaml rename to .github/workflows/github-tag-for-deployment.yml index 5b1e167af..7d76debb4 100644 --- a/.github/workflows/tag-for-deployment.yaml +++ b/.github/workflows/github-tag-for-deployment.yml @@ -1,11 +1,11 @@ -name: Tag commit for deployment +name: "Github - Tag commit for deployment" on: push: branches: - master paths-ignore: - ".github/**" - # - "*.md" + - "*.md" permissions: contents: read jobs: @@ -24,8 +24,8 @@ jobs: - name: Run Script run: | export GITHUB_PAT=${{ secrets.GITHUB_TOKEN }} - ${GITHUB_WORKSPACE}/.github/scripts/check-workflow.sh "Semgrep" - ${GITHUB_WORKSPACE}/.github/scripts/check-workflow.sh "OpenSSF Scorecard" + ${GITHUB_WORKSPACE}/.github/scripts/check-workflow.sh "SecOps - Code Scanning" + ${GITHUB_WORKSPACE}/.github/scripts/check-workflow.sh "SecOps - OpenSSF Scorecard" ${GITHUB_WORKSPACE}/.github/scripts/check-precommit.sh - name: Tag Commit run: | diff --git a/.github/workflows/hapi.f5labs.dev-newman-tests.yaml b/.github/workflows/hapi.f5labs.dev-newman-tests.yaml index 271dcb715..3535232f7 100644 --- a/.github/workflows/hapi.f5labs.dev-newman-tests.yaml +++ b/.github/workflows/hapi.f5labs.dev-newman-tests.yaml @@ -1,4 +1,4 @@ -name: hapi.f5labs.dev - Newman tests +name: "hapi.f5labs.dev - Functional Testing" on: workflow_dispatch permissions: contents: read diff --git a/.github/workflows/semgrep.yml b/.github/workflows/secops-code-scan.yml similarity index 98% rename from .github/workflows/semgrep.yml rename to .github/workflows/secops-code-scan.yml index dfcafec2c..b6b97bec3 100644 --- a/.github/workflows/semgrep.yml +++ b/.github/workflows/secops-code-scan.yml @@ -8,7 +8,7 @@ # # See https://semgrep.dev/docs -name: Semgrep +name: "SecOps - Code Scanning" on: push: branches: ["master"] diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/secops-dependency-review.yml similarity index 96% rename from .github/workflows/dependency-review.yml rename to .github/workflows/secops-dependency-review.yml index 2a40205f4..8b8782a3d 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/secops-dependency-review.yml @@ -6,7 +6,7 @@ # PRs introducing known-vulnerable packages will be blocked from merging. # # Source repository: https://github.com/actions/dependency-review-action -name: "Dependency Review" +name: "SecOps - Dependency Review" on: [pull_request] permissions: contents: read diff --git a/.github/workflows/scorecards.yml b/.github/workflows/secops-scorecard.yml similarity index 98% rename from .github/workflows/scorecards.yml rename to .github/workflows/secops-scorecard.yml index 4fb1821da..6c4dc4194 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/secops-scorecard.yml @@ -2,7 +2,7 @@ # by a third-party and are governed by separate terms of service, privacy # policy, and support documentation. -name: OpenSSF Scorecard +name: "SecOps- OpenSSF Scorecard" on: # For Branch-Protection check. Only the default branch is supported. See # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection @@ -45,7 +45,6 @@ jobs: # - you are installing Scorecards on a *private* repository # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat. repo_token: ${{ secrets.SCORECARD_TOKEN }} - # Public repositories: # - Publish results to OpenSSF REST API for easy access by consumers # - Allows the repository to include the Scorecard badge. From 76a7602f4bee005a6bc2aed74ae6101b203e023a Mon Sep 17 00:00:00 2001 From: Shain Singh Date: Wed, 28 Jun 2023 07:39:57 +1000 Subject: [PATCH 2/2] update README for semgrep bandge link --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 0ca0e486f..59d65a731 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,7 @@ [![GitHub deploy checks state](https://img.shields.io/github/checks-status/apcj-f5/nap-devsecops-demo/deploy?label=deploy%20checks)](https://github.com/apcj-f5/nap-devsecops-demo/actions) [![GitHub commit activity](https://img.shields.io/github/commit-activity/m/apcj-f5/nap-devsecops-demo)](https://github.com/apcj-f5/nap-devsecops-demo/pulse/monthly) -[![powered by semgrep](https://img.shields.io/badge/powered%20by-semgrep-1B2F3D?labelColor=lightgrey&link=https://semgrep.live/&style=flat-square&logo=data%3Aimage%2Fpng%3Bbase64%2CiVBORw0KGgoAAAANSUhEUgAAAA0AAAAOCAYAAAD0f5bSAAAABmJLR0QA/gD+AP+cH+QUAAAACXBIWXMAAA3XAAAN1wFCKJt4AAAAB3RJTUUH5AYMEy0l8dkqrQAAAvFJREFUKBUB5gIZ/QEAAP8BAAAAAAMG6AD9+hn/GzA//wD//wAAAAD+AAAAAgABAQDl0MEBAwbmAf36GQAAAAAAAQEC9QH//gv/Gi1GFQEC+OoAAAAAAAAAAAABAQAA//8AAAAAAAAAAAD//ggX5tO66gID9AEBFSRxAgYLzRQAAADpAAAAAP7+/gDl0cMPAAAA+wAAAPkbLz39AgICAAAAAAAAAAAs+vU12AEbLz4bAAAA5P8AAAAA//4A5NDDEwEBAO///wABAQEAAP//ABwcMD7hAQEBAAAAAAAAAAAaAgAAAOAAAAAAAQEBAOXRwxUAAADw//8AAgAAAAD//wAAAAAA5OXRwhcAAQEAAAAAAAAAAOICAAAABP3+/gDjzsAT//8A7gAAAAEAAAD+AAAA/wAAAAAAAAAA//8A7ePOwA/+/v4AAAAABAIAAAAAAAAAAAAAAO8AAAABAAAAAAAAAAIAAAABAAAAAAAAAAgAAAD/AAAA8wAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAA8AAAAEAAAA/gAAAP8AAAADAAAA/gAAAP8AAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAA7wAAAPsAAAARAAAABAAAAP4AAAAAAAAAAgAAABYAAAAAAAAAAAIAAAD8AwICAB0yQP78/v4GAAAA/wAAAPAAAAD9AAAA/wAAAPr9//8aHTJA6AICAgAAAAD8AgAAADIAAAAAAP//AB4wPvgAAAARAQEA/gEBAP4BAQABAAAAGB0vPeIA//8AAAAAAAAAABAC+vUz1QAAAA8AAAAAAwMDABwwPu3//wAe//8AAv//ABAcMD7lAwMDAAAAAAAAAAAG+vU0+QEBAvUB//4L/xotRhUBAvjqAAAAAAAAAAAAAQEAAP//AAAAAAAAAAAA//4IF+bTuuoCA/QBAQAA/wEAAAAAAwboAP36Gf8bMD//AP//AAAAAP4AAAACAAEBAOXQwQEDBuYB/foZAAAAAAD4I6qbK3+1zQAAAABJRU5ErkJggg==)](https://github.com/apcj-f5/nap-devsecops-demo/actions?query=workflow%3ASemgrep) +[![powered by semgrep](https://img.shields.io/badge/powered%20by-semgrep-1B2F3D?labelColor=lightgrey&link=https://semgrep.live/&style=flat-square&logo=data%3Aimage%2Fpng%3Bbase64%2CiVBORw0KGgoAAAANSUhEUgAAAA0AAAAOCAYAAAD0f5bSAAAABmJLR0QA/gD+AP+cH+QUAAAACXBIWXMAAA3XAAAN1wFCKJt4AAAAB3RJTUUH5AYMEy0l8dkqrQAAAvFJREFUKBUB5gIZ/QEAAP8BAAAAAAMG6AD9+hn/GzA//wD//wAAAAD+AAAAAgABAQDl0MEBAwbmAf36GQAAAAAAAQEC9QH//gv/Gi1GFQEC+OoAAAAAAAAAAAABAQAA//8AAAAAAAAAAAD//ggX5tO66gID9AEBFSRxAgYLzRQAAADpAAAAAP7+/gDl0cMPAAAA+wAAAPkbLz39AgICAAAAAAAAAAAs+vU12AEbLz4bAAAA5P8AAAAA//4A5NDDEwEBAO///wABAQEAAP//ABwcMD7hAQEBAAAAAAAAAAAaAgAAAOAAAAAAAQEBAOXRwxUAAADw//8AAgAAAAD//wAAAAAA5OXRwhcAAQEAAAAAAAAAAOICAAAABP3+/gDjzsAT//8A7gAAAAEAAAD+AAAA/wAAAAAAAAAA//8A7ePOwA/+/v4AAAAABAIAAAAAAAAAAAAAAO8AAAABAAAAAAAAAAIAAAABAAAAAAAAAAgAAAD/AAAA8wAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAA8AAAAEAAAA/gAAAP8AAAADAAAA/gAAAP8AAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAA7wAAAPsAAAARAAAABAAAAP4AAAAAAAAAAgAAABYAAAAAAAAAAAIAAAD8AwICAB0yQP78/v4GAAAA/wAAAPAAAAD9AAAA/wAAAPr9//8aHTJA6AICAgAAAAD8AgAAADIAAAAAAP//AB4wPvgAAAARAQEA/gEBAP4BAQABAAAAGB0vPeIA//8AAAAAAAAAABAC+vUz1QAAAA8AAAAAAwMDABwwPu3//wAe//8AAv//ABAcMD7lAwMDAAAAAAAAAAAG+vU0+QEBAvUB//4L/xotRhUBAvjqAAAAAAAAAAAAAQEAAP//AAAAAAAAAAAA//4IF+bTuuoCA/QBAQAA/wEAAAAAAwboAP36Gf8bMD//AP//AAAAAP4AAAACAAEBAOXQwQEDBuYB/foZAAAAAAD4I6qbK3+1zQAAAABJRU5ErkJggg==)](https://github.com/apcj-f5/nap-devsecops-demo/actions/workflows/secops-code-scan.yml) [![pre-commit.ci status](https://results.pre-commit.ci/badge/github/apcj-f5/nap-devsecops-demo/master.svg)](https://results.pre-commit.ci/latest/github/apcj-f5/nap-devsecops-demo/master) [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/apcj-f5/nap-devsecops-demo/badge)](https://api.securityscorecards.dev/projects/github.com/apcj-f5/nap-devsecops-demo) [![OpenSSF Best Practices](https://bestpractices.coreinfrastructure.org/projects/7409/badge)](https://bestpractices.coreinfrastructure.org/projects/7409)