From 71953a849df0b90f237bbfacaccf79545363cecf Mon Sep 17 00:00:00 2001 From: Ananth Kamath <39478639+ananthkamath@users.noreply.github.com> Date: Mon, 15 Apr 2024 14:56:33 +0530 Subject: [PATCH] Add Endor Labs scan pipeline --- .github/workflows/endorlabs.yml | 41 +++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100644 .github/workflows/endorlabs.yml diff --git a/.github/workflows/endorlabs.yml b/.github/workflows/endorlabs.yml new file mode 100644 index 0000000..018e06a --- /dev/null +++ b/.github/workflows/endorlabs.yml @@ -0,0 +1,41 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +name: Endor Labs +on: + push: + branches: [ "add-endor-labs-scan" ] + pull_request: + branches: [ "master" ] + # schedule: + # - cron: '29 0 * * 2' +jobs: + scan: + permissions: + security-events: write # Used to upload sarif artifact to GitHub + contents: read # Used to checkout a private repository by actions/checkout. + actions: read # Required for private repositories to upload sarif files. GitHub Advanced Security licenses are required. + id-token: write # Used for keyless authentication to Endor Labs + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v3 + - name: Endor Labs scan pull request + if: github.event_name == 'pull_request' + uses: endorlabs/github-action@b51bd06466b545f01a6ac788e3e1147695d3936c + with: + namespace: "infinitekamath" + sarif_file: findings.sarif + - name: Endor Labs scan monitor + if: github.event_name == 'push' + uses: endorlabs/github-action@b51bd06466b545f01a6ac788e3e1147695d3936c + with: + namespace: "infinitekamath" + ci_run: "false" + sarif_file: findings.sarif + - name: Upload SARIF to github + uses: github/codeql-action/upload-sarif@9885f86fab4879632b7e44514f19148225dfbdcd + with: + sarif_file: findings.sarif