diff --git a/.github/workflows/smoke-tests.yaml b/.github/workflows/smoke-tests.yaml new file mode 100644 index 00000000..2607e6a1 --- /dev/null +++ b/.github/workflows/smoke-tests.yaml @@ -0,0 +1,98 @@ +name: Smoke Tests + +on: + pull_request: + types: [opened, synchronize, reopened] + paths: ['scanners/**'] + +jobs: + github-action: + name: Github Actions + runs-on: ubuntu-latest + steps: + - name: Checkout scanner registry + uses: actions/checkout@v4 + with: + fetch-depth: 0 # Need full history to detect changes + - name: Run Tests + uses: martin-boost-dev/boostsec-registry-test-action@987118ea9f07ca0225f2ad0df77da78ea498aec2 + with: + provider: github + provider-config: | + { + "token": "${{ secrets.BOOST_GITHUB_TEST_RUNNER }}", + "owner": "martin-boost-dev", + "repo": "boostsec-registry-test-runner", + "workflow_id": "test-scanner.yml" + } + registry-path: "." + base-ref: "main" + head-ref: "${{ github.head_ref }}" + + gitlab-action: + name: Gitlab-ci + runs-on: ubuntu-latest + steps: + - name: Checkout scanner registry + uses: actions/checkout@v4 + with: + fetch-depth: 0 # Need full history to detect changes + - name: Run Tests + uses: martin-boost-dev/boostsec-registry-test-action@987118ea9f07ca0225f2ad0df77da78ea498aec2 + with: + provider: gitlab + provider-config: | + { + "token": "${{ secrets.BOOST_GITLAB_PROJECT_TOKEN }}", + "project_id": "boostsecurityio/martin/boostsec-registry-test-runner" + } + registry-path: "." + base-ref: "main" + head-ref: "${{ github.head_ref }}" + + azure-devops: + name: Azure DevOps + runs-on: ubuntu-latest + steps: + - name: Checkout scanner registry + uses: actions/checkout@v4 + with: + fetch-depth: 0 # Need full history to detect changes + - name: Run Tests + uses: martin-boost-dev/boostsec-registry-test-action@987118ea9f07ca0225f2ad0df77da78ea498aec2 + with: + provider: azure + provider-config: | + { + "token": "${{ secrets.BOOST_AZURE_DEVOPS_PAT }}", + "organization": "boostsecurityio", + "project": "Martin", + "pipeline_id": 51 + } + registry-path: "." + base-ref: "main" + head-ref: "${{ github.head_ref }}" + + bitbucket: + name: Bitbucket Pipelines + runs-on: ubuntu-latest + steps: + - name: Checkout scanner registry + uses: actions/checkout@v4 + with: + fetch-depth: 0 # Need full history to detect changes + - name: Run Tests + uses: martin-boost-dev/boostsec-registry-test-action@987118ea9f07ca0225f2ad0df77da78ea498aec2 + with: + provider: bitbucket + provider-config: | + { + "username": "${{ secrets.BOOST_BITBUCKET_USERNAME }}", + "api_token": "${{ secrets.BOOST_BITBUCKET_API_TOKEN }}", + "workspace": "boostsecurityio", + "repo_slug": "boostsec-registry-test-runner", + "branch": "main" + } + registry-path: "." + base-ref: "main" + head-ref: "${{ github.head_ref }}" diff --git a/scanners/boostsecurityio/trivy-fs/module.yaml b/scanners/boostsecurityio/trivy-fs/module.yaml index 90d21d71..9dc9a47b 100644 --- a/scanners/boostsecurityio/trivy-fs/module.yaml +++ b/scanners/boostsecurityio/trivy-fs/module.yaml @@ -1,5 +1,5 @@ api_version: 1.0 - +# Bump id: boostsecurityio/trivy-fs name: Trivy (Filesystem scanning) namespace: boostsecurityio/trivy-fs diff --git a/scanners/boostsecurityio/trivy-fs/tests.yaml b/scanners/boostsecurityio/trivy-fs/tests.yaml new file mode 100644 index 00000000..d19c65d5 --- /dev/null +++ b/scanners/boostsecurityio/trivy-fs/tests.yaml @@ -0,0 +1,12 @@ +version: "1.0" +tests: + - name: "gitleaks" + type: "source-code" + source: + url: "git@github.com:gitleaks/gitleaks.git" + ref: "v8.15.2" + - name: "osv-scanner" + type: "source-code" + source: + url: "git@github.com:google/osv-scanner.git" + ref: "main" diff --git a/scanners/boostsecurityio/trivy-image/tests.yaml b/scanners/boostsecurityio/trivy-image/tests.yaml new file mode 100644 index 00000000..73e729ce --- /dev/null +++ b/scanners/boostsecurityio/trivy-image/tests.yaml @@ -0,0 +1,10 @@ +version: "1.0" +tests: + - name: "Image scanning" + type: "container-image" + source: + url: "https://github.com/martin-boost-dev/boost-poc-registry-testing-trivy" + ref: "main" + scan_paths: + - "rclone" + - "osv-scanner" diff --git a/scanners/boostsecurityio/trivy-sbom/tests.yaml b/scanners/boostsecurityio/trivy-sbom/tests.yaml new file mode 100644 index 00000000..18b62be0 --- /dev/null +++ b/scanners/boostsecurityio/trivy-sbom/tests.yaml @@ -0,0 +1,10 @@ +version: "1.0" +tests: + - name: "Source code scan" + type: "source-code" + source: + url: "https://github.com/martin-boost-dev/boost-poc-registry-testing-trivy" + ref: "main" + scan_paths: + - "rclone" + - "osv-scanner"