Merge branch 'master' into bugs/asset-reference

uttamukkoji · uttamukkoji · commit 20c944c5a783 · 2022-10-13T11:24:47.000+05:30
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -12,8 +12,6 @@
 name: "CodeQL"
 
 on:
-  push:
-    branches: '*'
   pull_request:
     # The branches below must be a subset of the branches above
     branches: '*'
diff --git a/.github/workflows/jira.yml b/.github/workflows/jira.yml
@@ -0,0 +1,28 @@
+name: Create JIRA ISSUE
+on:
+  pull_request:
+    types: [opened]
+jobs:
+  security:
+    if: ${{ github.actor == 'dependabot[bot]' || github.actor == 'snyk-bot' || contains(github.event.pull_request.head.ref, 'snyk-fix-')  || contains(github.event.pull_request.head.ref, 'snyk-upgrade-')}}
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Login into JIRA
+        uses: atlassian/gajira-login@master
+        env:
+          JIRA_BASE_URL: ${{ secrets.JIRA_BASE_URL }}
+          JIRA_USER_EMAIL: ${{ secrets.JIRA_USER_EMAIL }}
+          JIRA_API_TOKEN: ${{ secrets.JIRA_API_TOKEN }}
+      - name: Create a JIRA Issue
+        id: create
+        uses: atlassian/gajira-create@master
+        with:
+          project: ${{ secrets.JIRA_PROJECT }}
+          issuetype: ${{ secrets.JIRA_ISSUE_TYPE }}
+          summary: |
+            ${{ github.event.pull_request.title }}
+          description: |
+            PR: ${{ github.event.pull_request.html_url }}
+
+          fields: "${{ secrets.JIRA_FIELDS }}"
diff --git a/.github/workflows/sast-scan.yml b/.github/workflows/sast-scan.yml
@@ -1,8 +1,5 @@
 name: SAST Scan
 on:
-  push:
-    branches:
-      - '*'
   pull_request:
     types: [opened, synchronize, reopened]
 jobs:
@@ -11,4 +8,4 @@ jobs:
     steps:
       - uses: actions/checkout@v2
       - name: Horusec Scan
-        run: docker run -v /var/run/docker.sock:/var/run/docker.sock -v $(pwd):/src horuszup/horusec-cli:latest horusec start -p /src -P $(pwd)
+        run: docker run -v /var/run/docker.sock:/var/run/docker.sock -v $(pwd):/src horuszup/horusec-cli:latest horusec start -p /src -P $(pwd)
diff --git a/.github/workflows/sca-monitor.yml b/.github/workflows/sca-monitor.yml
diff --git a/.github/workflows/sca-scan.yml b/.github/workflows/sca-scan.yml
@@ -1,8 +1,5 @@
 name: Source Composition Analysis Scan
 on:
-  push:
-    branches:
-      - master
   pull_request:
     types: [opened, synchronize, reopened]
 jobs:
@@ -14,3 +11,5 @@ jobs:
         uses: snyk/actions/node@master
         env:
           SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          args: --all-projects
diff --git a/.github/workflows/secrets-scan.yml b/.github/workflows/secrets-scan.yml
@@ -1,8 +1,5 @@
 name: Secrets Scan
 on:
-  push:
-    branches:
-      - '*'
   pull_request:
     types: [opened, synchronize, reopened]
 jobs:
@@ -11,4 +8,4 @@ jobs:
     steps:
       - uses: actions/checkout@v2
       - name: Gittyleaks
-        uses: gupy-io/gittyleaks-action@v0.1
+        uses: gupy-io/gittyleaks-action@v0.1
