From 19ceb2053c5cca9985f07f4e29d6c30dd390d87c Mon Sep 17 00:00:00 2001 From: jjuaniveson Date: Mon, 11 Mar 2024 11:34:18 +0000 Subject: [PATCH] DWN-51053: Added semgrep to new config.yml --- .circleci/config.yml | 44 +++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 43 insertions(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index ec5bf18a8..100202170 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -6,7 +6,7 @@ parameters: default: false orbs: - gresham: gresham-computing/gresham-orb@5.1.0 + gresham: gresham-computing/gresham-orb@5.8.0 executors: docker-executor: @@ -16,6 +16,10 @@ executors: aws_access_key_id: $GIS_PRD_ECR_INT_BUILD_ACCESS_KEY aws_secret_access_key: $GIS_PRD_ECR_INT_BUILD_SECRET_ACCESS_KEY + linux-machine: + machine: + image: ubuntu-2204:2023.10.1 + jobs: build-and-deploy: executor: docker-executor @@ -83,6 +87,22 @@ jobs: - gresham/whitelist-remove: pattern: OpenId + semgrep-scan: + executor: linux-machine + resource_class: medium + steps: + - checkout + - gresham/get-whitelister + - gresham/whitelist-add: + pattern: OpenId + kondukto: true + - gresham/semgrep-scan: + kondukto: true + konduktoProject: "openid-connect-server" + konduktoBranch: "${CIRCLE_BRANCH}" + - gresham/whitelist-remove: + pattern: OpenId + kondukto: true workflows: build-and-test: unless: << pipeline.parameters.release >> @@ -112,6 +132,28 @@ workflows: branches: only: 1.3.x + semgrep-scan: + when: << pipeline.parameters.semgrep_scan >> + jobs: + - semgrep-scan: + context: + - gresham-aws + - CircleCi-Gresham-Credentials + + scheduled-security-scan: + triggers: + - schedule: + cron: 0 4 * * 1 + filters: + branches: + only: main + jobs: + - semgrep-scan: + name: Semgrep Scan + context: + - gresham-aws + - CircleCi-Gresham-Credentials + commands: setup-git-credentials: steps: