DWN-51053: Added semgrep to new config.yml
jjuaniveson
parent
fae4cc43e8
commit
19ceb2053c
|
|
@ -6,7 +6,7 @@ parameters:
|
||||||
default: false
|
default: false
|
||||||
|
|
||||||
orbs:
|
orbs:
|
||||||
gresham: gresham-computing/gresham-orb@5.1.0
|
gresham: gresham-computing/gresham-orb@5.8.0
|
||||||
|
|
||||||
executors:
|
executors:
|
||||||
docker-executor:
|
docker-executor:
|
||||||
|
|
@ -16,6 +16,10 @@ executors:
|
||||||
aws_access_key_id: $GIS_PRD_ECR_INT_BUILD_ACCESS_KEY
|
aws_access_key_id: $GIS_PRD_ECR_INT_BUILD_ACCESS_KEY
|
||||||
aws_secret_access_key: $GIS_PRD_ECR_INT_BUILD_SECRET_ACCESS_KEY
|
aws_secret_access_key: $GIS_PRD_ECR_INT_BUILD_SECRET_ACCESS_KEY
|
||||||
|
|
||||||
|
linux-machine:
|
||||||
|
machine:
|
||||||
|
image: ubuntu-2204:2023.10.1
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
build-and-deploy:
|
build-and-deploy:
|
||||||
executor: docker-executor
|
executor: docker-executor
|
||||||
|
|
@ -83,6 +87,22 @@ jobs:
|
||||||
- gresham/whitelist-remove:
|
- gresham/whitelist-remove:
|
||||||
pattern: OpenId
|
pattern: OpenId
|
||||||
|
|
||||||
|
semgrep-scan:
|
||||||
|
executor: linux-machine
|
||||||
|
resource_class: medium
|
||||||
|
steps:
|
||||||
|
- checkout
|
||||||
|
- gresham/get-whitelister
|
||||||
|
- gresham/whitelist-add:
|
||||||
|
pattern: OpenId
|
||||||
|
kondukto: true
|
||||||
|
- gresham/semgrep-scan:
|
||||||
|
kondukto: true
|
||||||
|
konduktoProject: "openid-connect-server"
|
||||||
|
konduktoBranch: "${CIRCLE_BRANCH}"
|
||||||
|
- gresham/whitelist-remove:
|
||||||
|
pattern: OpenId
|
||||||
|
kondukto: true
|
||||||
workflows:
|
workflows:
|
||||||
build-and-test:
|
build-and-test:
|
||||||
unless: << pipeline.parameters.release >>
|
unless: << pipeline.parameters.release >>
|
||||||
|
|
@ -112,6 +132,28 @@ workflows:
|
||||||
branches:
|
branches:
|
||||||
only: 1.3.x
|
only: 1.3.x
|
||||||
|
|
||||||
|
semgrep-scan:
|
||||||
|
when: << pipeline.parameters.semgrep_scan >>
|
||||||
|
jobs:
|
||||||
|
- semgrep-scan:
|
||||||
|
context:
|
||||||
|
- gresham-aws
|
||||||
|
- CircleCi-Gresham-Credentials
|
||||||
|
|
||||||
|
scheduled-security-scan:
|
||||||
|
triggers:
|
||||||
|
- schedule:
|
||||||
|
cron: 0 4 * * 1
|
||||||
|
filters:
|
||||||
|
branches:
|
||||||
|
only: main
|
||||||
|
jobs:
|
||||||
|
- semgrep-scan:
|
||||||
|
name: Semgrep Scan
|
||||||
|
context:
|
||||||
|
- gresham-aws
|
||||||
|
- CircleCi-Gresham-Credentials
|
||||||
|
|
||||||
commands:
|
commands:
|
||||||
setup-git-credentials:
|
setup-git-credentials:
|
||||||
steps:
|
steps:
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue