From 7fa1f0b0b93d7815296df4638836ccd4cb93dd75 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fran=C3=A7ois=20Proulx?= <76956526+fproulx-boostsecurity@users.noreply.github.com> Date: Fri, 6 May 2022 17:48:35 -0400 Subject: [PATCH 01/40] Setup Pull config --- .github/pull.yml | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 .github/pull.yml diff --git a/.github/pull.yml b/.github/pull.yml new file mode 100644 index 0000000000000..6deb1c0343057 --- /dev/null +++ b/.github/pull.yml @@ -0,0 +1,6 @@ +version: "1" +rules: + - base: master + upstream: null:master + mergeMethod: merge + mergeUnstable: true \ No newline at end of file From 44267e1fe272bcfc5de7d63a92a2e526d619a4d0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fran=C3=A7ois=20Proulx?= <76956526+fproulx-boostsecurity@users.noreply.github.com> Date: Fri, 6 May 2022 17:48:36 -0400 Subject: [PATCH 02/40] Setup Boost Workflow --- .github/workflows/boost.yml | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 .github/workflows/boost.yml diff --git a/.github/workflows/boost.yml b/.github/workflows/boost.yml new file mode 100644 index 0000000000000..6deb1c0343057 --- /dev/null +++ b/.github/workflows/boost.yml @@ -0,0 +1,6 @@ +version: "1" +rules: + - base: master + upstream: null:master + mergeMethod: merge + mergeUnstable: true \ No newline at end of file From 17255ff68db84910f58e148e1ff8036021259c50 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fran=C3=A7ois=20Proulx?= <76956526+fproulx-boostsecurity@users.noreply.github.com> Date: Sun, 8 May 2022 22:10:28 -0400 Subject: [PATCH 03/40] Setup Boost Workflow --- .github/workflows/boost.yml | 40 +++++++++++++++++++++++++++++++------ 1 file changed, 34 insertions(+), 6 deletions(-) diff --git a/.github/workflows/boost.yml b/.github/workflows/boost.yml index 6deb1c0343057..263d7adabefb7 100644 --- a/.github/workflows/boost.yml +++ b/.github/workflows/boost.yml @@ -1,6 +1,34 @@ -version: "1" -rules: - - base: master - upstream: null:master - mergeMethod: merge - mergeUnstable: true \ No newline at end of file +name: SAST +on: + workflow_dispatch: + inputs: + logLevel: + description: 'Log level' + required: true + default: 'INFO' + type: choice + options: + - INFO + - DEBUG + push: + branches: + - master +jobs: + boost_security_sast: + name: Boost Security / Native Scanner + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v2 + - name: Native Scanner + uses: peaudecastor/boost-security-scanner-github@v2 + env: + BOOST_CLI_URL: https://assets.build.boostsecurity.io + BOOST_LOG_LEVEL: ${{ github.event.inputs.logLevel }} + with: + action: scan + api_endpoint: https://devel.boostsecurity.dev + api_token: ${{ secrets.BOOST_API_TOKEN_DEV }} + additional_args: --disable-telemetry --api-version v2 + cli_version: 3.0.0.rc483 + scanner_version: 3.0.0.rc483 \ No newline at end of file From 1ef17a1b111836b8b297e3d2e6c80a560d52ad96 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fran=C3=A7ois=20Proulx?= <76956526+fproulx-boostsecurity@users.noreply.github.com> Date: Mon, 9 May 2022 20:35:15 -0400 Subject: [PATCH 04/40] Setup Pull config --- .github/pull.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/pull.yml b/.github/pull.yml index 6deb1c0343057..dcf9da2c3cd49 100644 --- a/.github/pull.yml +++ b/.github/pull.yml @@ -1,6 +1,6 @@ version: "1" rules: - base: master - upstream: null:master + upstream: PostHog:master mergeMethod: merge mergeUnstable: true \ No newline at end of file From eb7a8da0329fdcad38638b6804da0865adb651d0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fran=C3=A7ois=20Proulx?= <76956526+fproulx-boostsecurity@users.noreply.github.com> Date: Wed, 11 May 2022 11:48:31 -0400 Subject: [PATCH 05/40] Setup Boost Workflow --- .github/workflows/boost.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/boost.yml b/.github/workflows/boost.yml index 263d7adabefb7..47d532b40e127 100644 --- a/.github/workflows/boost.yml +++ b/.github/workflows/boost.yml @@ -28,7 +28,7 @@ jobs: with: action: scan api_endpoint: https://devel.boostsecurity.dev - api_token: ${{ secrets.BOOST_API_TOKEN_DEV }} + api_token: ${{ secrets.BOOST_API_KEY }} additional_args: --disable-telemetry --api-version v2 cli_version: 3.0.0.rc483 scanner_version: 3.0.0.rc483 \ No newline at end of file From ce5f3f2893a1196c0080af676838673aad08c105 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fran=C3=A7ois=20Proulx?= <76956526+fproulx-boostsecurity@users.noreply.github.com> Date: Wed, 11 May 2022 15:25:25 -0400 Subject: [PATCH 06/40] Setup Boost Workflow --- .github/workflows/boost.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/boost.yml b/.github/workflows/boost.yml index 47d532b40e127..04da48ea91ac6 100644 --- a/.github/workflows/boost.yml +++ b/.github/workflows/boost.yml @@ -27,7 +27,7 @@ jobs: BOOST_LOG_LEVEL: ${{ github.event.inputs.logLevel }} with: action: scan - api_endpoint: https://devel.boostsecurity.dev + api_endpoint: https://api.boostsecurity.net api_token: ${{ secrets.BOOST_API_KEY }} additional_args: --disable-telemetry --api-version v2 cli_version: 3.0.0.rc483 From 6736bb36476565132ca54342fdf508840eeb18ea Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fran=C3=A7ois=20Proulx?= <76956526+fproulx-boostsecurity@users.noreply.github.com> Date: Wed, 1 Jun 2022 16:53:24 -0400 Subject: [PATCH 07/40] Updating Boost Workflow --- .github/workflows/boost.yml | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/.github/workflows/boost.yml b/.github/workflows/boost.yml index 04da48ea91ac6..1c21eab7a95c5 100644 --- a/.github/workflows/boost.yml +++ b/.github/workflows/boost.yml @@ -21,14 +21,9 @@ jobs: - name: Checkout uses: actions/checkout@v2 - name: Native Scanner - uses: peaudecastor/boost-security-scanner-github@v2 + uses: boostsecurityio/boostsec-scanner-github@v3 env: - BOOST_CLI_URL: https://assets.build.boostsecurity.io BOOST_LOG_LEVEL: ${{ github.event.inputs.logLevel }} with: action: scan - api_endpoint: https://api.boostsecurity.net - api_token: ${{ secrets.BOOST_API_KEY }} - additional_args: --disable-telemetry --api-version v2 - cli_version: 3.0.0.rc483 - scanner_version: 3.0.0.rc483 \ No newline at end of file + api_token: ${{ secrets.BOOST_API_KEY }} \ No newline at end of file From 22e5863c79b89c1fa82b954ad3f2b8b95391ad27 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fran=C3=A7ois=20Proulx?= <76956526+fproulx-boostsecurity@users.noreply.github.com> Date: Wed, 3 Aug 2022 12:50:20 -0400 Subject: [PATCH 08/40] Updating Boost Workflow --- .github/workflows/boost.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/boost.yml b/.github/workflows/boost.yml index 1c21eab7a95c5..9bf9fbcfed960 100644 --- a/.github/workflows/boost.yml +++ b/.github/workflows/boost.yml @@ -26,4 +26,5 @@ jobs: BOOST_LOG_LEVEL: ${{ github.event.inputs.logLevel }} with: action: scan - api_token: ${{ secrets.BOOST_API_KEY }} \ No newline at end of file + api_token: ${{ secrets.BOOST_API_KEY }} + scanner_version: 3.0.0.rc33 \ No newline at end of file From 3b83c6f6bddd06500dd02b1fbb73520513e20d14 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fran=C3=A7ois=20Proulx?= <76956526+fproulx-boostsecurity@users.noreply.github.com> Date: Wed, 3 Aug 2022 12:56:47 -0400 Subject: [PATCH 09/40] Updating Boost Workflow --- .github/workflows/boost.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/boost.yml b/.github/workflows/boost.yml index 9bf9fbcfed960..c35375add9914 100644 --- a/.github/workflows/boost.yml +++ b/.github/workflows/boost.yml @@ -27,4 +27,4 @@ jobs: with: action: scan api_token: ${{ secrets.BOOST_API_KEY }} - scanner_version: 3.0.0.rc33 \ No newline at end of file + scanner_version: 3.0.0.rc33 \ No newline at end of file From 22857b056198dfca8dd3bf73c6694e3036d65919 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fran=C3=A7ois=20Proulx?= <76956526+fproulx-boostsecurity@users.noreply.github.com> Date: Wed, 3 Aug 2022 13:15:12 -0400 Subject: [PATCH 10/40] Updating Boost Workflow --- .github/workflows/boost.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/boost.yml b/.github/workflows/boost.yml index c35375add9914..42871012e39aa 100644 --- a/.github/workflows/boost.yml +++ b/.github/workflows/boost.yml @@ -27,4 +27,4 @@ jobs: with: action: scan api_token: ${{ secrets.BOOST_API_KEY }} - scanner_version: 3.0.0.rc33 \ No newline at end of file + scanner_version: 3.0.0.rc33 # Run ID 1 \ No newline at end of file From 01b8fb42da6da940617477269b5a095ba1890542 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fran=C3=A7ois=20Proulx?= <76956526+fproulx-boostsecurity@users.noreply.github.com> Date: Wed, 3 Aug 2022 13:30:32 -0400 Subject: [PATCH 11/40] Updating Boost Workflow --- .github/workflows/boost.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/boost.yml b/.github/workflows/boost.yml index 42871012e39aa..5c81ae7aefcc2 100644 --- a/.github/workflows/boost.yml +++ b/.github/workflows/boost.yml @@ -24,6 +24,7 @@ jobs: uses: boostsecurityio/boostsec-scanner-github@v3 env: BOOST_LOG_LEVEL: ${{ github.event.inputs.logLevel }} + BOOST_GIT_MAIN_BRANCH: master with: action: scan api_token: ${{ secrets.BOOST_API_KEY }} From dd393da27bd227e7e735c2361ec0b9b6e2cb5a0f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fran=C3=A7ois=20Proulx?= <76956526+fproulx-boostsecurity@users.noreply.github.com> Date: Wed, 3 Aug 2022 13:50:23 -0400 Subject: [PATCH 12/40] Updating Boost Workflow --- .github/workflows/boost.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/boost.yml b/.github/workflows/boost.yml index 5c81ae7aefcc2..a3d131562be72 100644 --- a/.github/workflows/boost.yml +++ b/.github/workflows/boost.yml @@ -28,4 +28,4 @@ jobs: with: action: scan api_token: ${{ secrets.BOOST_API_KEY }} - scanner_version: 3.0.0.rc33 # Run ID 1 \ No newline at end of file + scanner_version: 3.0.0.rc33 # Run ID 2 \ No newline at end of file From b4882ca2cd48ed7417a71f7fe7d7b979ba7e9cf9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fran=C3=A7ois=20Proulx?= <76956526+fproulx-boostsecurity@users.noreply.github.com> Date: Wed, 3 Aug 2022 14:32:11 -0400 Subject: [PATCH 13/40] Updating Boost Workflow --- .github/workflows/boost.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/boost.yml b/.github/workflows/boost.yml index a3d131562be72..62f7a519e5287 100644 --- a/.github/workflows/boost.yml +++ b/.github/workflows/boost.yml @@ -28,4 +28,4 @@ jobs: with: action: scan api_token: ${{ secrets.BOOST_API_KEY }} - scanner_version: 3.0.0.rc33 # Run ID 2 \ No newline at end of file + scanner_version: 3.0.0.rc33 # Run ID 3 \ No newline at end of file From 2c7d8459e4116572b79c1d635fe9315773a3392c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fran=C3=A7ois=20Proulx?= <76956526+fproulx-boostsecurity@users.noreply.github.com> Date: Thu, 4 Aug 2022 12:10:41 -0400 Subject: [PATCH 14/40] Updating Boost Workflow --- .github/workflows/boost.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/boost.yml b/.github/workflows/boost.yml index 62f7a519e5287..288f9186e6cfb 100644 --- a/.github/workflows/boost.yml +++ b/.github/workflows/boost.yml @@ -28,4 +28,4 @@ jobs: with: action: scan api_token: ${{ secrets.BOOST_API_KEY }} - scanner_version: 3.0.0.rc33 # Run ID 3 \ No newline at end of file + scanner_version: 3.0.0.rc33 # Run ID 4 \ No newline at end of file From 6c662b4770bc41cf5588a77416c891e01ce73b2a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fran=C3=A7ois=20Proulx?= <76956526+fproulx-boostsecurity@users.noreply.github.com> Date: Thu, 4 Aug 2022 14:45:08 -0400 Subject: [PATCH 15/40] Updating Boost Workflow --- .github/workflows/boost.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/boost.yml b/.github/workflows/boost.yml index 288f9186e6cfb..3246c2ccea4ea 100644 --- a/.github/workflows/boost.yml +++ b/.github/workflows/boost.yml @@ -28,4 +28,4 @@ jobs: with: action: scan api_token: ${{ secrets.BOOST_API_KEY }} - scanner_version: 3.0.0.rc33 # Run ID 4 \ No newline at end of file + scanner_version: 3.0.0.rc33 # Run ID 5 \ No newline at end of file From fa77a4ed3f41a75b26546cf3fff765b067b42f1c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fran=C3=A7ois=20Proulx?= <76956526+fproulx-boostsecurity@users.noreply.github.com> Date: Thu, 4 Aug 2022 20:56:44 -0400 Subject: [PATCH 16/40] Updating Boost Workflow --- .github/workflows/boost.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/boost.yml b/.github/workflows/boost.yml index 3246c2ccea4ea..b2e0730ee31b2 100644 --- a/.github/workflows/boost.yml +++ b/.github/workflows/boost.yml @@ -27,5 +27,4 @@ jobs: BOOST_GIT_MAIN_BRANCH: master with: action: scan - api_token: ${{ secrets.BOOST_API_KEY }} - scanner_version: 3.0.0.rc33 # Run ID 5 \ No newline at end of file + api_token: ${{ secrets.BOOST_API_KEY }} \ No newline at end of file From 7a32a3e5fed56be84dd2e55eb5309f817628aeaa Mon Sep 17 00:00:00 2001 From: "boostsecurity.io entropy" Date: Thu, 6 Oct 2022 18:04:49 -0400 Subject: [PATCH 17/40] Managed by boost-entropy-sandbox/terraform-entropy --- .github/workflows/boost.yml | 48 +++++++++++++++++++++---------------- 1 file changed, 27 insertions(+), 21 deletions(-) diff --git a/.github/workflows/boost.yml b/.github/workflows/boost.yml index b2e0730ee31b2..8708642fd18a1 100644 --- a/.github/workflows/boost.yml +++ b/.github/workflows/boost.yml @@ -1,30 +1,36 @@ -name: SAST -on: +name: boostsecurity.io +on: workflow_dispatch: - inputs: - logLevel: - description: 'Log level' - required: true - default: 'INFO' - type: choice - options: - - INFO - - DEBUG push: branches: - master + pull_request: + branches: + - master + types: + - opened + - synchronize jobs: - boost_security_sast: - name: Boost Security / Native Scanner + boost-sast: + name: SAST + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + - name: Run Native Scanner + uses: boostsecurityio/boostsec-scanner-github@v4 + with: + api_token: ${{ secrets.BOOST_API_TOKEN }} + registry_module: boostsecurityio/native-scanner + boost-sbom: + name: SBOM + if: github.event_name != 'pull_request' runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v2 - - name: Native Scanner - uses: boostsecurityio/boostsec-scanner-github@v3 - env: - BOOST_LOG_LEVEL: ${{ github.event.inputs.logLevel }} - BOOST_GIT_MAIN_BRANCH: master + uses: actions/checkout@v3 + - name: Upload SBOM from Trivy + uses: boostsecurityio/boostsec-scanner-github@v4 with: - action: scan - api_token: ${{ secrets.BOOST_API_KEY }} \ No newline at end of file + api_token: ${{ secrets.BOOST_API_TOKEN }} + registry_module: boostsecurityio/trivy-sbom \ No newline at end of file From eb416ec45317ff5462c1669263ea0fcf5895ed24 Mon Sep 17 00:00:00 2001 From: "boostsecurity.io entropy" Date: Fri, 7 Oct 2022 16:25:23 -0400 Subject: [PATCH 18/40] Managed by boost-entropy-sandbox/terraform-entropy --- .github/workflows/boost.yml | 25 ++++++++++++++++++++----- 1 file changed, 20 insertions(+), 5 deletions(-) diff --git a/.github/workflows/boost.yml b/.github/workflows/boost.yml index 8708642fd18a1..cd47390dd5056 100644 --- a/.github/workflows/boost.yml +++ b/.github/workflows/boost.yml @@ -11,8 +11,8 @@ on: - opened - synchronize jobs: - boost-sast: - name: SAST + boost-native: + name: Native Scanner runs-on: ubuntu-latest steps: - name: Checkout @@ -22,15 +22,30 @@ jobs: with: api_token: ${{ secrets.BOOST_API_TOKEN }} registry_module: boostsecurityio/native-scanner + boost-sbom: name: SBOM - if: github.event_name != 'pull_request' runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v3 - - name: Upload SBOM from Trivy + - name: Run SBOM uses: boostsecurityio/boostsec-scanner-github@v4 with: api_token: ${{ secrets.BOOST_API_TOKEN }} - registry_module: boostsecurityio/trivy-sbom \ No newline at end of file + registry_module: boostsecurityio/trivy-sbom + + boost-semgrep: + name: semgrep + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + - name: Run semgrep + uses: boostsecurityio/boostsec-scanner-github@v4 + with: + api_token: ${{ secrets.BOOST_API_TOKEN }} + registry_module: boostsecurityio/semgrep-scanner + - env: + - SEMGREP_RULES: p/python + From 6750cd6c9a333fd5833c8cc0d222a93b6ef87002 Mon Sep 17 00:00:00 2001 From: "boostsecurity.io entropy" Date: Fri, 7 Oct 2022 23:19:38 -0400 Subject: [PATCH 19/40] Managed by boost-entropy-sandbox/terraform-entropy --- .github/workflows/boost.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/boost.yml b/.github/workflows/boost.yml index cd47390dd5056..701902d0058da 100644 --- a/.github/workflows/boost.yml +++ b/.github/workflows/boost.yml @@ -46,6 +46,6 @@ jobs: with: api_token: ${{ secrets.BOOST_API_TOKEN }} registry_module: boostsecurityio/semgrep-scanner - - env: - - SEMGREP_RULES: p/python + env: + SEMGREP_RULES: p/python From 749b3f83e1109dd388e374f1bda98e2e3d9e9056 Mon Sep 17 00:00:00 2001 From: "boostsecurity.io entropy" Date: Wed, 12 Oct 2022 19:15:37 -0400 Subject: [PATCH 20/40] Managed by boost-entropy-sandbox/terraform-entropy --- .github/workflows/boost.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/boost.yml b/.github/workflows/boost.yml index 701902d0058da..bd0634a839420 100644 --- a/.github/workflows/boost.yml +++ b/.github/workflows/boost.yml @@ -45,7 +45,7 @@ jobs: uses: boostsecurityio/boostsec-scanner-github@v4 with: api_token: ${{ secrets.BOOST_API_TOKEN }} - registry_module: boostsecurityio/semgrep-scanner + registry_module: boostsecurityio/semgrep env: SEMGREP_RULES: p/python From 79ffebd3e1ea249fa337ff0d4db89a8b49ead5a9 Mon Sep 17 00:00:00 2001 From: "boostsecurity.io entropy" Date: Thu, 13 Oct 2022 20:54:17 -0400 Subject: [PATCH 21/40] Managed by boost-entropy-sandbox/terraform-entropy --- .github/workflows/boost.yml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/.github/workflows/boost.yml b/.github/workflows/boost.yml index bd0634a839420..e63ad029b21dc 100644 --- a/.github/workflows/boost.yml +++ b/.github/workflows/boost.yml @@ -4,12 +4,6 @@ on: push: branches: - master - pull_request: - branches: - - master - types: - - opened - - synchronize jobs: boost-native: name: Native Scanner From fd8927c381a5276aa0d4de8b673a07977bf5f5ee Mon Sep 17 00:00:00 2001 From: "boostsecurity.io entropy" Date: Fri, 14 Oct 2022 10:42:10 -0400 Subject: [PATCH 22/40] Managed by boost-entropy-sandbox/terraform-entropy --- .github/workflows/boost.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/boost.yml b/.github/workflows/boost.yml index e63ad029b21dc..f562933885f9d 100644 --- a/.github/workflows/boost.yml +++ b/.github/workflows/boost.yml @@ -4,6 +4,7 @@ on: push: branches: - master + jobs: boost-native: name: Native Scanner From 974b33d2a0c06d9949660f831878085a3885668a Mon Sep 17 00:00:00 2001 From: "boostsecurity.io entropy" Date: Tue, 18 Oct 2022 09:49:39 -0400 Subject: [PATCH 23/40] Managed by boost-entropy-sandbox/terraform-entropy --- .github/workflows/boost.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/boost.yml b/.github/workflows/boost.yml index f562933885f9d..e63ad029b21dc 100644 --- a/.github/workflows/boost.yml +++ b/.github/workflows/boost.yml @@ -4,7 +4,6 @@ on: push: branches: - master - jobs: boost-native: name: Native Scanner From 6a97416a62c2fbfe7efa38dfcaaa2ea73c06f172 Mon Sep 17 00:00:00 2001 From: "boostsecurity.io entropy" Date: Wed, 19 Oct 2022 13:08:02 -0400 Subject: [PATCH 24/40] Managed by boost-entropy-sandbox/terraform-entropy --- .github/workflows/boost.yml | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/.github/workflows/boost.yml b/.github/workflows/boost.yml index e63ad029b21dc..72deb8e81e602 100644 --- a/.github/workflows/boost.yml +++ b/.github/workflows/boost.yml @@ -5,6 +5,21 @@ on: branches: - master jobs: + boost-codeql: + name: CodeQL + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + - name: Run CodeQL + uses: boostsecurityio/boostsec-scanner-github@v4 + with: + api_token: ${{ secrets.BOOST_API_TOKEN }} + registry_module: boostsecurityio/codeql + env: + CODEQL_LANGUAGE: python + + boost-native: name: Native Scanner runs-on: ubuntu-latest @@ -41,5 +56,5 @@ jobs: api_token: ${{ secrets.BOOST_API_TOKEN }} registry_module: boostsecurityio/semgrep env: - SEMGREP_RULES: p/python + SEMGREP_RULES: p/python p/r2c From a679e1069cc51d25c38f70911c2ea9ff60ad7891 Mon Sep 17 00:00:00 2001 From: "boostsecurity.io entropy" Date: Mon, 24 Oct 2022 18:06:23 -0400 Subject: [PATCH 25/40] Managed by boost-entropy-sandbox/terraform-entropy --- .github/workflows/boost.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/boost.yml b/.github/workflows/boost.yml index 72deb8e81e602..2dcae782649f2 100644 --- a/.github/workflows/boost.yml +++ b/.github/workflows/boost.yml @@ -6,12 +6,12 @@ on: - master jobs: boost-codeql: - name: CodeQL + name: CodeQL runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v3 - - name: Run CodeQL + - name: Run CodeQL uses: boostsecurityio/boostsec-scanner-github@v4 with: api_token: ${{ secrets.BOOST_API_TOKEN }} From 81cae35e79b4248be6abeb293286516e7f41110f Mon Sep 17 00:00:00 2001 From: "boostsecurity.io entropy" Date: Tue, 1 Nov 2022 10:23:29 -0400 Subject: [PATCH 26/40] Managed by boost-entropy-sandbox/terraform-entropy --- .github/workflows/boost.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/boost.yml b/.github/workflows/boost.yml index 2dcae782649f2..72deb8e81e602 100644 --- a/.github/workflows/boost.yml +++ b/.github/workflows/boost.yml @@ -6,12 +6,12 @@ on: - master jobs: boost-codeql: - name: CodeQL + name: CodeQL runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v3 - - name: Run CodeQL + - name: Run CodeQL uses: boostsecurityio/boostsec-scanner-github@v4 with: api_token: ${{ secrets.BOOST_API_TOKEN }} From 8fe8a741ce79b54d7cf9c7906dcf92609083783c Mon Sep 17 00:00:00 2001 From: "boostsecurity.io entropy" Date: Mon, 14 Nov 2022 16:13:52 -0500 Subject: [PATCH 27/40] Managed by boost-entropy-sandbox/terraform-entropy --- .github/workflows/boost.yml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/.github/workflows/boost.yml b/.github/workflows/boost.yml index 72deb8e81e602..27c74e219c730 100644 --- a/.github/workflows/boost.yml +++ b/.github/workflows/boost.yml @@ -32,6 +32,18 @@ jobs: api_token: ${{ secrets.BOOST_API_TOKEN }} registry_module: boostsecurityio/native-scanner + boost-safety: + name: Safety + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + - name: Run Safety + uses: boostsecurityio/boostsec-scanner-github@v4 + with: + api_token: ${{ secrets.BOOST_API_TOKEN }} + registry_module: boostsecurityio/safety + boost-sbom: name: SBOM runs-on: ubuntu-latest From c67f0ad499f2cbb21d87e782b114b5ac93089698 Mon Sep 17 00:00:00 2001 From: "boost-entropy[bot]" <124375835+boost-entropy[bot]@users.noreply.github.com> Date: Fri, 3 Feb 2023 17:35:47 +0000 Subject: [PATCH 28/40] Delete .github/workflows/boost.yml --- .github/workflows/boost.yml | 72 ------------------------------------- 1 file changed, 72 deletions(-) delete mode 100644 .github/workflows/boost.yml diff --git a/.github/workflows/boost.yml b/.github/workflows/boost.yml deleted file mode 100644 index 27c74e219c730..0000000000000 --- a/.github/workflows/boost.yml +++ /dev/null @@ -1,72 +0,0 @@ -name: boostsecurity.io -on: - workflow_dispatch: - push: - branches: - - master -jobs: - boost-codeql: - name: CodeQL - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v3 - - name: Run CodeQL - uses: boostsecurityio/boostsec-scanner-github@v4 - with: - api_token: ${{ secrets.BOOST_API_TOKEN }} - registry_module: boostsecurityio/codeql - env: - CODEQL_LANGUAGE: python - - - boost-native: - name: Native Scanner - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v3 - - name: Run Native Scanner - uses: boostsecurityio/boostsec-scanner-github@v4 - with: - api_token: ${{ secrets.BOOST_API_TOKEN }} - registry_module: boostsecurityio/native-scanner - - boost-safety: - name: Safety - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v3 - - name: Run Safety - uses: boostsecurityio/boostsec-scanner-github@v4 - with: - api_token: ${{ secrets.BOOST_API_TOKEN }} - registry_module: boostsecurityio/safety - - boost-sbom: - name: SBOM - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v3 - - name: Run SBOM - uses: boostsecurityio/boostsec-scanner-github@v4 - with: - api_token: ${{ secrets.BOOST_API_TOKEN }} - registry_module: boostsecurityio/trivy-sbom - - boost-semgrep: - name: semgrep - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v3 - - name: Run semgrep - uses: boostsecurityio/boostsec-scanner-github@v4 - with: - api_token: ${{ secrets.BOOST_API_TOKEN }} - registry_module: boostsecurityio/semgrep - env: - SEMGREP_RULES: p/python p/r2c - From 92b9578cfa10a2d8dc014a3eacdddf3fe2a01ca3 Mon Sep 17 00:00:00 2001 From: "boostsecurity.io entropy" Date: Fri, 3 Feb 2023 17:57:48 +0000 Subject: [PATCH 29/40] Managed by boost-sandbox/terraform-entropy --- .github/workflows/boost.yml | 72 +++++++++++++++++++++++++++++++++++++ 1 file changed, 72 insertions(+) create mode 100644 .github/workflows/boost.yml diff --git a/.github/workflows/boost.yml b/.github/workflows/boost.yml new file mode 100644 index 0000000000000..27c74e219c730 --- /dev/null +++ b/.github/workflows/boost.yml @@ -0,0 +1,72 @@ +name: boostsecurity.io +on: + workflow_dispatch: + push: + branches: + - master +jobs: + boost-codeql: + name: CodeQL + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + - name: Run CodeQL + uses: boostsecurityio/boostsec-scanner-github@v4 + with: + api_token: ${{ secrets.BOOST_API_TOKEN }} + registry_module: boostsecurityio/codeql + env: + CODEQL_LANGUAGE: python + + + boost-native: + name: Native Scanner + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + - name: Run Native Scanner + uses: boostsecurityio/boostsec-scanner-github@v4 + with: + api_token: ${{ secrets.BOOST_API_TOKEN }} + registry_module: boostsecurityio/native-scanner + + boost-safety: + name: Safety + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + - name: Run Safety + uses: boostsecurityio/boostsec-scanner-github@v4 + with: + api_token: ${{ secrets.BOOST_API_TOKEN }} + registry_module: boostsecurityio/safety + + boost-sbom: + name: SBOM + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + - name: Run SBOM + uses: boostsecurityio/boostsec-scanner-github@v4 + with: + api_token: ${{ secrets.BOOST_API_TOKEN }} + registry_module: boostsecurityio/trivy-sbom + + boost-semgrep: + name: semgrep + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + - name: Run semgrep + uses: boostsecurityio/boostsec-scanner-github@v4 + with: + api_token: ${{ secrets.BOOST_API_TOKEN }} + registry_module: boostsecurityio/semgrep + env: + SEMGREP_RULES: p/python p/r2c + From 5604b6db4420b24570ee8614dbcfc7b05f15bb90 Mon Sep 17 00:00:00 2001 From: "boostsecurity.io entropy" Date: Fri, 3 Feb 2023 17:58:21 +0000 Subject: [PATCH 30/40] Managed by boost-sandbox/terraform-entropy --- .github/workflows/boost-dev.yml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 .github/workflows/boost-dev.yml diff --git a/.github/workflows/boost-dev.yml b/.github/workflows/boost-dev.yml new file mode 100644 index 0000000000000..b6322339d28b3 --- /dev/null +++ b/.github/workflows/boost-dev.yml @@ -0,0 +1,18 @@ +name: boostsecurity.io +on: + workflow_dispatch: + push: + branches: + - master +jobs: + boost-sbom: + name: SBOM + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + - name: Run SBOM + uses: boostsecurityio/boostsec-scanner-github@v4 + with: + api_token: ${{ secrets.BOOST_API_TOKEN_DEV }} + registry_module: boostsecurityio/trivy-sbom From 9d712f2065f8c3b733d8402fc69585bfd5cb65c8 Mon Sep 17 00:00:00 2001 From: "boostsecurity.io entropy" Date: Fri, 3 Feb 2023 19:17:26 +0000 Subject: [PATCH 31/40] Managed by boost-sandbox/terraform-entropy --- .github/workflows/boost-dev.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/boost-dev.yml b/.github/workflows/boost-dev.yml index b6322339d28b3..b6a4ea17a1295 100644 --- a/.github/workflows/boost-dev.yml +++ b/.github/workflows/boost-dev.yml @@ -1,4 +1,4 @@ -name: boostsecurity.io +name: boostsecurity.io (Dev) on: workflow_dispatch: push: @@ -14,5 +14,6 @@ jobs: - name: Run SBOM uses: boostsecurityio/boostsec-scanner-github@v4 with: + api_endpoint: https://api.dev.boostsec.io api_token: ${{ secrets.BOOST_API_TOKEN_DEV }} registry_module: boostsecurityio/trivy-sbom From f2f25f3a8c87551b8de8f873c3bb69a9fd580725 Mon Sep 17 00:00:00 2001 From: "boost-entropy[bot]" <124375835+boost-entropy[bot]@users.noreply.github.com> Date: Mon, 6 Feb 2023 16:02:19 +0000 Subject: [PATCH 32/40] Delete .github/workflows/boost.yml --- .github/workflows/boost.yml | 72 ------------------------------------- 1 file changed, 72 deletions(-) delete mode 100644 .github/workflows/boost.yml diff --git a/.github/workflows/boost.yml b/.github/workflows/boost.yml deleted file mode 100644 index 27c74e219c730..0000000000000 --- a/.github/workflows/boost.yml +++ /dev/null @@ -1,72 +0,0 @@ -name: boostsecurity.io -on: - workflow_dispatch: - push: - branches: - - master -jobs: - boost-codeql: - name: CodeQL - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v3 - - name: Run CodeQL - uses: boostsecurityio/boostsec-scanner-github@v4 - with: - api_token: ${{ secrets.BOOST_API_TOKEN }} - registry_module: boostsecurityio/codeql - env: - CODEQL_LANGUAGE: python - - - boost-native: - name: Native Scanner - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v3 - - name: Run Native Scanner - uses: boostsecurityio/boostsec-scanner-github@v4 - with: - api_token: ${{ secrets.BOOST_API_TOKEN }} - registry_module: boostsecurityio/native-scanner - - boost-safety: - name: Safety - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v3 - - name: Run Safety - uses: boostsecurityio/boostsec-scanner-github@v4 - with: - api_token: ${{ secrets.BOOST_API_TOKEN }} - registry_module: boostsecurityio/safety - - boost-sbom: - name: SBOM - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v3 - - name: Run SBOM - uses: boostsecurityio/boostsec-scanner-github@v4 - with: - api_token: ${{ secrets.BOOST_API_TOKEN }} - registry_module: boostsecurityio/trivy-sbom - - boost-semgrep: - name: semgrep - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v3 - - name: Run semgrep - uses: boostsecurityio/boostsec-scanner-github@v4 - with: - api_token: ${{ secrets.BOOST_API_TOKEN }} - registry_module: boostsecurityio/semgrep - env: - SEMGREP_RULES: p/python p/r2c - From 882c9b90fea9b656165434dff0bdfdb94dc344c7 Mon Sep 17 00:00:00 2001 From: "boost-entropy[bot]" <124375835+boost-entropy[bot]@users.noreply.github.com> Date: Mon, 6 Feb 2023 16:02:37 +0000 Subject: [PATCH 33/40] Delete .github/workflows/boost-dev.yml --- .github/workflows/boost-dev.yml | 19 ------------------- 1 file changed, 19 deletions(-) delete mode 100644 .github/workflows/boost-dev.yml diff --git a/.github/workflows/boost-dev.yml b/.github/workflows/boost-dev.yml deleted file mode 100644 index b6a4ea17a1295..0000000000000 --- a/.github/workflows/boost-dev.yml +++ /dev/null @@ -1,19 +0,0 @@ -name: boostsecurity.io (Dev) -on: - workflow_dispatch: - push: - branches: - - master -jobs: - boost-sbom: - name: SBOM - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v3 - - name: Run SBOM - uses: boostsecurityio/boostsec-scanner-github@v4 - with: - api_endpoint: https://api.dev.boostsec.io - api_token: ${{ secrets.BOOST_API_TOKEN_DEV }} - registry_module: boostsecurityio/trivy-sbom From e2cab773cf31f792be2a395891ef8bd094eb86dd Mon Sep 17 00:00:00 2001 From: "boostsecurity.io entropy" Date: Wed, 1 Mar 2023 21:21:16 +0000 Subject: [PATCH 34/40] Managed by boost-sandbox/terraform-entropy --- .github/workflows/boost.yml | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 .github/workflows/boost.yml diff --git a/.github/workflows/boost.yml b/.github/workflows/boost.yml new file mode 100644 index 0000000000000..a36b7c02f83f5 --- /dev/null +++ b/.github/workflows/boost.yml @@ -0,0 +1,21 @@ +name: boostsecurity.io +on: + workflow_dispatch: + push: + branches: + - master +jobs: + boost-native-scanner-dev: + name: native-scanner-dev + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + - name: Run native-scanner-dev + uses: boostsecurityio/boostsec-scanner-github@v4 + with: + api_token: ${{ secrets.BOOST_API_TOKEN }} + registry_module: boostsecurityio/native-scanner + env: + BOOST_SCANNER_REGISTRY_REPO: https://github.com/boostsecurityio/scanner-testing#test-dev-native + From e5c94d3000fb94bec0d00976471f0115ef03e9c2 Mon Sep 17 00:00:00 2001 From: "boostsecurity.io entropy" Date: Thu, 2 Mar 2023 02:04:17 +0000 Subject: [PATCH 35/40] Managed by boost-sandbox/terraform-entropy --- .github/workflows/boost.yml | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/.github/workflows/boost.yml b/.github/workflows/boost.yml index a36b7c02f83f5..72fd1deeb1027 100644 --- a/.github/workflows/boost.yml +++ b/.github/workflows/boost.yml @@ -5,17 +5,26 @@ on: branches: - master jobs: - boost-native-scanner-dev: - name: native-scanner-dev + boost-native: + name: Native Scanner runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v3 - - name: Run native-scanner-dev + - name: Run Native Scanner uses: boostsecurityio/boostsec-scanner-github@v4 with: api_token: ${{ secrets.BOOST_API_TOKEN }} registry_module: boostsecurityio/native-scanner - env: - BOOST_SCANNER_REGISTRY_REPO: https://github.com/boostsecurityio/scanner-testing#test-dev-native - + + boost-sbom: + name: SBOM + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + - name: Run SBOM + uses: boostsecurityio/boostsec-scanner-github@v4 + with: + api_token: ${{ secrets.BOOST_API_TOKEN }} + registry_module: boostsecurityio/trivy-sbom From ff7f41780e200fd1c351315aefbb8050cc914f25 Mon Sep 17 00:00:00 2001 From: "boostsecurity.io entropy" Date: Thu, 6 Apr 2023 00:31:45 +0000 Subject: [PATCH 36/40] Managed by boost-sandbox/terraform-entropy --- .github/workflows/boost.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/boost.yml b/.github/workflows/boost.yml index 72fd1deeb1027..24a226a6aaca8 100644 --- a/.github/workflows/boost.yml +++ b/.github/workflows/boost.yml @@ -14,6 +14,7 @@ jobs: - name: Run Native Scanner uses: boostsecurityio/boostsec-scanner-github@v4 with: + cli_version: 1.0.0.rc140 api_token: ${{ secrets.BOOST_API_TOKEN }} registry_module: boostsecurityio/native-scanner @@ -26,5 +27,6 @@ jobs: - name: Run SBOM uses: boostsecurityio/boostsec-scanner-github@v4 with: + cli_version: 1.0.0.rc140 api_token: ${{ secrets.BOOST_API_TOKEN }} registry_module: boostsecurityio/trivy-sbom From 48c08b4accecd222ba230980cac8eeac7224e378 Mon Sep 17 00:00:00 2001 From: "boostsecurity.io entropy" Date: Mon, 10 Apr 2023 18:09:56 +0000 Subject: [PATCH 37/40] Managed by boost-sandbox/terraform-entropy --- .github/workflows/boost.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/boost.yml b/.github/workflows/boost.yml index 24a226a6aaca8..72fd1deeb1027 100644 --- a/.github/workflows/boost.yml +++ b/.github/workflows/boost.yml @@ -14,7 +14,6 @@ jobs: - name: Run Native Scanner uses: boostsecurityio/boostsec-scanner-github@v4 with: - cli_version: 1.0.0.rc140 api_token: ${{ secrets.BOOST_API_TOKEN }} registry_module: boostsecurityio/native-scanner @@ -27,6 +26,5 @@ jobs: - name: Run SBOM uses: boostsecurityio/boostsec-scanner-github@v4 with: - cli_version: 1.0.0.rc140 api_token: ${{ secrets.BOOST_API_TOKEN }} registry_module: boostsecurityio/trivy-sbom From 7c3b08ae8d6d234bed5a34741fffcd3d2d04f8a2 Mon Sep 17 00:00:00 2001 From: "boostsecurity.io entropy" Date: Thu, 27 Apr 2023 13:24:02 +0000 Subject: [PATCH 38/40] Managed by boost-sandbox/terraform-entropy --- .github/workflows/boost.yml | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/.github/workflows/boost.yml b/.github/workflows/boost.yml index 72fd1deeb1027..cc90366876e02 100644 --- a/.github/workflows/boost.yml +++ b/.github/workflows/boost.yml @@ -28,3 +28,18 @@ jobs: with: api_token: ${{ secrets.BOOST_API_TOKEN }} registry_module: boostsecurityio/trivy-sbom + + boost-semgrep-dev: + name: semgrep-dev + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + - name: Run semgrep-dev + uses: boostsecurityio/boostsec-scanner-github@v4 + with: + api_token: ${{ secrets.BOOST_API_TOKEN }} + registry_module: boostsecurityio/semgrep + env: + BOOST_SCANNER_REGISTRY_REPO: https://github.com/boostsecurityio/scanner-testing + From 9eb85c959b3b47d2232ee795fc7d38af097cc7a6 Mon Sep 17 00:00:00 2001 From: "boostsecurity.io entropy" Date: Fri, 21 Jul 2023 15:06:54 +0000 Subject: [PATCH 39/40] Managed by boost-sandbox/terraform-entropy --- .github/workflows/boost.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/boost.yml b/.github/workflows/boost.yml index cc90366876e02..38ce1e06b3931 100644 --- a/.github/workflows/boost.yml +++ b/.github/workflows/boost.yml @@ -15,7 +15,7 @@ jobs: uses: boostsecurityio/boostsec-scanner-github@v4 with: api_token: ${{ secrets.BOOST_API_TOKEN }} - registry_module: boostsecurityio/native-scanner + registry_module: boostsecurityio/scanner boost-sbom: name: SBOM @@ -29,17 +29,17 @@ jobs: api_token: ${{ secrets.BOOST_API_TOKEN }} registry_module: boostsecurityio/trivy-sbom - boost-semgrep-dev: - name: semgrep-dev + boost-semgrep: + name: semgrep runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v3 - - name: Run semgrep-dev + - name: Run semgrep uses: boostsecurityio/boostsec-scanner-github@v4 with: api_token: ${{ secrets.BOOST_API_TOKEN }} registry_module: boostsecurityio/semgrep env: - BOOST_SCANNER_REGISTRY_REPO: https://github.com/boostsecurityio/scanner-testing + SEMGREP_RULES: p/ci From aa6d6c3f7a53e7e008929a96be797342375109a4 Mon Sep 17 00:00:00 2001 From: "boostsecurity.io entropy" Date: Wed, 12 Jun 2024 15:16:12 +0000 Subject: [PATCH 40/40] Managed by boost-sandbox/terraform-entropy --- .github/workflows/boost.yml | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/.github/workflows/boost.yml b/.github/workflows/boost.yml index 38ce1e06b3931..97a11b0305479 100644 --- a/.github/workflows/boost.yml +++ b/.github/workflows/boost.yml @@ -5,6 +5,18 @@ on: branches: - master jobs: + boost-gitleaks: + name: gitleaks + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + - name: Run gitleaks + uses: boostsecurityio/boostsec-scanner-github@v4 + with: + api_token: ${{ secrets.BOOST_API_TOKEN }} + registry_module: boostsecurityio/gitleaks + boost-native: name: Native Scanner runs-on: ubuntu-latest @@ -17,6 +29,18 @@ jobs: api_token: ${{ secrets.BOOST_API_TOKEN }} registry_module: boostsecurityio/scanner + boost-osv-scanner: + name: osv-scanner + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + - name: Run osv-scanner + uses: boostsecurityio/boostsec-scanner-github@v4 + with: + api_token: ${{ secrets.BOOST_API_TOKEN }} + registry_module: boostsecurityio/osv-scanner + boost-sbom: name: SBOM runs-on: ubuntu-latest @@ -29,6 +53,18 @@ jobs: api_token: ${{ secrets.BOOST_API_TOKEN }} registry_module: boostsecurityio/trivy-sbom + boost-sca: + name: Trivy FS SCA + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + - name: Run Trivy FS SCA + uses: boostsecurityio/boostsec-scanner-github@v4 + with: + api_token: ${{ secrets.BOOST_API_TOKEN }} + registry_module: boostsecurityio/trivy-fs + boost-semgrep: name: semgrep runs-on: ubuntu-latest