From eb7ca8fc981429c28024ab1414128009130348d6 Mon Sep 17 00:00:00 2001 From: ShiftLeft Date: Wed, 30 Nov 2022 09:45:40 -0500 Subject: [PATCH 001/170] adding ShiftLeft GitHub action --- .github/workflows/shiftleft.yml | 60 +++++++++++++++++++++++++++++++++ 1 file changed, 60 insertions(+) create mode 100644 .github/workflows/shiftleft.yml diff --git a/.github/workflows/shiftleft.yml b/.github/workflows/shiftleft.yml new file mode 100644 index 00000000..e76a95c7 --- /dev/null +++ b/.github/workflows/shiftleft.yml @@ -0,0 +1,60 @@ + +--- +# This workflow integrates ShiftLeft NG SAST with GitHub +# Visit https://docs.shiftleft.io for help +name: ShiftLeft + +on: + pull_request: + workflow_dispatch: + +jobs: + NextGen-Static-Analysis: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + # We are building this application with Java 11 + - name: Setup Java JDK + uses: actions/setup-java@v3 + with: + java-version: 11.0.x + distribution: zulu + - name: Package with maven + run: mvn compile package + - name: Download ShiftLeft CLI + run: | + curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl + # ShiftLeft requires Java 1.8. Post the package step override the version + - name: Setup Java JDK + uses: actions/setup-java@v3 + with: + distribution: zulu + java-version: 8 + - name: Extract branch name + shell: bash + run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})" + id: extract_branch + - name: NextGen Static Analysis + run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app shiftleft-java-demo --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --cpg --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar + env: + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} + + Build-Rules: + runs-on: ubuntu-latest + needs: NextGen-Static-Analysis + steps: + - uses: actions/checkout@v3 + - name: Download ShiftLeft CLI + run: | + curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl + - name: Validate Build Rules + run: | + ${GITHUB_WORKSPACE}/sl check-analysis --app shiftleft-java-demo \ + --github-pr-number=${{github.event.number}} \ + --github-pr-user=${{ github.repository_owner }} \ + --github-pr-repo=${{ github.event.repository.name }} \ + --github-token=${{ secrets.GITHUB_TOKEN }} + env: + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} + + \ No newline at end of file From b092bb2fd32aa7dbc93707849bb3904beecd6d13 Mon Sep 17 00:00:00 2001 From: ShiftLeft Date: Thu, 23 Feb 2023 12:24:31 -0500 Subject: [PATCH 002/170] adding ShiftLeft GitHub action From a162e4d003b916437169d232513197e1842e88df Mon Sep 17 00:00:00 2001 From: ShiftLeft Date: Thu, 9 Mar 2023 11:43:30 -0500 Subject: [PATCH 003/170] adding ShiftLeft GitHub action From 104657e074dc20625229896365f88bb80f723e0e Mon Sep 17 00:00:00 2001 From: ShiftLeft Date: Mon, 13 Mar 2023 12:16:39 -0400 Subject: [PATCH 004/170] adding ShiftLeft GitHub action From 6e1e57d4cc0708e065b4380fb3326fe0d125725c Mon Sep 17 00:00:00 2001 From: ShiftLeft Date: Wed, 15 Mar 2023 18:03:22 -0400 Subject: [PATCH 005/170] adding ShiftLeft GitHub action From e196b1fa6bf1fbf15c0f6115cabfe36b9b4e8092 Mon Sep 17 00:00:00 2001 From: ShiftLeft Date: Thu, 16 Mar 2023 09:00:55 -0400 Subject: [PATCH 006/170] adding ShiftLeft GitHub action From 18f3a47e4662dea5b09637983d553a3d9ddb8c95 Mon Sep 17 00:00:00 2001 From: ShiftLeft Date: Thu, 16 Mar 2023 10:33:01 -0400 Subject: [PATCH 007/170] adding ShiftLeft GitHub action From 5230e1ad18edd48663df71a7eff375d9fba46afb Mon Sep 17 00:00:00 2001 From: ShiftLeft Date: Thu, 16 Mar 2023 10:44:37 -0400 Subject: [PATCH 008/170] adding ShiftLeft GitHub action From 6e6aab64a98f2af01c6dca3caaa888771985170c Mon Sep 17 00:00:00 2001 From: ShiftLeft Date: Thu, 16 Mar 2023 10:55:04 -0400 Subject: [PATCH 009/170] adding ShiftLeft GitHub action From 92fe0846786d19ba4aeb52dfe9a57ee6c60785c9 Mon Sep 17 00:00:00 2001 From: ShiftLeft Date: Mon, 10 Apr 2023 08:48:13 -0400 Subject: [PATCH 010/170] adding ShiftLeft GitHub action --- .github/workflows/shiftleft.yml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/.github/workflows/shiftleft.yml b/.github/workflows/shiftleft.yml index e76a95c7..24fe3089 100644 --- a/.github/workflows/shiftleft.yml +++ b/.github/workflows/shiftleft.yml @@ -38,7 +38,9 @@ jobs: run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app shiftleft-java-demo --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --cpg --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar env: SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} - + SHIFTLEFT_API_HOST: www.shiftleft.io + SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 + SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 Build-Rules: runs-on: ubuntu-latest needs: NextGen-Static-Analysis @@ -56,5 +58,7 @@ jobs: --github-token=${{ secrets.GITHUB_TOKEN }} env: SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} - + SHIFTLEFT_API_HOST: www.shiftleft.io + SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 + SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 \ No newline at end of file From 4b3ea99ee43bdf4ed0b15b1597faae0a08fdb0b9 Mon Sep 17 00:00:00 2001 From: ShiftLeft Date: Tue, 11 Apr 2023 10:20:01 -0400 Subject: [PATCH 011/170] adding ShiftLeft GitHub action From ea9954b7b1ff92443a8c29504c6c431969d88d54 Mon Sep 17 00:00:00 2001 From: ShiftLeft Date: Tue, 11 Apr 2023 15:45:23 -0400 Subject: [PATCH 012/170] adding ShiftLeft GitHub action From c5306076b06424c1178a764755acd53e0a6e7d58 Mon Sep 17 00:00:00 2001 From: ShiftLeft Date: Thu, 20 Apr 2023 11:03:25 -0400 Subject: [PATCH 013/170] adding ShiftLeft GitHub action From faebafd6b857bbf15653279d6fa70c627e3a58ef Mon Sep 17 00:00:00 2001 From: ShiftLeft Date: Mon, 1 May 2023 09:28:54 -0400 Subject: [PATCH 014/170] adding ShiftLeft GitHub action From 5ede6ecb2f2878782d6fe0343dde2e742befbf5a Mon Sep 17 00:00:00 2001 From: ShiftLeft Date: Tue, 2 May 2023 23:06:18 -0400 Subject: [PATCH 015/170] adding ShiftLeft GitHub action From b61d26f329138a1f5c7dea7120215e3b33ea9abc Mon Sep 17 00:00:00 2001 From: ShiftLeft Date: Tue, 2 May 2023 23:17:07 -0400 Subject: [PATCH 016/170] adding ShiftLeft GitHub action From e5f21c0e8ef6c2f2651ab0dea30732b81e789241 Mon Sep 17 00:00:00 2001 From: ShiftLeft Date: Tue, 16 May 2023 10:57:13 -0400 Subject: [PATCH 017/170] adding ShiftLeft GitHub action From 82ef06ac96984361f0a945f5609fcba2db8db523 Mon Sep 17 00:00:00 2001 From: ShiftLeft Date: Tue, 16 May 2023 12:31:30 -0400 Subject: [PATCH 018/170] adding ShiftLeft GitHub action From aae85510cc027a06aadaa4faa9c4ec5a236d5d4d Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Fri, 19 May 2023 16:52:32 -0400 Subject: [PATCH 019/170] Update shiftleft.yml --- .github/workflows/shiftleft.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/shiftleft.yml b/.github/workflows/shiftleft.yml index 24fe3089..4889145c 100644 --- a/.github/workflows/shiftleft.yml +++ b/.github/workflows/shiftleft.yml @@ -20,7 +20,7 @@ jobs: java-version: 11.0.x distribution: zulu - name: Package with maven - run: mvn compile package + run: bazel build - name: Download ShiftLeft CLI run: | curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl @@ -61,4 +61,4 @@ jobs: SHIFTLEFT_API_HOST: www.shiftleft.io SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 - \ No newline at end of file + From d036bd16f4f0c993c9f9a9bf106c60531adc2961 Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Fri, 19 May 2023 16:55:14 -0400 Subject: [PATCH 020/170] Create WORKSPACE --- WORKSPACE | 1 + 1 file changed, 1 insertion(+) create mode 100644 WORKSPACE diff --git a/WORKSPACE b/WORKSPACE new file mode 100644 index 00000000..8b137891 --- /dev/null +++ b/WORKSPACE @@ -0,0 +1 @@ + From 3ce4abbe6fed4482c67cca94c73a164c235092fe Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Fri, 19 May 2023 16:56:51 -0400 Subject: [PATCH 021/170] Update shiftleft.yml --- .github/workflows/shiftleft.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/shiftleft.yml b/.github/workflows/shiftleft.yml index 4889145c..5d6bc5af 100644 --- a/.github/workflows/shiftleft.yml +++ b/.github/workflows/shiftleft.yml @@ -20,7 +20,7 @@ jobs: java-version: 11.0.x distribution: zulu - name: Package with maven - run: bazel build + run: mvn compile package - name: Download ShiftLeft CLI run: | curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl From b2bc4ca3aacd501d331a9e7e23400b92d4d2b7f7 Mon Sep 17 00:00:00 2001 From: ShiftLeft Date: Tue, 30 May 2023 12:05:57 -0400 Subject: [PATCH 022/170] adding ShiftLeft GitHub action --- .github/workflows/shiftleft.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/shiftleft.yml b/.github/workflows/shiftleft.yml index 5d6bc5af..24fe3089 100644 --- a/.github/workflows/shiftleft.yml +++ b/.github/workflows/shiftleft.yml @@ -61,4 +61,4 @@ jobs: SHIFTLEFT_API_HOST: www.shiftleft.io SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 - + \ No newline at end of file From 716a2e289aea2bfd12123829e0f5de136c512c01 Mon Sep 17 00:00:00 2001 From: ShiftLeft Date: Thu, 8 Jun 2023 07:57:30 -0400 Subject: [PATCH 023/170] adding ShiftLeft GitHub action From 7b1a7f0bc11eb083a5ddc74d21f35207fe9196d9 Mon Sep 17 00:00:00 2001 From: ShiftLeft Date: Tue, 27 Jun 2023 09:25:13 -0400 Subject: [PATCH 024/170] adding ShiftLeft GitHub action From 32d57518b8323e34696c395033ad0fa22a22cc6a Mon Sep 17 00:00:00 2001 From: ShiftLeft Date: Tue, 27 Jun 2023 14:13:23 -0400 Subject: [PATCH 025/170] adding ShiftLeft GitHub action From df0be9c2ad3dab5c2eb30c854e29009d27b96eb6 Mon Sep 17 00:00:00 2001 From: ShiftLeft Date: Fri, 7 Jul 2023 10:54:16 -0400 Subject: [PATCH 026/170] adding ShiftLeft GitHub action From 5f46a97c5a189247663d5e169a13148648a5eea4 Mon Sep 17 00:00:00 2001 From: ShiftLeft Date: Mon, 10 Jul 2023 14:10:19 -0400 Subject: [PATCH 027/170] adding ShiftLeft GitHub action From 30468f5f0e453c04a37d8054a6371c309313da55 Mon Sep 17 00:00:00 2001 From: ShiftLeft Date: Wed, 19 Jul 2023 15:40:06 -0400 Subject: [PATCH 028/170] adding ShiftLeft GitHub action From 8dfb516e6c1c39341aa4f83d4a5e20aa0dd430e4 Mon Sep 17 00:00:00 2001 From: ShiftLeft Date: Mon, 24 Jul 2023 11:03:37 -0400 Subject: [PATCH 029/170] adding ShiftLeft GitHub action From 5900221474b38a9873098f5e6da3576395c486fb Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Tue, 25 Jul 2023 12:19:10 -0400 Subject: [PATCH 030/170] Update shiftleft.yml --- .github/workflows/shiftleft.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/shiftleft.yml b/.github/workflows/shiftleft.yml index 24fe3089..143ca090 100644 --- a/.github/workflows/shiftleft.yml +++ b/.github/workflows/shiftleft.yml @@ -35,7 +35,7 @@ jobs: run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})" id: extract_branch - name: NextGen Static Analysis - run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app shiftleft-java-demo --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --cpg --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar + run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app shiftleft-java-demo --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --cpg --cpg-generation-timeout 90m --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar env: SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} SHIFTLEFT_API_HOST: www.shiftleft.io @@ -61,4 +61,4 @@ jobs: SHIFTLEFT_API_HOST: www.shiftleft.io SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 - \ No newline at end of file + From 2737d2f4adeee1fa4b21825cbe99d528b76f9abf Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Wed, 26 Jul 2023 11:35:37 -0400 Subject: [PATCH 031/170] Update shiftleft.yml --- .github/workflows/shiftleft.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/shiftleft.yml b/.github/workflows/shiftleft.yml index 143ca090..5ddb6702 100644 --- a/.github/workflows/shiftleft.yml +++ b/.github/workflows/shiftleft.yml @@ -35,7 +35,7 @@ jobs: run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})" id: extract_branch - name: NextGen Static Analysis - run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app shiftleft-java-demo --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --cpg --cpg-generation-timeout 90m --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar + run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app qwietai-java-demo --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --cpg --cpg-generation-timeout 90m --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar env: SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} SHIFTLEFT_API_HOST: www.shiftleft.io From d1d1cb775e025c175544d203519a83e6c16f0843 Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Wed, 26 Jul 2023 11:56:21 -0400 Subject: [PATCH 032/170] Update shiftleft.yml --- .github/workflows/shiftleft.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/shiftleft.yml b/.github/workflows/shiftleft.yml index 5ddb6702..150636c0 100644 --- a/.github/workflows/shiftleft.yml +++ b/.github/workflows/shiftleft.yml @@ -51,7 +51,7 @@ jobs: curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl - name: Validate Build Rules run: | - ${GITHUB_WORKSPACE}/sl check-analysis --app shiftleft-java-demo \ + ${GITHUB_WORKSPACE}/sl check-analysis --app qwietai-java-demo \ --github-pr-number=${{github.event.number}} \ --github-pr-user=${{ github.repository_owner }} \ --github-pr-repo=${{ github.event.repository.name }} \ From 0732345566727bb67c423ee4294caf3791af0cff Mon Sep 17 00:00:00 2001 From: ShiftLeft Date: Wed, 26 Jul 2023 14:07:15 -0400 Subject: [PATCH 033/170] adding ShiftLeft GitHub action --- .github/workflows/shiftleft.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/shiftleft.yml b/.github/workflows/shiftleft.yml index 150636c0..24fe3089 100644 --- a/.github/workflows/shiftleft.yml +++ b/.github/workflows/shiftleft.yml @@ -35,7 +35,7 @@ jobs: run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})" id: extract_branch - name: NextGen Static Analysis - run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app qwietai-java-demo --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --cpg --cpg-generation-timeout 90m --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar + run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app shiftleft-java-demo --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --cpg --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar env: SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} SHIFTLEFT_API_HOST: www.shiftleft.io @@ -51,7 +51,7 @@ jobs: curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl - name: Validate Build Rules run: | - ${GITHUB_WORKSPACE}/sl check-analysis --app qwietai-java-demo \ + ${GITHUB_WORKSPACE}/sl check-analysis --app shiftleft-java-demo \ --github-pr-number=${{github.event.number}} \ --github-pr-user=${{ github.repository_owner }} \ --github-pr-repo=${{ github.event.repository.name }} \ @@ -61,4 +61,4 @@ jobs: SHIFTLEFT_API_HOST: www.shiftleft.io SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 - + \ No newline at end of file From 9a8e55d2d884ea63c66fba74f9cdf1fca04b2871 Mon Sep 17 00:00:00 2001 From: ShiftLeft Date: Mon, 7 Aug 2023 11:35:25 -0400 Subject: [PATCH 034/170] adding ShiftLeft GitHub action From f3e290b2a71524c0ad030016593ee4c6d50653c5 Mon Sep 17 00:00:00 2001 From: ShiftLeft Date: Mon, 7 Aug 2023 20:09:59 -0400 Subject: [PATCH 035/170] adding ShiftLeft GitHub action From bbf282561e15fcf18db0e93ce050a79e0b861040 Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Mon, 7 Aug 2023 22:44:35 -0400 Subject: [PATCH 036/170] Create test.yml --- .github/workflows/test.yml | 57 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+) create mode 100644 .github/workflows/test.yml diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml new file mode 100644 index 00000000..0ef1c21d --- /dev/null +++ b/.github/workflows/test.yml @@ -0,0 +1,57 @@ + +--- +# This workflow integrates ShiftLeft NG SAST with GitHub +# Visit https://docs.shiftleft.io for help +name: ShiftLeft + +on: + pull_request: + workflow_dispatch: + +jobs: + NextGen-Static-Analysis: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + # We are building this application with Java 11 + - name: Setup Java JDK + uses: actions/setup-java@v1.4.3 + with: + java-version: 1.8 + - name: Package with maven + run: mvn compile package + - name: Download ShiftLeft CLI + run: | + curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl + - name: Extract branch name + shell: bash + run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})" + id: extract_branch + - name: NextGen Static Analysis + run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app shiftleft-java-demo --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --cpg --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar + env: + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} + SHIFTLEFT_API_HOST: www.shiftleft.io + SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 + SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 + Build-Rules: + runs-on: ubuntu-latest + needs: NextGen-Static-Analysis + steps: + - uses: actions/checkout@v3 + - name: Download ShiftLeft CLI + run: | + curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl + - name: Validate Build Rules + run: | + ${GITHUB_WORKSPACE}/sl check-analysis --app shiftleft-java-demo \ + --github-pr-number=${{github.event.number}} \ + --github-pr-user=${{ github.repository_owner }} \ + --github-pr-repo=${{ github.event.repository.name }} \ + --github-token=${{ secrets.GITHUB_TOKEN }} + env: + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} + SHIFTLEFT_API_HOST: www.shiftleft.io + SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 + SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 + From 4db4eb7e89c07f156c36736aecfc30cf8d8ffc7b Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Mon, 7 Aug 2023 22:44:59 -0400 Subject: [PATCH 037/170] Update test.yml --- .github/workflows/test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 0ef1c21d..b2099b39 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -2,7 +2,7 @@ --- # This workflow integrates ShiftLeft NG SAST with GitHub # Visit https://docs.shiftleft.io for help -name: ShiftLeft +name: TestYml on: pull_request: From bae7ea46f1dc1ee3609e51ee2d9db4f64bf16609 Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Mon, 7 Aug 2023 22:46:59 -0400 Subject: [PATCH 038/170] Update test.yml --- .github/workflows/test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index b2099b39..08bd9b11 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -2,7 +2,7 @@ --- # This workflow integrates ShiftLeft NG SAST with GitHub # Visit https://docs.shiftleft.io for help -name: TestYml +name: QwietTest on: pull_request: From 83ac586b28d3ccc213114143903583eaacd6f9bf Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Mon, 7 Aug 2023 22:48:05 -0400 Subject: [PATCH 039/170] Update test.yml --- .github/workflows/test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 08bd9b11..42174e3a 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -23,7 +23,7 @@ jobs: - name: Download ShiftLeft CLI run: | curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl - - name: Extract branch name + - name: Extract branch name shell: bash run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})" id: extract_branch From 22989fc494817e0ac45572a1caeb94cd605d9706 Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Mon, 7 Aug 2023 23:00:02 -0400 Subject: [PATCH 040/170] Update test.yml --- .github/workflows/test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 42174e3a..6266484e 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -19,7 +19,7 @@ jobs: with: java-version: 1.8 - name: Package with maven - run: mvn compile package + run: mvn clean package - name: Download ShiftLeft CLI run: | curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl From 5e0bd661fe1c1dd4e76e4909bdada995dbcea18e Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Tue, 15 Aug 2023 01:12:20 -0400 Subject: [PATCH 041/170] Update shiftleft.yml --- .github/workflows/shiftleft.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/shiftleft.yml b/.github/workflows/shiftleft.yml index 24fe3089..4da78494 100644 --- a/.github/workflows/shiftleft.yml +++ b/.github/workflows/shiftleft.yml @@ -2,7 +2,7 @@ --- # This workflow integrates ShiftLeft NG SAST with GitHub # Visit https://docs.shiftleft.io for help -name: ShiftLeft +name: Qwiet on: pull_request: @@ -35,7 +35,7 @@ jobs: run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})" id: extract_branch - name: NextGen Static Analysis - run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app shiftleft-java-demo --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --cpg --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar + run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app qwietai-java-demo --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --cpg --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar env: SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} SHIFTLEFT_API_HOST: www.shiftleft.io @@ -61,4 +61,4 @@ jobs: SHIFTLEFT_API_HOST: www.shiftleft.io SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 - \ No newline at end of file + From 5e076327531cebb04de1044d5af2a751f9d7ba26 Mon Sep 17 00:00:00 2001 From: ShiftLeft Date: Tue, 15 Aug 2023 11:47:38 -0400 Subject: [PATCH 042/170] adding ShiftLeft GitHub action --- .github/workflows/shiftleft.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/shiftleft.yml b/.github/workflows/shiftleft.yml index 4da78494..24fe3089 100644 --- a/.github/workflows/shiftleft.yml +++ b/.github/workflows/shiftleft.yml @@ -2,7 +2,7 @@ --- # This workflow integrates ShiftLeft NG SAST with GitHub # Visit https://docs.shiftleft.io for help -name: Qwiet +name: ShiftLeft on: pull_request: @@ -35,7 +35,7 @@ jobs: run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})" id: extract_branch - name: NextGen Static Analysis - run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app qwietai-java-demo --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --cpg --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar + run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app shiftleft-java-demo --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --cpg --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar env: SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} SHIFTLEFT_API_HOST: www.shiftleft.io @@ -61,4 +61,4 @@ jobs: SHIFTLEFT_API_HOST: www.shiftleft.io SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 - + \ No newline at end of file From d4f73c7fb28ab8b707ea81276a11089b2c77f8f0 Mon Sep 17 00:00:00 2001 From: ShiftLeft Date: Tue, 22 Aug 2023 08:20:41 -0400 Subject: [PATCH 043/170] adding ShiftLeft GitHub action From b0e825f16962ac643e16b2dc746fc9b3befae403 Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Tue, 22 Aug 2023 23:58:51 -0400 Subject: [PATCH 044/170] Update test.yml --- .github/workflows/test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 6266484e..7f88e105 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -28,7 +28,7 @@ jobs: run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})" id: extract_branch - name: NextGen Static Analysis - run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app shiftleft-java-demo --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --cpg --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar + run: ${GITHUB_WORKSPACE}/SHIFTLEFT_SBOM_GENERATOR=2 sl analyze --strict --wait --app qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar env: SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} SHIFTLEFT_API_HOST: www.shiftleft.io From 6ae6abb3fb1dbeeb04678eba6e750f169bf59687 Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Wed, 23 Aug 2023 00:00:44 -0400 Subject: [PATCH 045/170] Update shiftleft.yml --- .github/workflows/shiftleft.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/shiftleft.yml b/.github/workflows/shiftleft.yml index 24fe3089..867ab3b0 100644 --- a/.github/workflows/shiftleft.yml +++ b/.github/workflows/shiftleft.yml @@ -35,7 +35,7 @@ jobs: run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})" id: extract_branch - name: NextGen Static Analysis - run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app shiftleft-java-demo --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --cpg --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar + run: ${GITHUB_WORKSPACE}/SHIFTLEFT_SBOM_GENERATOR=2 sl analyze --strict --wait --app qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --cpg --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar env: SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} SHIFTLEFT_API_HOST: www.shiftleft.io @@ -61,4 +61,4 @@ jobs: SHIFTLEFT_API_HOST: www.shiftleft.io SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 - \ No newline at end of file + From a2fb3c605774c5b8a1680cbc010cb904fdc7fe8c Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Wed, 23 Aug 2023 00:02:34 -0400 Subject: [PATCH 046/170] Update shiftleft.yml --- .github/workflows/shiftleft.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/shiftleft.yml b/.github/workflows/shiftleft.yml index 867ab3b0..e73c465e 100644 --- a/.github/workflows/shiftleft.yml +++ b/.github/workflows/shiftleft.yml @@ -35,7 +35,7 @@ jobs: run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})" id: extract_branch - name: NextGen Static Analysis - run: ${GITHUB_WORKSPACE}/SHIFTLEFT_SBOM_GENERATOR=2 sl analyze --strict --wait --app qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --cpg --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar + run: ${GITHUB_WORKSPACE}/ SHIFTLEFT_SBOM_GENERATOR=2 sl analyze --strict --wait --app qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --cpg --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar env: SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} SHIFTLEFT_API_HOST: www.shiftleft.io From 4831f7df51a7705c8e83a951a632e3fc9c0352f2 Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Wed, 23 Aug 2023 00:04:28 -0400 Subject: [PATCH 047/170] Update shiftleft.yml --- .github/workflows/shiftleft.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/shiftleft.yml b/.github/workflows/shiftleft.yml index e73c465e..c6ded4b6 100644 --- a/.github/workflows/shiftleft.yml +++ b/.github/workflows/shiftleft.yml @@ -35,7 +35,7 @@ jobs: run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})" id: extract_branch - name: NextGen Static Analysis - run: ${GITHUB_WORKSPACE}/ SHIFTLEFT_SBOM_GENERATOR=2 sl analyze --strict --wait --app qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --cpg --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar + run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --cpg --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar env: SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} SHIFTLEFT_API_HOST: www.shiftleft.io From 99b67668c1d82281f17f57fe8f327b80ce6b0060 Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Tue, 29 Aug 2023 23:19:53 -0400 Subject: [PATCH 048/170] Update shiftleft.yml --- .github/workflows/shiftleft.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/shiftleft.yml b/.github/workflows/shiftleft.yml index c6ded4b6..c8aafdb8 100644 --- a/.github/workflows/shiftleft.yml +++ b/.github/workflows/shiftleft.yml @@ -2,7 +2,7 @@ --- # This workflow integrates ShiftLeft NG SAST with GitHub # Visit https://docs.shiftleft.io for help -name: ShiftLeft +name: Qwiet on: pull_request: @@ -21,10 +21,10 @@ jobs: distribution: zulu - name: Package with maven run: mvn compile package - - name: Download ShiftLeft CLI + - name: Download Qwiet CLI run: | curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl - # ShiftLeft requires Java 1.8. Post the package step override the version + # Qwiet requires Java 1.8. Post the package step override the version - name: Setup Java JDK uses: actions/setup-java@v3 with: @@ -35,7 +35,7 @@ jobs: run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})" id: extract_branch - name: NextGen Static Analysis - run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --cpg --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar + run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --cpg --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar env: SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} SHIFTLEFT_API_HOST: www.shiftleft.io @@ -51,7 +51,7 @@ jobs: curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl - name: Validate Build Rules run: | - ${GITHUB_WORKSPACE}/sl check-analysis --app shiftleft-java-demo \ + ${GITHUB_WORKSPACE}/sl check-analysis --app Qwiet-java-GH \ --github-pr-number=${{github.event.number}} \ --github-pr-user=${{ github.repository_owner }} \ --github-pr-repo=${{ github.event.repository.name }} \ From c336d6a33f9c72f6f408a0824aec23f7e3008b80 Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Thu, 31 Aug 2023 09:57:52 -0400 Subject: [PATCH 049/170] Update shiftleft.yml --- .github/workflows/shiftleft.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/shiftleft.yml b/.github/workflows/shiftleft.yml index c8aafdb8..f614263c 100644 --- a/.github/workflows/shiftleft.yml +++ b/.github/workflows/shiftleft.yml @@ -7,7 +7,9 @@ name: Qwiet on: pull_request: workflow_dispatch: - + schedule: + # * is a special character in YAML so you have to quote this string + - cron: '30 5,17 * * *' jobs: NextGen-Static-Analysis: runs-on: ubuntu-latest From 1b3e5b4d6b118fb8f927f8e713426e481795f13f Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Mon, 11 Sep 2023 21:18:09 -0400 Subject: [PATCH 050/170] Update test.yml --- .github/workflows/test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 7f88e105..f25b9695 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -28,7 +28,7 @@ jobs: run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})" id: extract_branch - name: NextGen Static Analysis - run: ${GITHUB_WORKSPACE}/SHIFTLEFT_SBOM_GENERATOR=2 sl analyze --strict --wait --app qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar + run: ${GITHUB_WORKSPACE}/SHIFTLEFT_SBOM_GENERATOR=2 sl analyze --strict --wait --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar env: SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} SHIFTLEFT_API_HOST: www.shiftleft.io From 831f16be4252112eba41c7a1725b267754bd7f74 Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Mon, 11 Sep 2023 21:20:22 -0400 Subject: [PATCH 051/170] Update test.yml --- .github/workflows/test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index f25b9695..9099f368 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -28,7 +28,7 @@ jobs: run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})" id: extract_branch - name: NextGen Static Analysis - run: ${GITHUB_WORKSPACE}/SHIFTLEFT_SBOM_GENERATOR=2 sl analyze --strict --wait --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar + run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar env: SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} SHIFTLEFT_API_HOST: www.shiftleft.io From e02d83294af9b938f9739c2be653d00a366f7d07 Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Tue, 26 Sep 2023 13:56:21 -0400 Subject: [PATCH 052/170] Update shiftleft.yml --- .github/workflows/shiftleft.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/shiftleft.yml b/.github/workflows/shiftleft.yml index f614263c..c0e320ff 100644 --- a/.github/workflows/shiftleft.yml +++ b/.github/workflows/shiftleft.yml @@ -37,7 +37,8 @@ jobs: run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})" id: extract_branch - name: NextGen Static Analysis - run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --cpg --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar + #run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --cpg --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar + run: ${GITHUB_WORKSPACE}/sl analyze . env: SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} SHIFTLEFT_API_HOST: www.shiftleft.io From 17ee0f1e39a13eb960846b5d6e08da8d8cc3e80d Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Tue, 26 Sep 2023 13:59:46 -0400 Subject: [PATCH 053/170] Update shiftleft.yml --- .github/workflows/shiftleft.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/shiftleft.yml b/.github/workflows/shiftleft.yml index c0e320ff..98c64e19 100644 --- a/.github/workflows/shiftleft.yml +++ b/.github/workflows/shiftleft.yml @@ -38,7 +38,7 @@ jobs: id: extract_branch - name: NextGen Static Analysis #run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --cpg --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar - run: ${GITHUB_WORKSPACE}/sl analyze . + run: ${GITHUB_WORKSPACE}/sl analyze --app Qwiet-java-GH . env: SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} SHIFTLEFT_API_HOST: www.shiftleft.io From e0a599f44aba59b07212e1ac1e50fdd28316e158 Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Tue, 26 Sep 2023 14:03:49 -0400 Subject: [PATCH 054/170] Update shiftleft.yml --- .github/workflows/shiftleft.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/shiftleft.yml b/.github/workflows/shiftleft.yml index 98c64e19..caf58ebf 100644 --- a/.github/workflows/shiftleft.yml +++ b/.github/workflows/shiftleft.yml @@ -38,7 +38,7 @@ jobs: id: extract_branch - name: NextGen Static Analysis #run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --cpg --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar - run: ${GITHUB_WORKSPACE}/sl analyze --app Qwiet-java-GH . + run: ${GITHUB_WORKSPACE}/sl analyze --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --container 18fgsa/s3-resource . env: SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} SHIFTLEFT_API_HOST: www.shiftleft.io From 46bc14dd313b4b1171f71caf38e263dc8e6d6110 Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Tue, 26 Sep 2023 14:07:54 -0400 Subject: [PATCH 055/170] Update shiftleft.yml --- .github/workflows/shiftleft.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/shiftleft.yml b/.github/workflows/shiftleft.yml index caf58ebf..9a3d51ff 100644 --- a/.github/workflows/shiftleft.yml +++ b/.github/workflows/shiftleft.yml @@ -37,8 +37,8 @@ jobs: run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})" id: extract_branch - name: NextGen Static Analysis - #run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --cpg --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar - run: ${GITHUB_WORKSPACE}/sl analyze --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --container 18fgsa/s3-resource . + run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --cpg --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar + #run: ${GITHUB_WORKSPACE}/sl analyze --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --container 18fgsa/s3-resource . env: SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} SHIFTLEFT_API_HOST: www.shiftleft.io From 41d031aa8b45f8c4183f221d95c3e11dcf01e16e Mon Sep 17 00:00:00 2001 From: ShiftLeft Date: Mon, 9 Oct 2023 08:11:45 -0400 Subject: [PATCH 056/170] adding ShiftLeft GitHub action --- .github/workflows/shiftleft.yml | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) diff --git a/.github/workflows/shiftleft.yml b/.github/workflows/shiftleft.yml index 9a3d51ff..24fe3089 100644 --- a/.github/workflows/shiftleft.yml +++ b/.github/workflows/shiftleft.yml @@ -2,14 +2,12 @@ --- # This workflow integrates ShiftLeft NG SAST with GitHub # Visit https://docs.shiftleft.io for help -name: Qwiet +name: ShiftLeft on: pull_request: workflow_dispatch: - schedule: - # * is a special character in YAML so you have to quote this string - - cron: '30 5,17 * * *' + jobs: NextGen-Static-Analysis: runs-on: ubuntu-latest @@ -23,10 +21,10 @@ jobs: distribution: zulu - name: Package with maven run: mvn compile package - - name: Download Qwiet CLI + - name: Download ShiftLeft CLI run: | curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl - # Qwiet requires Java 1.8. Post the package step override the version + # ShiftLeft requires Java 1.8. Post the package step override the version - name: Setup Java JDK uses: actions/setup-java@v3 with: @@ -37,8 +35,7 @@ jobs: run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})" id: extract_branch - name: NextGen Static Analysis - run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --cpg --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar - #run: ${GITHUB_WORKSPACE}/sl analyze --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --container 18fgsa/s3-resource . + run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app shiftleft-java-demo --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --cpg --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar env: SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} SHIFTLEFT_API_HOST: www.shiftleft.io @@ -54,7 +51,7 @@ jobs: curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl - name: Validate Build Rules run: | - ${GITHUB_WORKSPACE}/sl check-analysis --app Qwiet-java-GH \ + ${GITHUB_WORKSPACE}/sl check-analysis --app shiftleft-java-demo \ --github-pr-number=${{github.event.number}} \ --github-pr-user=${{ github.repository_owner }} \ --github-pr-repo=${{ github.event.repository.name }} \ @@ -64,4 +61,4 @@ jobs: SHIFTLEFT_API_HOST: www.shiftleft.io SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 - + \ No newline at end of file From 9fc8de8eb666471ade6796bdf17e4f58a94fcfe7 Mon Sep 17 00:00:00 2001 From: ongamse Date: Mon, 9 Oct 2023 12:09:09 -0400 Subject: [PATCH 057/170] Added pipeline .harness/pipelines/shiftleft-java-demo-1696867734408.yaml --- .../shiftleft-java-demo-1696867734408.yaml | 33 +++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 .harness/pipelines/shiftleft-java-demo-1696867734408.yaml diff --git a/.harness/pipelines/shiftleft-java-demo-1696867734408.yaml b/.harness/pipelines/shiftleft-java-demo-1696867734408.yaml new file mode 100644 index 00000000..fa2e49bc --- /dev/null +++ b/.harness/pipelines/shiftleft-java-demo-1696867734408.yaml @@ -0,0 +1,33 @@ +pipeline: + identifier: Build_shiftleft_java_demo_1696867748935 + name: Build shiftleft-java-demo + orgIdentifier: default + projectIdentifier: QwietjavaHarness + properties: + ci: + codebase: + build: <+input> + connectorRef: account.Github_OAuth_1696007572273 + repoName: shiftleft-java-demo + stages: + - stage: + identifier: build + name: build + spec: + cloneCodebase: true + execution: + steps: + - step: + identifier: echo + name: echo + spec: + command: echo hello world + timeout: "" + type: Run + platform: + arch: Amd64 + os: Linux + runtime: + spec: {} + type: Cloud + type: CI From 946ef4e8a31ca3fb3730f95dddc7a5aae20e1c06 Mon Sep 17 00:00:00 2001 From: ongamse Date: Mon, 9 Oct 2023 12:09:09 -0400 Subject: [PATCH 058/170] Added input set .harness/Build_shiftleft_java_demo_1696867748935-pr-trigger-input-set-1696867749886.yaml --- ...7748935-pr-trigger-input-set-1696867749886.yaml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 .harness/Build_shiftleft_java_demo_1696867748935-pr-trigger-input-set-1696867749886.yaml diff --git a/.harness/Build_shiftleft_java_demo_1696867748935-pr-trigger-input-set-1696867749886.yaml b/.harness/Build_shiftleft_java_demo_1696867748935-pr-trigger-input-set-1696867749886.yaml new file mode 100644 index 00000000..9f276314 --- /dev/null +++ b/.harness/Build_shiftleft_java_demo_1696867748935-pr-trigger-input-set-1696867749886.yaml @@ -0,0 +1,14 @@ +inputSet: + name: Build_shiftleft_java_demo_1696867748935-pr-trigger-input-set + identifier: Build_shiftleft_java_demo_1696867748935prtriggerinputset + orgIdentifier: default + projectIdentifier: QwietjavaHarness + pipeline: + identifier: Build_shiftleft_java_demo_1696867748935 + properties: + ci: + codebase: + build: + type: PR + spec: + number: <+trigger.prNumber> From 779c9f327496dc699e8eb82453a0f28e57053f6f Mon Sep 17 00:00:00 2001 From: ongamse Date: Mon, 9 Oct 2023 12:09:10 -0400 Subject: [PATCH 059/170] Added input set .harness/Build_shiftleft_java_demo_1696867748935-push-trigger-input-set-1696867750867.yaml --- ...48935-push-trigger-input-set-1696867750867.yaml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 .harness/Build_shiftleft_java_demo_1696867748935-push-trigger-input-set-1696867750867.yaml diff --git a/.harness/Build_shiftleft_java_demo_1696867748935-push-trigger-input-set-1696867750867.yaml b/.harness/Build_shiftleft_java_demo_1696867748935-push-trigger-input-set-1696867750867.yaml new file mode 100644 index 00000000..1a1cc5a6 --- /dev/null +++ b/.harness/Build_shiftleft_java_demo_1696867748935-push-trigger-input-set-1696867750867.yaml @@ -0,0 +1,14 @@ +inputSet: + name: Build_shiftleft_java_demo_1696867748935-push-trigger-input-set + identifier: Build_shiftleft_java_demo_1696867748935pushtriggerinputset + orgIdentifier: default + projectIdentifier: QwietjavaHarness + pipeline: + identifier: Build_shiftleft_java_demo_1696867748935 + properties: + ci: + codebase: + build: + type: branch + spec: + branch: <+trigger.branch> From 2691a127ce367a7f05cff12179e7e0753e30dd00 Mon Sep 17 00:00:00 2001 From: ongamse Date: Mon, 9 Oct 2023 15:11:47 -0400 Subject: [PATCH 060/170] Added pipeline .harness/pipelines/shiftleft-java-demo-1696878690934.yaml --- .../shiftleft-java-demo-1696878690934.yaml | 33 +++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 .harness/pipelines/shiftleft-java-demo-1696878690934.yaml diff --git a/.harness/pipelines/shiftleft-java-demo-1696878690934.yaml b/.harness/pipelines/shiftleft-java-demo-1696878690934.yaml new file mode 100644 index 00000000..426d8459 --- /dev/null +++ b/.harness/pipelines/shiftleft-java-demo-1696878690934.yaml @@ -0,0 +1,33 @@ +pipeline: + identifier: Build_shiftleft_java_demo_1696878707672 + name: Build shiftleft-java-demo + orgIdentifier: default + projectIdentifier: QwietjavaHarn + properties: + ci: + codebase: + build: <+input> + connectorRef: account.Github_OAuth_1696007572273 + repoName: shiftleft-java-demo + stages: + - stage: + identifier: build + name: build + spec: + cloneCodebase: true + execution: + steps: + - step: + identifier: echo + name: echo + spec: + command: echo hello world + timeout: "" + type: Run + platform: + arch: Amd64 + os: Linux + runtime: + spec: {} + type: Cloud + type: CI From 30582686101af28ee0e1538f69d8df49c75aca88 Mon Sep 17 00:00:00 2001 From: ongamse Date: Mon, 9 Oct 2023 15:11:48 -0400 Subject: [PATCH 061/170] Added input set .harness/Build_shiftleft_java_demo_1696878707672-pr-trigger-input-set-1696878708669.yaml --- ...8707672-pr-trigger-input-set-1696878708669.yaml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 .harness/Build_shiftleft_java_demo_1696878707672-pr-trigger-input-set-1696878708669.yaml diff --git a/.harness/Build_shiftleft_java_demo_1696878707672-pr-trigger-input-set-1696878708669.yaml b/.harness/Build_shiftleft_java_demo_1696878707672-pr-trigger-input-set-1696878708669.yaml new file mode 100644 index 00000000..20ebf2a7 --- /dev/null +++ b/.harness/Build_shiftleft_java_demo_1696878707672-pr-trigger-input-set-1696878708669.yaml @@ -0,0 +1,14 @@ +inputSet: + name: Build_shiftleft_java_demo_1696878707672-pr-trigger-input-set + identifier: Build_shiftleft_java_demo_1696878707672prtriggerinputset + orgIdentifier: default + projectIdentifier: QwietjavaHarn + pipeline: + identifier: Build_shiftleft_java_demo_1696878707672 + properties: + ci: + codebase: + build: + type: PR + spec: + number: <+trigger.prNumber> From a0bbb109ca254f326e5ca2742b57d76e20245273 Mon Sep 17 00:00:00 2001 From: ongamse Date: Mon, 9 Oct 2023 15:11:49 -0400 Subject: [PATCH 062/170] Added input set .harness/Build_shiftleft_java_demo_1696878707672-push-trigger-input-set-1696878709630.yaml --- ...07672-push-trigger-input-set-1696878709630.yaml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 .harness/Build_shiftleft_java_demo_1696878707672-push-trigger-input-set-1696878709630.yaml diff --git a/.harness/Build_shiftleft_java_demo_1696878707672-push-trigger-input-set-1696878709630.yaml b/.harness/Build_shiftleft_java_demo_1696878707672-push-trigger-input-set-1696878709630.yaml new file mode 100644 index 00000000..da043653 --- /dev/null +++ b/.harness/Build_shiftleft_java_demo_1696878707672-push-trigger-input-set-1696878709630.yaml @@ -0,0 +1,14 @@ +inputSet: + name: Build_shiftleft_java_demo_1696878707672-push-trigger-input-set + identifier: Build_shiftleft_java_demo_1696878707672pushtriggerinputset + orgIdentifier: default + projectIdentifier: QwietjavaHarn + pipeline: + identifier: Build_shiftleft_java_demo_1696878707672 + properties: + ci: + codebase: + build: + type: branch + spec: + branch: <+trigger.branch> From 6fe48385f81c044fd1e51f333bd17c8bb35a388a Mon Sep 17 00:00:00 2001 From: ShiftLeft Date: Wed, 11 Oct 2023 08:59:33 -0400 Subject: [PATCH 063/170] adding ShiftLeft GitHub action --- .github/workflows/shiftleft.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/shiftleft.yml b/.github/workflows/shiftleft.yml index 24fe3089..15f631a3 100644 --- a/.github/workflows/shiftleft.yml +++ b/.github/workflows/shiftleft.yml @@ -19,8 +19,6 @@ jobs: with: java-version: 11.0.x distribution: zulu - - name: Package with maven - run: mvn compile package - name: Download ShiftLeft CLI run: | curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl @@ -35,7 +33,7 @@ jobs: run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})" id: extract_branch - name: NextGen Static Analysis - run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app shiftleft-java-demo --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --cpg --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar + run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app shiftleft-java-demo --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --javasrc --cpg --container 18fgsa/s3-resource . env: SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} SHIFTLEFT_API_HOST: www.shiftleft.io From a79fec102e9ff3d1f7fe945f3e9cb825e9180bca Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Thu, 12 Oct 2023 15:27:41 -0400 Subject: [PATCH 064/170] Update test.yml --- .github/workflows/test.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 9099f368..3635c53d 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -30,7 +30,7 @@ jobs: - name: NextGen Static Analysis run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar env: - SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN2 }} SHIFTLEFT_API_HOST: www.shiftleft.io SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 @@ -50,7 +50,7 @@ jobs: --github-pr-repo=${{ github.event.repository.name }} \ --github-token=${{ secrets.GITHUB_TOKEN }} env: - SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN2 }} SHIFTLEFT_API_HOST: www.shiftleft.io SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 From c5bc29c71b4b1f4b411971781343448b6c5f3129 Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Thu, 12 Oct 2023 17:03:50 -0400 Subject: [PATCH 065/170] Update test.yml --- .github/workflows/test.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 3635c53d..9099f368 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -30,7 +30,7 @@ jobs: - name: NextGen Static Analysis run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar env: - SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN2 }} + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} SHIFTLEFT_API_HOST: www.shiftleft.io SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 @@ -50,7 +50,7 @@ jobs: --github-pr-repo=${{ github.event.repository.name }} \ --github-token=${{ secrets.GITHUB_TOKEN }} env: - SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN2 }} + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} SHIFTLEFT_API_HOST: www.shiftleft.io SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 From ce7269f8779c1fa7eb935c5189eedda4de1cb5e7 Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Mon, 16 Oct 2023 23:04:47 -0400 Subject: [PATCH 066/170] Update test.yml --- .github/workflows/test.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 9099f368..72747dd4 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -7,7 +7,9 @@ name: QwietTest on: pull_request: workflow_dispatch: - +schedule: + # * is a special character in YAML so you have to quote this string + - cron: '0 11 * * 6' jobs: NextGen-Static-Analysis: runs-on: ubuntu-latest From 04b96310bfd3aaca1729c71006e78c7e544a79ec Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Mon, 16 Oct 2023 23:05:44 -0400 Subject: [PATCH 067/170] Update test.yml --- .github/workflows/test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 72747dd4..45a0476a 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -7,7 +7,7 @@ name: QwietTest on: pull_request: workflow_dispatch: -schedule: + schedule: # * is a special character in YAML so you have to quote this string - cron: '0 11 * * 6' jobs: From e64f0f3cbe3854680e65279f2b1f312cf00df94f Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Wed, 25 Oct 2023 14:56:31 -0400 Subject: [PATCH 068/170] Update shiftleft.yml --- .github/workflows/shiftleft.yml | 42 ++++++++++++++++----------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/.github/workflows/shiftleft.yml b/.github/workflows/shiftleft.yml index 15f631a3..d87596bf 100644 --- a/.github/workflows/shiftleft.yml +++ b/.github/workflows/shiftleft.yml @@ -39,24 +39,24 @@ jobs: SHIFTLEFT_API_HOST: www.shiftleft.io SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 - Build-Rules: - runs-on: ubuntu-latest - needs: NextGen-Static-Analysis - steps: - - uses: actions/checkout@v3 - - name: Download ShiftLeft CLI - run: | - curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl - - name: Validate Build Rules - run: | - ${GITHUB_WORKSPACE}/sl check-analysis --app shiftleft-java-demo \ - --github-pr-number=${{github.event.number}} \ - --github-pr-user=${{ github.repository_owner }} \ - --github-pr-repo=${{ github.event.repository.name }} \ - --github-token=${{ secrets.GITHUB_TOKEN }} - env: - SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} - SHIFTLEFT_API_HOST: www.shiftleft.io - SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 - SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 - \ No newline at end of file + #Build-Rules: + #runs-on: ubuntu-latest + #needs: NextGen-Static-Analysis + #steps: + #- uses: actions/checkout@v3 + #- name: Download ShiftLeft CLI + #run: | + # curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl + #- name: Validate Build Rules + #run: | + #${GITHUB_WORKSPACE}/sl check-analysis --app shiftleft-java-demo \ + # --github-pr-number=${{github.event.number}} \ + # --github-pr-user=${{ github.repository_owner }} \ + # --github-pr-repo=${{ github.event.repository.name }} \ + #--github-token=${{ secrets.GITHUB_TOKEN }} + #env: + # SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} + #SHIFTLEFT_API_HOST: www.shiftleft.io + #SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 + #SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 + From f55c4487083e78645f28a903fe01e68ca02462b5 Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Sun, 29 Oct 2023 22:55:18 -0400 Subject: [PATCH 069/170] Update shiftleft.yml --- .github/workflows/shiftleft.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/shiftleft.yml b/.github/workflows/shiftleft.yml index d87596bf..80b148b5 100644 --- a/.github/workflows/shiftleft.yml +++ b/.github/workflows/shiftleft.yml @@ -33,9 +33,9 @@ jobs: run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})" id: extract_branch - name: NextGen Static Analysis - run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app shiftleft-java-demo --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --javasrc --cpg --container 18fgsa/s3-resource . + run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --javasrc --cpg --container 18fgsa/s3-resource . env: - SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN0 }} SHIFTLEFT_API_HOST: www.shiftleft.io SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 @@ -49,13 +49,13 @@ jobs: # curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl #- name: Validate Build Rules #run: | - #${GITHUB_WORKSPACE}/sl check-analysis --app shiftleft-java-demo \ + #${GITHUB_WORKSPACE}/sl check-analysis --app Qwiet-java-GH \ # --github-pr-number=${{github.event.number}} \ # --github-pr-user=${{ github.repository_owner }} \ # --github-pr-repo=${{ github.event.repository.name }} \ #--github-token=${{ secrets.GITHUB_TOKEN }} #env: - # SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} + # SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN0 }} #SHIFTLEFT_API_HOST: www.shiftleft.io #SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 #SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 From f8239dc38e1727619a9244b0e769d89643a83d20 Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Sun, 29 Oct 2023 22:58:54 -0400 Subject: [PATCH 070/170] Update test.yml --- .github/workflows/test.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 45a0476a..7484846c 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -32,7 +32,7 @@ jobs: - name: NextGen Static Analysis run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar env: - SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN0 }} SHIFTLEFT_API_HOST: www.shiftleft.io SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 @@ -52,7 +52,7 @@ jobs: --github-pr-repo=${{ github.event.repository.name }} \ --github-token=${{ secrets.GITHUB_TOKEN }} env: - SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN0 }} SHIFTLEFT_API_HOST: www.shiftleft.io SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 From 999e726e45f3692fd5ac47571ae56d4e8d668983 Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Sun, 29 Oct 2023 23:03:24 -0400 Subject: [PATCH 071/170] Create TSdemo.yml --- .github/workflows/TSdemo.yml | 59 ++++++++++++++++++++++++++++++++++++ 1 file changed, 59 insertions(+) create mode 100644 .github/workflows/TSdemo.yml diff --git a/.github/workflows/TSdemo.yml b/.github/workflows/TSdemo.yml new file mode 100644 index 00000000..7484846c --- /dev/null +++ b/.github/workflows/TSdemo.yml @@ -0,0 +1,59 @@ + +--- +# This workflow integrates ShiftLeft NG SAST with GitHub +# Visit https://docs.shiftleft.io for help +name: QwietTest + +on: + pull_request: + workflow_dispatch: + schedule: + # * is a special character in YAML so you have to quote this string + - cron: '0 11 * * 6' +jobs: + NextGen-Static-Analysis: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + # We are building this application with Java 11 + - name: Setup Java JDK + uses: actions/setup-java@v1.4.3 + with: + java-version: 1.8 + - name: Package with maven + run: mvn clean package + - name: Download ShiftLeft CLI + run: | + curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl + - name: Extract branch name + shell: bash + run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})" + id: extract_branch + - name: NextGen Static Analysis + run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar + env: + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN0 }} + SHIFTLEFT_API_HOST: www.shiftleft.io + SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 + SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 + Build-Rules: + runs-on: ubuntu-latest + needs: NextGen-Static-Analysis + steps: + - uses: actions/checkout@v3 + - name: Download ShiftLeft CLI + run: | + curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl + - name: Validate Build Rules + run: | + ${GITHUB_WORKSPACE}/sl check-analysis --app shiftleft-java-demo \ + --github-pr-number=${{github.event.number}} \ + --github-pr-user=${{ github.repository_owner }} \ + --github-pr-repo=${{ github.event.repository.name }} \ + --github-token=${{ secrets.GITHUB_TOKEN }} + env: + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN0 }} + SHIFTLEFT_API_HOST: www.shiftleft.io + SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 + SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 + From 2587f77a84505f165803ca1b29009afef55fddc9 Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Sun, 29 Oct 2023 23:03:44 -0400 Subject: [PATCH 072/170] Update test.yml --- .github/workflows/test.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 7484846c..45a0476a 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -32,7 +32,7 @@ jobs: - name: NextGen Static Analysis run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar env: - SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN0 }} + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} SHIFTLEFT_API_HOST: www.shiftleft.io SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 @@ -52,7 +52,7 @@ jobs: --github-pr-repo=${{ github.event.repository.name }} \ --github-token=${{ secrets.GITHUB_TOKEN }} env: - SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN0 }} + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} SHIFTLEFT_API_HOST: www.shiftleft.io SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 From c86742a27207a6537fe4b013416dd051dfcd9af3 Mon Sep 17 00:00:00 2001 From: ShiftLeft Date: Mon, 13 Nov 2023 07:45:30 -0500 Subject: [PATCH 073/170] adding ShiftLeft GitHub action --- .github/workflows/shiftleft.yml | 46 ++++++++++++++++----------------- 1 file changed, 23 insertions(+), 23 deletions(-) diff --git a/.github/workflows/shiftleft.yml b/.github/workflows/shiftleft.yml index 80b148b5..15f631a3 100644 --- a/.github/workflows/shiftleft.yml +++ b/.github/workflows/shiftleft.yml @@ -33,30 +33,30 @@ jobs: run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})" id: extract_branch - name: NextGen Static Analysis - run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --javasrc --cpg --container 18fgsa/s3-resource . + run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app shiftleft-java-demo --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --javasrc --cpg --container 18fgsa/s3-resource . env: - SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN0 }} + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} SHIFTLEFT_API_HOST: www.shiftleft.io SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 - #Build-Rules: - #runs-on: ubuntu-latest - #needs: NextGen-Static-Analysis - #steps: - #- uses: actions/checkout@v3 - #- name: Download ShiftLeft CLI - #run: | - # curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl - #- name: Validate Build Rules - #run: | - #${GITHUB_WORKSPACE}/sl check-analysis --app Qwiet-java-GH \ - # --github-pr-number=${{github.event.number}} \ - # --github-pr-user=${{ github.repository_owner }} \ - # --github-pr-repo=${{ github.event.repository.name }} \ - #--github-token=${{ secrets.GITHUB_TOKEN }} - #env: - # SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN0 }} - #SHIFTLEFT_API_HOST: www.shiftleft.io - #SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 - #SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 - + Build-Rules: + runs-on: ubuntu-latest + needs: NextGen-Static-Analysis + steps: + - uses: actions/checkout@v3 + - name: Download ShiftLeft CLI + run: | + curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl + - name: Validate Build Rules + run: | + ${GITHUB_WORKSPACE}/sl check-analysis --app shiftleft-java-demo \ + --github-pr-number=${{github.event.number}} \ + --github-pr-user=${{ github.repository_owner }} \ + --github-pr-repo=${{ github.event.repository.name }} \ + --github-token=${{ secrets.GITHUB_TOKEN }} + env: + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} + SHIFTLEFT_API_HOST: www.shiftleft.io + SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 + SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 + \ No newline at end of file From a78e57c0c84a577d6f9b345c83450404c3146d92 Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Tue, 14 Nov 2023 08:29:18 -0500 Subject: [PATCH 074/170] Update test.yml --- .github/workflows/test.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 45a0476a..90dd9ffe 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -32,7 +32,7 @@ jobs: - name: NextGen Static Analysis run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar env: - SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN0 }} SHIFTLEFT_API_HOST: www.shiftleft.io SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 @@ -46,13 +46,13 @@ jobs: curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl - name: Validate Build Rules run: | - ${GITHUB_WORKSPACE}/sl check-analysis --app shiftleft-java-demo \ + ${GITHUB_WORKSPACE}/sl check-analysis --app Qwiet-java-GH \ --github-pr-number=${{github.event.number}} \ --github-pr-user=${{ github.repository_owner }} \ --github-pr-repo=${{ github.event.repository.name }} \ --github-token=${{ secrets.GITHUB_TOKEN }} env: - SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN0 }} SHIFTLEFT_API_HOST: www.shiftleft.io SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 From 155e1ecde5c9fbdfbdaead5cdea91f6794bca902 Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Tue, 14 Nov 2023 08:32:59 -0500 Subject: [PATCH 075/170] Update test.yml --- .github/workflows/test.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 90dd9ffe..ec4944b3 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -32,7 +32,7 @@ jobs: - name: NextGen Static Analysis run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar env: - SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN0 }} + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} SHIFTLEFT_API_HOST: www.shiftleft.io SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 @@ -52,7 +52,7 @@ jobs: --github-pr-repo=${{ github.event.repository.name }} \ --github-token=${{ secrets.GITHUB_TOKEN }} env: - SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN0 }} + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} SHIFTLEFT_API_HOST: www.shiftleft.io SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 From c9855984fb9518b396e02738f67e74052a252c55 Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Thu, 30 Nov 2023 16:18:14 -0500 Subject: [PATCH 076/170] Update test.yml --- .github/workflows/test.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index ec4944b3..90dd9ffe 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -32,7 +32,7 @@ jobs: - name: NextGen Static Analysis run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar env: - SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN0 }} SHIFTLEFT_API_HOST: www.shiftleft.io SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 @@ -52,7 +52,7 @@ jobs: --github-pr-repo=${{ github.event.repository.name }} \ --github-token=${{ secrets.GITHUB_TOKEN }} env: - SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN0 }} SHIFTLEFT_API_HOST: www.shiftleft.io SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 From a8f2da15b0571e2de35cc1c3c8dc497f72327280 Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Thu, 30 Nov 2023 16:23:51 -0500 Subject: [PATCH 077/170] Update test.yml --- .github/workflows/test.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 90dd9ffe..ec4944b3 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -32,7 +32,7 @@ jobs: - name: NextGen Static Analysis run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar env: - SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN0 }} + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} SHIFTLEFT_API_HOST: www.shiftleft.io SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 @@ -52,7 +52,7 @@ jobs: --github-pr-repo=${{ github.event.repository.name }} \ --github-token=${{ secrets.GITHUB_TOKEN }} env: - SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN0 }} + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} SHIFTLEFT_API_HOST: www.shiftleft.io SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 From 9e787cce48d9fe995f8b72f4a2b885735fe25c25 Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Tue, 5 Dec 2023 10:20:27 -0500 Subject: [PATCH 078/170] Update test.yml --- .github/workflows/test.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index ec4944b3..90dd9ffe 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -32,7 +32,7 @@ jobs: - name: NextGen Static Analysis run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar env: - SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN0 }} SHIFTLEFT_API_HOST: www.shiftleft.io SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 @@ -52,7 +52,7 @@ jobs: --github-pr-repo=${{ github.event.repository.name }} \ --github-token=${{ secrets.GITHUB_TOKEN }} env: - SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN0 }} SHIFTLEFT_API_HOST: www.shiftleft.io SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 From ada7d02e33d07240992824838baf0b565588a67b Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Tue, 5 Dec 2023 10:30:25 -0500 Subject: [PATCH 079/170] Update test.yml --- .github/workflows/test.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 90dd9ffe..4b3e47d2 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -30,9 +30,9 @@ jobs: run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})" id: extract_branch - name: NextGen Static Analysis - run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar + run: SHIFTLEFT_SBOM_GENERATOR=2 ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar env: - SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN0 }} + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} SHIFTLEFT_API_HOST: www.shiftleft.io SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 @@ -52,7 +52,7 @@ jobs: --github-pr-repo=${{ github.event.repository.name }} \ --github-token=${{ secrets.GITHUB_TOKEN }} env: - SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN0 }} + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} SHIFTLEFT_API_HOST: www.shiftleft.io SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 From 85a1a1d1b22447c5ba93f4d1842a023174b96f4b Mon Sep 17 00:00:00 2001 From: ShiftLeft Date: Tue, 5 Dec 2023 22:26:50 -0500 Subject: [PATCH 080/170] adding ShiftLeft GitHub action From 3c525b52a05112b1f46e26ee8afc5f54397389bd Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Wed, 6 Dec 2023 14:51:09 -0500 Subject: [PATCH 081/170] Update test.yml --- .github/workflows/test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 4b3e47d2..808bb133 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -30,7 +30,7 @@ jobs: run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})" id: extract_branch - name: NextGen Static Analysis - run: SHIFTLEFT_SBOM_GENERATOR=2 ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar + run:${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar env: SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} SHIFTLEFT_API_HOST: www.shiftleft.io From e7fd815f4308c681138aa0eca5a55a7b77cad56a Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Wed, 6 Dec 2023 14:52:06 -0500 Subject: [PATCH 082/170] Update test.yml --- .github/workflows/test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 808bb133..ec4944b3 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -30,7 +30,7 @@ jobs: run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})" id: extract_branch - name: NextGen Static Analysis - run:${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar + run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar env: SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} SHIFTLEFT_API_HOST: www.shiftleft.io From 674392edfddaee9657bef6ff605e988430bd0ea1 Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Mon, 18 Dec 2023 13:33:20 -0500 Subject: [PATCH 083/170] Update test.yml --- .github/workflows/test.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index ec4944b3..30ee604b 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -30,7 +30,8 @@ jobs: run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})" id: extract_branch - name: NextGen Static Analysis - run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar + #run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar + run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --javasrc . env: SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} SHIFTLEFT_API_HOST: www.shiftleft.io From efc02e47772f224f77baad8c5035dac868dfb3f5 Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Mon, 18 Dec 2023 13:36:21 -0500 Subject: [PATCH 084/170] Update test.yml --- .github/workflows/test.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 30ee604b..377bd2e9 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -30,8 +30,8 @@ jobs: run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})" id: extract_branch - name: NextGen Static Analysis - #run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar - run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --javasrc . + run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar + #run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --javasrc . env: SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} SHIFTLEFT_API_HOST: www.shiftleft.io From c1b62b3af7e71383bbd097ba77421473eac68356 Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Mon, 22 Jan 2024 17:18:17 -0500 Subject: [PATCH 085/170] Create QwietMLtest.yml --- .github/workflows/QwietMLtest.yml | 41 +++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100644 .github/workflows/QwietMLtest.yml diff --git a/.github/workflows/QwietMLtest.yml b/.github/workflows/QwietMLtest.yml new file mode 100644 index 00000000..655e41d5 --- /dev/null +++ b/.github/workflows/QwietMLtest.yml @@ -0,0 +1,41 @@ + +--- +# This workflow integrates ShiftLeft NG SAST with GitHub +# Visit https://docs.shiftleft.io for help +name: ShiftLeft + +on: + pull_request: + workflow_dispatch: + +jobs: + NextGen-Static-Analysis: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + # We are building this application with Java 11 + - name: Setup Java JDK + uses: actions/setup-java@v3 + with: + java-version: 11.0.x + distribution: zulu + - name: Download ShiftLeft CLI + run: | + curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl + # ShiftLeft requires Java 1.8. Post the package step override the version + - name: Setup Java JDK + uses: actions/setup-java@v3 + with: + distribution: zulu + java-version: 8 + - name: Extract branch name + shell: bash + run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})" + id: extract_branch + - name: NextGen Static Analysis + run: QWIET_ENABLE_MULTI_LANGUAGE_ANALYSIS=true ${GITHUB_WORKSPACE}/sl analyze + env: + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} + SHIFTLEFT_API_HOST: www.shiftleft.io + SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 + SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 From b45d8e4046cfa64cb53d1cef2916e1974c8b6e01 Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Mon, 29 Jan 2024 17:18:38 -0500 Subject: [PATCH 086/170] Update shiftleft.yml --- .github/workflows/shiftleft.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/shiftleft.yml b/.github/workflows/shiftleft.yml index 15f631a3..7e9e15c3 100644 --- a/.github/workflows/shiftleft.yml +++ b/.github/workflows/shiftleft.yml @@ -33,9 +33,9 @@ jobs: run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})" id: extract_branch - name: NextGen Static Analysis - run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app shiftleft-java-demo --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --javasrc --cpg --container 18fgsa/s3-resource . + run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app shiftleft-java-demo --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --java --cpg --container 18fgsa/s3-resource env: - SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN0 }} SHIFTLEFT_API_HOST: www.shiftleft.io SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 @@ -55,8 +55,8 @@ jobs: --github-pr-repo=${{ github.event.repository.name }} \ --github-token=${{ secrets.GITHUB_TOKEN }} env: - SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN0 }} SHIFTLEFT_API_HOST: www.shiftleft.io SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 - \ No newline at end of file + From 3a3485400fc2d56f058bea81d8ae160181a12ef0 Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Mon, 29 Jan 2024 17:19:42 -0500 Subject: [PATCH 087/170] Update shiftleft.yml --- .github/workflows/shiftleft.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/shiftleft.yml b/.github/workflows/shiftleft.yml index 7e9e15c3..cb611f18 100644 --- a/.github/workflows/shiftleft.yml +++ b/.github/workflows/shiftleft.yml @@ -33,7 +33,7 @@ jobs: run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})" id: extract_branch - name: NextGen Static Analysis - run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app shiftleft-java-demo --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --java --cpg --container 18fgsa/s3-resource + run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app shiftleft-java-demo --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --java --cpg --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar env: SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN0 }} SHIFTLEFT_API_HOST: www.shiftleft.io From 5dde714fbc9c7c2a740b288d8ae84897edb0ca43 Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Mon, 29 Jan 2024 17:22:21 -0500 Subject: [PATCH 088/170] Update test.yml --- .github/workflows/test.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 377bd2e9..f6e64f20 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -30,10 +30,10 @@ jobs: run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})" id: extract_branch - name: NextGen Static Analysis - run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar + run: SHIFTLEFT_SBOM_GENERATOR=2 ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar #run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --javasrc . env: - SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN0 }} SHIFTLEFT_API_HOST: www.shiftleft.io SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 @@ -53,7 +53,7 @@ jobs: --github-pr-repo=${{ github.event.repository.name }} \ --github-token=${{ secrets.GITHUB_TOKEN }} env: - SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN0 }} SHIFTLEFT_API_HOST: www.shiftleft.io SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 From f386b8822808f1c2e3a180dcf9bfa295ec0d72aa Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Mon, 29 Jan 2024 17:38:30 -0500 Subject: [PATCH 089/170] Update test.yml --- .github/workflows/test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index f6e64f20..e325eb8f 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -30,7 +30,7 @@ jobs: run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})" id: extract_branch - name: NextGen Static Analysis - run: SHIFTLEFT_SBOM_GENERATOR=2 ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar + run: SHIFTLEFT_SBOM_GENERATOR=2 ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar #run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --javasrc . env: SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN0 }} From 27846da40965e1bd41730caa653f7b661ea0c25b Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Thu, 8 Feb 2024 08:55:32 -0500 Subject: [PATCH 090/170] Update test.yml --- .github/workflows/test.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index e325eb8f..c8a581da 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -33,7 +33,7 @@ jobs: run: SHIFTLEFT_SBOM_GENERATOR=2 ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar #run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --javasrc . env: - SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN0 }} + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} SHIFTLEFT_API_HOST: www.shiftleft.io SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 @@ -53,7 +53,7 @@ jobs: --github-pr-repo=${{ github.event.repository.name }} \ --github-token=${{ secrets.GITHUB_TOKEN }} env: - SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN0 }} + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} SHIFTLEFT_API_HOST: www.shiftleft.io SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 From f5d71b6c16e32ef2a14cd6ccc1f058fb606cd176 Mon Sep 17 00:00:00 2001 From: ShiftLeft Date: Fri, 9 Feb 2024 13:08:45 -0500 Subject: [PATCH 091/170] adding ShiftLeft GitHub action --- .github/workflows/shiftleft.yml | 48 ++++++++++++++++++--------------- 1 file changed, 26 insertions(+), 22 deletions(-) diff --git a/.github/workflows/shiftleft.yml b/.github/workflows/shiftleft.yml index cb611f18..65ffa17d 100644 --- a/.github/workflows/shiftleft.yml +++ b/.github/workflows/shiftleft.yml @@ -1,8 +1,7 @@ - --- -# This workflow integrates ShiftLeft NG SAST with GitHub +# This workflow integrates qwiet.ai preZero with GitHub # Visit https://docs.shiftleft.io for help -name: ShiftLeft +name: qwiet.ai on: pull_request: @@ -13,34 +12,38 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - # We are building this application with Java 11 - - name: Setup Java JDK + - name: Setup Java JDK v11.0.x uses: actions/setup-java@v3 with: - java-version: 11.0.x distribution: zulu - - name: Download ShiftLeft CLI - run: | - curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl - # ShiftLeft requires Java 1.8. Post the package step override the version - - name: Setup Java JDK + java-version: 11.0.x + + - name: Setup Java JDK v8 uses: actions/setup-java@v3 with: distribution: zulu java-version: 8 - - name: Extract branch name - shell: bash - run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})" - id: extract_branch - - name: NextGen Static Analysis - run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app shiftleft-java-demo --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --java --cpg --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar + + - name: Download ShiftLeft CLI + run: | + curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl + + - name: preZero Static Analysis + run: | + ${GITHUB_WORKSPACE}/sl --version + ${GITHUB_WORKSPACE}/sl analyze --strict --wait \ + --app shiftleft-java-demo \ + --tag branch=${{ github.head_ref }} \ + --javasrc --container 18fgsa/s3-resource . env: - SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN0 }} + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} SHIFTLEFT_API_HOST: www.shiftleft.io SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 - Build-Rules: + + Build-Rules: runs-on: ubuntu-latest + permissions: write-all needs: NextGen-Static-Analysis steps: - uses: actions/checkout@v3 @@ -55,8 +58,9 @@ jobs: --github-pr-repo=${{ github.event.repository.name }} \ --github-token=${{ secrets.GITHUB_TOKEN }} env: - SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN0 }} + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} SHIFTLEFT_API_HOST: www.shiftleft.io SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 - SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 - + SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 + + From 4d5f0ae565799c66aecffc7d20295dcc5758ac89 Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Tue, 20 Feb 2024 13:59:53 -0500 Subject: [PATCH 092/170] Update test.yml --- .github/workflows/test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index c8a581da..6e4ee261 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -30,7 +30,7 @@ jobs: run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})" id: extract_branch - name: NextGen Static Analysis - run: SHIFTLEFT_SBOM_GENERATOR=2 ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar + run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar #run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --javasrc . env: SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} From fd1e4f30d7292e60bf050a72b4ad10df94803a47 Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Wed, 6 Mar 2024 15:56:04 -0500 Subject: [PATCH 093/170] Update shiftleft.yml --- .github/workflows/shiftleft.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/shiftleft.yml b/.github/workflows/shiftleft.yml index 65ffa17d..35fbfbc5 100644 --- a/.github/workflows/shiftleft.yml +++ b/.github/workflows/shiftleft.yml @@ -32,7 +32,7 @@ jobs: run: | ${GITHUB_WORKSPACE}/sl --version ${GITHUB_WORKSPACE}/sl analyze --strict --wait \ - --app shiftleft-java-demo \ + --app Qwiet-java-GH \ --tag branch=${{ github.head_ref }} \ --javasrc --container 18fgsa/s3-resource . env: From 67d710de26c0e7d9c199fd392339b0fbd90afba2 Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Thu, 4 Apr 2024 21:32:16 -0400 Subject: [PATCH 094/170] Update test.yml --- .github/workflows/test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 6e4ee261..e1a09a6a 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -2,7 +2,7 @@ --- # This workflow integrates ShiftLeft NG SAST with GitHub # Visit https://docs.shiftleft.io for help -name: QwietTest +name: QwietTestNT on: pull_request: From 01f85caba04921df4a8da8a68ff2845740c04dbf Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Thu, 4 Apr 2024 21:38:27 -0400 Subject: [PATCH 095/170] Update test.yml --- .github/workflows/test.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index e1a09a6a..f31ef7fd 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -33,7 +33,7 @@ jobs: run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar #run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --javasrc . env: - SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN2 }} SHIFTLEFT_API_HOST: www.shiftleft.io SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 @@ -53,7 +53,7 @@ jobs: --github-pr-repo=${{ github.event.repository.name }} \ --github-token=${{ secrets.GITHUB_TOKEN }} env: - SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN2 }} SHIFTLEFT_API_HOST: www.shiftleft.io SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 From 852feb07d57802f393f1a90979643baf8d526ef0 Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Thu, 4 Apr 2024 21:39:24 -0400 Subject: [PATCH 096/170] Update test.yml --- .github/workflows/test.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index f31ef7fd..e1a09a6a 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -33,7 +33,7 @@ jobs: run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar #run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --javasrc . env: - SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN2 }} + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} SHIFTLEFT_API_HOST: www.shiftleft.io SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 @@ -53,7 +53,7 @@ jobs: --github-pr-repo=${{ github.event.repository.name }} \ --github-token=${{ secrets.GITHUB_TOKEN }} env: - SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN2 }} + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} SHIFTLEFT_API_HOST: www.shiftleft.io SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 From b5ba1f45ce04ace7861637c351884d701a7924fd Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Mon, 8 Apr 2024 16:52:14 -0400 Subject: [PATCH 097/170] Create main.yml --- .github/workflows/main.yml | 60 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 60 insertions(+) create mode 100644 .github/workflows/main.yml diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml new file mode 100644 index 00000000..bc91b52f --- /dev/null +++ b/.github/workflows/main.yml @@ -0,0 +1,60 @@ + +--- +# This workflow integrates ShiftLeft NG SAST with GitHub +# Visit https://docs.shiftleft.io for help +name: QwietQual + +on: + pull_request: + workflow_dispatch: + schedule: + # * is a special character in YAML so you have to quote this string + - cron: '0 11 * * 6' +jobs: + NextGen-Static-Analysis: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + # We are building this application with Java 11 + - name: Setup Java JDK + uses: actions/setup-java@v1.4.3 + with: + java-version: 1.8 + - name: Package with maven + run: mvn clean package + - name: Download ShiftLeft CLI + run: | + curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl + - name: Extract branch name + shell: bash + run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})" + id: extract_branch + - name: NextGen Static Analysis + run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar + #run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --javasrc . + env: + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKENQ }} + SHIFTLEFT_API_HOST: www.shiftleft.io + SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 + SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 + Build-Rules: + runs-on: ubuntu-latest + needs: NextGen-Static-Analysis + steps: + - uses: actions/checkout@v3 + - name: Download ShiftLeft CLI + run: | + curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl + - name: Validate Build Rules + run: | + ${GITHUB_WORKSPACE}/sl check-analysis --app Qwiet-java-GH \ + --github-pr-number=${{github.event.number}} \ + --github-pr-user=${{ github.repository_owner }} \ + --github-pr-repo=${{ github.event.repository.name }} \ + --github-token=${{ secrets.GITHUB_TOKEN }} + env: + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKENQ }} + SHIFTLEFT_API_HOST: www.shiftleft.io + SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 + SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 + From b994b208f444de379be752e91d8aa74f4c2eb863 Mon Sep 17 00:00:00 2001 From: ShiftLeft Date: Wed, 10 Apr 2024 14:28:51 -0400 Subject: [PATCH 098/170] adding ShiftLeft GitHub action --- .github/workflows/shiftleft.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/shiftleft.yml b/.github/workflows/shiftleft.yml index 35fbfbc5..65ffa17d 100644 --- a/.github/workflows/shiftleft.yml +++ b/.github/workflows/shiftleft.yml @@ -32,7 +32,7 @@ jobs: run: | ${GITHUB_WORKSPACE}/sl --version ${GITHUB_WORKSPACE}/sl analyze --strict --wait \ - --app Qwiet-java-GH \ + --app shiftleft-java-demo \ --tag branch=${{ github.head_ref }} \ --javasrc --container 18fgsa/s3-resource . env: From f2d044a3e365469c18915d8107ed3293d69ea770 Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Thu, 18 Apr 2024 13:43:02 -0400 Subject: [PATCH 099/170] Update shiftleft.yml --- .github/workflows/shiftleft.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/shiftleft.yml b/.github/workflows/shiftleft.yml index 65ffa17d..2862930d 100644 --- a/.github/workflows/shiftleft.yml +++ b/.github/workflows/shiftleft.yml @@ -32,7 +32,7 @@ jobs: run: | ${GITHUB_WORKSPACE}/sl --version ${GITHUB_WORKSPACE}/sl analyze --strict --wait \ - --app shiftleft-java-demo \ + --app qwietAI-java-demo \ --tag branch=${{ github.head_ref }} \ --javasrc --container 18fgsa/s3-resource . env: @@ -52,7 +52,7 @@ jobs: curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl - name: Validate Build Rules run: | - ${GITHUB_WORKSPACE}/sl check-analysis --app shiftleft-java-demo \ + ${GITHUB_WORKSPACE}/sl check-analysis --app qwietAI-java-demo \ --github-pr-number=${{github.event.number}} \ --github-pr-user=${{ github.repository_owner }} \ --github-pr-repo=${{ github.event.repository.name }} \ From ebfc5ea463a83515d2050686046e2182509204e8 Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Thu, 18 Apr 2024 13:45:47 -0400 Subject: [PATCH 100/170] Update test.yml --- .github/workflows/test.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index e1a09a6a..22e5d392 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -30,8 +30,8 @@ jobs: run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})" id: extract_branch - name: NextGen Static Analysis - run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar - #run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --javasrc . + #run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar + run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --javasrc . env: SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} SHIFTLEFT_API_HOST: www.shiftleft.io From 9397987f58910d17bc3c9183bfad36003265e09e Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Thu, 18 Apr 2024 13:48:19 -0400 Subject: [PATCH 101/170] Update shiftleft.yml --- .github/workflows/shiftleft.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/shiftleft.yml b/.github/workflows/shiftleft.yml index 2862930d..dc3742e9 100644 --- a/.github/workflows/shiftleft.yml +++ b/.github/workflows/shiftleft.yml @@ -34,7 +34,7 @@ jobs: ${GITHUB_WORKSPACE}/sl analyze --strict --wait \ --app qwietAI-java-demo \ --tag branch=${{ github.head_ref }} \ - --javasrc --container 18fgsa/s3-resource . + --javasrc . env: SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} SHIFTLEFT_API_HOST: www.shiftleft.io From d78d2a8c43a77feebb871d9dc0e30e111af7e5de Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Thu, 18 Apr 2024 13:55:18 -0400 Subject: [PATCH 102/170] Update SearchController.java --- .../controller/SearchController.java | 27 +++++++++---------- 1 file changed, 12 insertions(+), 15 deletions(-) diff --git a/src/main/java/io/shiftleft/controller/SearchController.java b/src/main/java/io/shiftleft/controller/SearchController.java index faa40976..abc5384a 100644 --- a/src/main/java/io/shiftleft/controller/SearchController.java +++ b/src/main/java/io/shiftleft/controller/SearchController.java @@ -14,19 +14,16 @@ /** * Search login */ -@Controller -public class SearchController { - - @RequestMapping(value = "/search/user", method = RequestMethod.GET) - public String doGetSearch(@RequestParam String foo, HttpServletResponse response, HttpServletRequest request) { - java.lang.Object message = new Object(); - try { - ExpressionParser parser = new SpelExpressionParser(); - Expression exp = parser.parseExpression(foo); - message = (Object) exp.getValue(); - } catch (Exception ex) { - System.out.println(ex.getMessage()); - } - return message.toString(); - } +@RequestMapping(value = "/search/user", method = RequestMethod.GET) +public String doGetSearch(@RequestParam String foo, HttpServletResponse response, HttpServletRequest request) { + java.lang.String message = ""; + try { + ExpressionParser parser = new SpelExpressionParser(); + Expression exp = parser.parseExpression(foo); + message = exp.getValue().toString(); + } catch (Exception ex) { + System.out.println(ex.getMessage()); + } + return message; + } } From 9fd38efe0d0336bf779d0cfc10fb9ea50000b0ad Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Thu, 18 Apr 2024 13:56:50 -0400 Subject: [PATCH 103/170] Update shiftleft.yml --- .github/workflows/shiftleft.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/shiftleft.yml b/.github/workflows/shiftleft.yml index dc3742e9..bbfe30ed 100644 --- a/.github/workflows/shiftleft.yml +++ b/.github/workflows/shiftleft.yml @@ -17,7 +17,8 @@ jobs: with: distribution: zulu java-version: 11.0.x - + - name: Download ShiftLeft CLI + run: mvn clean install - name: Setup Java JDK v8 uses: actions/setup-java@v3 with: From 7ddb9c2d0c8d80874d4d76c86d7b29bfd93eb5bf Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Thu, 18 Apr 2024 13:59:59 -0400 Subject: [PATCH 104/170] Update shiftleft.yml --- .github/workflows/shiftleft.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/shiftleft.yml b/.github/workflows/shiftleft.yml index bbfe30ed..a223e9e0 100644 --- a/.github/workflows/shiftleft.yml +++ b/.github/workflows/shiftleft.yml @@ -17,8 +17,10 @@ jobs: with: distribution: zulu java-version: 11.0.x + - name: Download ShiftLeft CLI - run: mvn clean install + run: mvn clean package + - name: Setup Java JDK v8 uses: actions/setup-java@v3 with: From deff31342539118c301389a39e1222bb89438ee9 Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Thu, 18 Apr 2024 14:07:33 -0400 Subject: [PATCH 105/170] Update SearchController.java --- .../controller/SearchController.java | 27 ++++++++++--------- 1 file changed, 15 insertions(+), 12 deletions(-) diff --git a/src/main/java/io/shiftleft/controller/SearchController.java b/src/main/java/io/shiftleft/controller/SearchController.java index abc5384a..faa40976 100644 --- a/src/main/java/io/shiftleft/controller/SearchController.java +++ b/src/main/java/io/shiftleft/controller/SearchController.java @@ -14,16 +14,19 @@ /** * Search login */ -@RequestMapping(value = "/search/user", method = RequestMethod.GET) -public String doGetSearch(@RequestParam String foo, HttpServletResponse response, HttpServletRequest request) { - java.lang.String message = ""; - try { - ExpressionParser parser = new SpelExpressionParser(); - Expression exp = parser.parseExpression(foo); - message = exp.getValue().toString(); - } catch (Exception ex) { - System.out.println(ex.getMessage()); - } - return message; - } +@Controller +public class SearchController { + + @RequestMapping(value = "/search/user", method = RequestMethod.GET) + public String doGetSearch(@RequestParam String foo, HttpServletResponse response, HttpServletRequest request) { + java.lang.Object message = new Object(); + try { + ExpressionParser parser = new SpelExpressionParser(); + Expression exp = parser.parseExpression(foo); + message = (Object) exp.getValue(); + } catch (Exception ex) { + System.out.println(ex.getMessage()); + } + return message.toString(); + } } From 627063c29fddf1e99abd25a8f36c22c2f503caf6 Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Thu, 18 Apr 2024 14:10:22 -0400 Subject: [PATCH 106/170] Update SearchController.java --- src/main/java/io/shiftleft/controller/SearchController.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/main/java/io/shiftleft/controller/SearchController.java b/src/main/java/io/shiftleft/controller/SearchController.java index faa40976..dc04ad6c 100644 --- a/src/main/java/io/shiftleft/controller/SearchController.java +++ b/src/main/java/io/shiftleft/controller/SearchController.java @@ -19,11 +19,11 @@ public class SearchController { @RequestMapping(value = "/search/user", method = RequestMethod.GET) public String doGetSearch(@RequestParam String foo, HttpServletResponse response, HttpServletRequest request) { - java.lang.Object message = new Object(); + java.lang.String message = ""; try { ExpressionParser parser = new SpelExpressionParser(); Expression exp = parser.parseExpression(foo); - message = (Object) exp.getValue(); + message = exp.getValue().toString(); } catch (Exception ex) { System.out.println(ex.getMessage()); } From 10d31a83e8acc03d85644a1d764f19f3e5c18c90 Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Thu, 18 Apr 2024 14:16:44 -0400 Subject: [PATCH 107/170] Update SearchController.java --- src/main/java/io/shiftleft/controller/SearchController.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/main/java/io/shiftleft/controller/SearchController.java b/src/main/java/io/shiftleft/controller/SearchController.java index dc04ad6c..faa40976 100644 --- a/src/main/java/io/shiftleft/controller/SearchController.java +++ b/src/main/java/io/shiftleft/controller/SearchController.java @@ -19,11 +19,11 @@ public class SearchController { @RequestMapping(value = "/search/user", method = RequestMethod.GET) public String doGetSearch(@RequestParam String foo, HttpServletResponse response, HttpServletRequest request) { - java.lang.String message = ""; + java.lang.Object message = new Object(); try { ExpressionParser parser = new SpelExpressionParser(); Expression exp = parser.parseExpression(foo); - message = exp.getValue().toString(); + message = (Object) exp.getValue(); } catch (Exception ex) { System.out.println(ex.getMessage()); } From 1249864ec2d04018422aeaf80094d4d07192b046 Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Mon, 22 Apr 2024 11:38:17 -0400 Subject: [PATCH 108/170] Create maven.sh --- maven.sh | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 maven.sh diff --git a/maven.sh b/maven.sh new file mode 100644 index 00000000..f0052646 --- /dev/null +++ b/maven.sh @@ -0,0 +1,16 @@ +mvn_version=${mvn_version:-3.8.5} +url="http://www.mirrorservice.org/sites/ftp.apache.org/maven/maven-3/${mvn_version}/binaries/apache-maven-${mvn_version}-bin.tar.gz" +install_dir="/opt/maven" + +mkdir ${install_dir} +curl -fsSL ${url} | tar zx --strip-components=1 -C ${install_dir} +cat << EOF > /etc/profile.d/maven.sh +#!/bin/sh +export MAVEN_HOME=${install_dir} +export M2_HOME=${install_dir} +export M2=${install_dir}/bin +export PATH=${install_dir}/bin:$PATH +EOF +source /etc/profile.d/maven.sh +echo maven installed to ${install_dir} +mvn --version From 9ab2c15b6277eedf882166c306f193720e7296bf Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Mon, 22 Apr 2024 11:46:47 -0400 Subject: [PATCH 109/170] Update maven.sh --- maven.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/maven.sh b/maven.sh index f0052646..b0a12425 100644 --- a/maven.sh +++ b/maven.sh @@ -14,3 +14,4 @@ EOF source /etc/profile.d/maven.sh echo maven installed to ${install_dir} mvn --version +mvn clean package From 0f710560578354211244febd74c992120d71c62b Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Sun, 12 May 2024 22:42:34 -0400 Subject: [PATCH 110/170] Update main.yml --- .github/workflows/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index bc91b52f..baeaa55f 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -30,8 +30,8 @@ jobs: run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})" id: extract_branch - name: NextGen Static Analysis - run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar - #run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --javasrc . + #run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app Qwiet-java-GHComp --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar + run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --javasrc . env: SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKENQ }} SHIFTLEFT_API_HOST: www.shiftleft.io From 4a301584877287ed750fec50d32d6b81ce5877cb Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Sun, 12 May 2024 22:43:14 -0400 Subject: [PATCH 111/170] Update main.yml --- .github/workflows/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index baeaa55f..f02fa21a 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -33,7 +33,7 @@ jobs: #run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app Qwiet-java-GHComp --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --javasrc . env: - SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKENQ }} + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} SHIFTLEFT_API_HOST: www.shiftleft.io SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 @@ -47,13 +47,13 @@ jobs: curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl - name: Validate Build Rules run: | - ${GITHUB_WORKSPACE}/sl check-analysis --app Qwiet-java-GH \ + ${GITHUB_WORKSPACE}/sl check-analysis --app Qwiet-java-GHComp \ --github-pr-number=${{github.event.number}} \ --github-pr-user=${{ github.repository_owner }} \ --github-pr-repo=${{ github.event.repository.name }} \ --github-token=${{ secrets.GITHUB_TOKEN }} env: - SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKENQ }} + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} SHIFTLEFT_API_HOST: www.shiftleft.io SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 From 23a9d3f452e945254ac7199095fa86fa0ddaf951 Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Sun, 12 May 2024 22:47:51 -0400 Subject: [PATCH 112/170] Update main.yml --- .github/workflows/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index f02fa21a..a3132000 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -30,8 +30,8 @@ jobs: run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})" id: extract_branch - name: NextGen Static Analysis - #run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app Qwiet-java-GHComp --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar - run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --javasrc . + run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app Qwiet-java-GHComp --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar + #run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --javasrc . env: SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} SHIFTLEFT_API_HOST: www.shiftleft.io From 5abb797c2a7f38acdc8e4877260c2e51ad03f578 Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Mon, 13 May 2024 21:19:27 -0400 Subject: [PATCH 113/170] Update main.yml --- .github/workflows/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index a3132000..f02fa21a 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -30,8 +30,8 @@ jobs: run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})" id: extract_branch - name: NextGen Static Analysis - run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app Qwiet-java-GHComp --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar - #run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --javasrc . + #run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app Qwiet-java-GHComp --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar + run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --javasrc . env: SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} SHIFTLEFT_API_HOST: www.shiftleft.io From 366ac7ddbb7d7e16a791314361390b907b040fde Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Mon, 13 May 2024 21:23:45 -0400 Subject: [PATCH 114/170] Update main.yml --- .github/workflows/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index f02fa21a..a3132000 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -30,8 +30,8 @@ jobs: run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})" id: extract_branch - name: NextGen Static Analysis - #run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app Qwiet-java-GHComp --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar - run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --javasrc . + run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app Qwiet-java-GHComp --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar + #run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --javasrc . env: SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} SHIFTLEFT_API_HOST: www.shiftleft.io From 55927e7329c970141552c85ffc6fac4ac7a5fe75 Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Thu, 23 May 2024 16:59:28 -0400 Subject: [PATCH 115/170] Update test.yml --- .github/workflows/test.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 22e5d392..ee7a493b 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -31,7 +31,9 @@ jobs: id: extract_branch - name: NextGen Static Analysis #run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar - run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --javasrc . + run: | + QWIET_EXTERNAL_SECRETS=true + ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --javasrc . env: SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} SHIFTLEFT_API_HOST: www.shiftleft.io From 2c4273538c8c863b9ba2ac19c6edf442a7a1f3c6 Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Thu, 23 May 2024 17:06:03 -0400 Subject: [PATCH 116/170] Update test.yml --- .github/workflows/test.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index ee7a493b..76601740 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -32,8 +32,7 @@ jobs: - name: NextGen Static Analysis #run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar run: | - QWIET_EXTERNAL_SECRETS=true - ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --javasrc . + QWIET_EXTERNAL_SECRETS=true ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --javasrc . env: SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} SHIFTLEFT_API_HOST: www.shiftleft.io From 349879d66a076312a5fda6d92697a2c629645761 Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Thu, 23 May 2024 17:13:26 -0400 Subject: [PATCH 117/170] Update test.yml --- .github/workflows/test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 76601740..e4fe0506 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -32,7 +32,7 @@ jobs: - name: NextGen Static Analysis #run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar run: | - QWIET_EXTERNAL_SECRETS=true ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --javasrc . + QWIET_ENABLE_MULTI_LANGUAGE_ANALYSIS=true QWIET_EXTERNAL_SECRETS=true ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --javasrc . env: SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} SHIFTLEFT_API_HOST: www.shiftleft.io From e130b7c524bc3c0142106b7860ac90b6fb8ecb8a Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Thu, 23 May 2024 17:18:27 -0400 Subject: [PATCH 118/170] Update test.yml --- .github/workflows/test.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index e4fe0506..2bfa2f06 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -20,8 +20,8 @@ jobs: uses: actions/setup-java@v1.4.3 with: java-version: 1.8 - - name: Package with maven - run: mvn clean package + #- name: Package with maven + # run: mvn clean package - name: Download ShiftLeft CLI run: | curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl @@ -32,7 +32,7 @@ jobs: - name: NextGen Static Analysis #run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar run: | - QWIET_ENABLE_MULTI_LANGUAGE_ANALYSIS=true QWIET_EXTERNAL_SECRETS=true ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --javasrc . + QWIET_EXTERNAL_SECRETS=true QWIET_ENABLE_MULTI_LANGUAGE_ANALYSIS=true ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --javasrc . env: SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} SHIFTLEFT_API_HOST: www.shiftleft.io From cf626d03896a37601a6f6e1f9cc79a0179060bf9 Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Thu, 23 May 2024 17:22:03 -0400 Subject: [PATCH 119/170] Update test.yml --- .github/workflows/test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 2bfa2f06..dab7c6c5 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -32,7 +32,7 @@ jobs: - name: NextGen Static Analysis #run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar run: | - QWIET_EXTERNAL_SECRETS=true QWIET_ENABLE_MULTI_LANGUAGE_ANALYSIS=true ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --javasrc . + QWIET_ENABLE_MULTI_LANGUAGE_ANALYSIS=true && QWIET_EXTERNAL_SECRETS=true ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --javasrc . env: SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} SHIFTLEFT_API_HOST: www.shiftleft.io From 8aeb0c14c1ab833d7fd9636350c9a6c6ad2ddf0f Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Thu, 23 May 2024 17:31:58 -0400 Subject: [PATCH 120/170] Update test.yml --- .github/workflows/test.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index dab7c6c5..39b3c6f9 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -32,7 +32,8 @@ jobs: - name: NextGen Static Analysis #run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar run: | - QWIET_ENABLE_MULTI_LANGUAGE_ANALYSIS=true && QWIET_EXTERNAL_SECRETS=true ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --javasrc . + export QWIET_ENABLE_MULTI_LANGUAGE_ANALYSIS=true + QWIET_EXTERNAL_SECRETS=true ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --javasrc . env: SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} SHIFTLEFT_API_HOST: www.shiftleft.io From 940732e6f49df49059084207fc1687e7979b69e7 Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Thu, 23 May 2024 17:37:35 -0400 Subject: [PATCH 121/170] Update test.yml --- .github/workflows/test.yml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 39b3c6f9..eddcccfc 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -29,11 +29,14 @@ jobs: shell: bash run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})" id: extract_branch + - name: pre NextGen Static Analysis + #run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar + run: export QWIET_ENABLE_MULTI_LANGUAGE_ANALYSIS=true + - name: NextGen Static Analysis #run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar run: | - export QWIET_ENABLE_MULTI_LANGUAGE_ANALYSIS=true - QWIET_EXTERNAL_SECRETS=true ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --javasrc . + QWIET_EXTERNAL_SECRETS=true ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} . env: SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} SHIFTLEFT_API_HOST: www.shiftleft.io From b79acc1ec9028bc00b90ce28456080348424b499 Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Thu, 23 May 2024 17:42:25 -0400 Subject: [PATCH 122/170] Update test.yml --- .github/workflows/test.yml | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index eddcccfc..ad4dc4f9 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -29,14 +29,10 @@ jobs: shell: bash run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})" id: extract_branch - - name: pre NextGen Static Analysis - #run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar - run: export QWIET_ENABLE_MULTI_LANGUAGE_ANALYSIS=true - - name: NextGen Static Analysis #run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar run: | - QWIET_EXTERNAL_SECRETS=true ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} . + QWIET_EXTERNAL_SECRETS=true ${GITHUB_WORKSPACE}/sl analyze --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} . env: SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} SHIFTLEFT_API_HOST: www.shiftleft.io From 41c19dd32be1b0da4b69897291cac0ba75216b3b Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Thu, 23 May 2024 17:47:13 -0400 Subject: [PATCH 123/170] Update test.yml --- .github/workflows/test.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index ad4dc4f9..46f574ba 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -30,9 +30,9 @@ jobs: run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})" id: extract_branch - name: NextGen Static Analysis - #run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar + #run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app Qwiet-java-GH-Secrets --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar run: | - QWIET_EXTERNAL_SECRETS=true ${GITHUB_WORKSPACE}/sl analyze --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} . + QWIET_EXTERNAL_SECRETS=true ${GITHUB_WORKSPACE}/sl analyze --app Qwiet-java-GH-Secrets --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} . env: SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} SHIFTLEFT_API_HOST: www.shiftleft.io @@ -48,7 +48,7 @@ jobs: curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl - name: Validate Build Rules run: | - ${GITHUB_WORKSPACE}/sl check-analysis --app Qwiet-java-GH \ + ${GITHUB_WORKSPACE}/sl check-analysis --app Qwiet-java-GH-Secrets \ --github-pr-number=${{github.event.number}} \ --github-pr-user=${{ github.repository_owner }} \ --github-pr-repo=${{ github.event.repository.name }} \ From 852f1775a82d273ac89185b930a07984e00ef83c Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Thu, 23 May 2024 17:56:48 -0400 Subject: [PATCH 124/170] Update test.yml --- .github/workflows/test.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 46f574ba..ad4dc4f9 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -30,9 +30,9 @@ jobs: run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})" id: extract_branch - name: NextGen Static Analysis - #run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app Qwiet-java-GH-Secrets --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar + #run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar run: | - QWIET_EXTERNAL_SECRETS=true ${GITHUB_WORKSPACE}/sl analyze --app Qwiet-java-GH-Secrets --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} . + QWIET_EXTERNAL_SECRETS=true ${GITHUB_WORKSPACE}/sl analyze --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} . env: SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} SHIFTLEFT_API_HOST: www.shiftleft.io @@ -48,7 +48,7 @@ jobs: curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl - name: Validate Build Rules run: | - ${GITHUB_WORKSPACE}/sl check-analysis --app Qwiet-java-GH-Secrets \ + ${GITHUB_WORKSPACE}/sl check-analysis --app Qwiet-java-GH \ --github-pr-number=${{github.event.number}} \ --github-pr-user=${{ github.repository_owner }} \ --github-pr-repo=${{ github.event.repository.name }} \ From 2a067ef7b03b62dd4404d016b9ac4962920c31c9 Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Mon, 27 May 2024 21:33:11 -0400 Subject: [PATCH 125/170] Update test.yml --- .github/workflows/test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index ad4dc4f9..db293543 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -32,7 +32,7 @@ jobs: - name: NextGen Static Analysis #run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar run: | - QWIET_EXTERNAL_SECRETS=true ${GITHUB_WORKSPACE}/sl analyze --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} . + QWIET_EXTERNAL_SECRETS=true QWIET_ENABLE_MULTI_LANGUAGE_ANALYSIS=true ${GITHUB_WORKSPACE}/sl analyze --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} . env: SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} SHIFTLEFT_API_HOST: www.shiftleft.io From b16e8d39b347298d39aaae1ec1fd9faf33b8ade5 Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Mon, 27 May 2024 21:41:06 -0400 Subject: [PATCH 126/170] Update test.yml --- .github/workflows/test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index db293543..790332ec 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -32,7 +32,7 @@ jobs: - name: NextGen Static Analysis #run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar run: | - QWIET_EXTERNAL_SECRETS=true QWIET_ENABLE_MULTI_LANGUAGE_ANALYSIS=true ${GITHUB_WORKSPACE}/sl analyze --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} . + QWIET_EXTERNAL_SECRETS=true QWIET_ENABLE_MULTI_LANGUAGE_ANALYSIS=true ${GITHUB_WORKSPACE}/sl analyze --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} env: SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} SHIFTLEFT_API_HOST: www.shiftleft.io From 8d7aea57b8ec5f5b8d21592b1a977e9539cf3e37 Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Thu, 30 May 2024 10:48:13 -0400 Subject: [PATCH 127/170] Update and rename main.yml to QwietPRBF.yml --- .github/workflows/{main.yml => QwietPRBF.yml} | 23 +++++++++++++++++++ 1 file changed, 23 insertions(+) rename .github/workflows/{main.yml => QwietPRBF.yml} (66%) diff --git a/.github/workflows/main.yml b/.github/workflows/QwietPRBF.yml similarity index 66% rename from .github/workflows/main.yml rename to .github/workflows/QwietPRBF.yml index a3132000..961f4158 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/QwietPRBF.yml @@ -37,6 +37,29 @@ jobs: SHIFTLEFT_API_HOST: www.shiftleft.io SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 + - name: Run Bestfix script to generate report + shell: bash + if: github.event_name == 'pull_request' + run: | + git clone https://github.com/gzttech/beautifulspoon.git + pip3 install beautifulspoon + git clone https://github.com/ShiftLeftSecurity/field-integrations.git + pip3 install -r field-integrations/shiftleft-utils/requirements.txt + python3 field-integrations/shiftleft-utils/bestfix.py -a ${{ github.event.repository.name }} -o $GITHUB_WORKSPACE/ngsast-bestfix-report.html + bspoon $GITHUB_WORKSPACE/ngsast-bestfix-report.html --select body > $GITHUB_WORKSPACE/qwiet.html + BESTFIX_OUTPUT=$(cat $GITHUB_WORKSPACE/ngsast-bestfix-report.html) + BESTFIX_BODY=$(jq -n --arg body "$BESTFIX_OUTPUT" '{body: $body}') + + url="https://api.github.com/repos/${{ github.repository_owner }}/${{ github.event.repository.name }}/issues/${{github.event.number}}/comments" + + curl -s -X POST \ + -H "Accept: application/vnd.github+json" \ + -H "Authorization: Bearer ${GH_API_TOKEN}" \ + -d "${BESTFIX_BODY}" \ + "${url}" + env: + GH_API_TOKEN: ${{ secrets.API_TOKEN }} + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} Build-Rules: runs-on: ubuntu-latest needs: NextGen-Static-Analysis From d62d78dce7c01a98e60966d56b4536af6870e4ae Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Thu, 30 May 2024 10:52:48 -0400 Subject: [PATCH 128/170] Create shiftleft.yml --- shiftleft.yml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 shiftleft.yml diff --git a/shiftleft.yml b/shiftleft.yml new file mode 100644 index 00000000..9258e2a1 --- /dev/null +++ b/shiftleft.yml @@ -0,0 +1,22 @@ +version: 2 # implies that check-analysis v2 should be used and therefore + # the --v2 flag can be omitted when running sl check-analysis +build_rules: +- id: Allow no critical findings + finding_types: + - vuln + severities: + - critical + threshold: 0 + options: + num_findings: 10 # Return 10 sast findings +- id: Allow one OSS or container finding + finding_types: + - oss_vuln + - container + threshold: 1 +- id: Allow no reachable OSS vulnerability + finding_types: + - oss_vuln + - container + options: + reachable: true From 567ad3e0b835c6b9a139ae0be1bae365042bf149 Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Thu, 30 May 2024 10:56:05 -0400 Subject: [PATCH 129/170] Update QwietPRBF.yml --- .github/workflows/QwietPRBF.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/QwietPRBF.yml b/.github/workflows/QwietPRBF.yml index 961f4158..5507ed64 100644 --- a/.github/workflows/QwietPRBF.yml +++ b/.github/workflows/QwietPRBF.yml @@ -20,8 +20,8 @@ jobs: uses: actions/setup-java@v1.4.3 with: java-version: 1.8 - - name: Package with maven - run: mvn clean package + #- name: Package with maven + # run: mvn clean package - name: Download ShiftLeft CLI run: | curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl From 3ddb870587540cdf22725899db69b16815f01634 Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Fri, 31 May 2024 13:01:36 -0400 Subject: [PATCH 130/170] Update QwietPRBF.yml --- .github/workflows/QwietPRBF.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/QwietPRBF.yml b/.github/workflows/QwietPRBF.yml index 5507ed64..9e863a2d 100644 --- a/.github/workflows/QwietPRBF.yml +++ b/.github/workflows/QwietPRBF.yml @@ -30,10 +30,10 @@ jobs: run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})" id: extract_branch - name: NextGen Static Analysis - run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app Qwiet-java-GHComp --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar - #run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --javasrc . + #run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar + run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --javasrc . env: - SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN_POC }} SHIFTLEFT_API_HOST: www.shiftleft.io SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 @@ -59,7 +59,7 @@ jobs: "${url}" env: GH_API_TOKEN: ${{ secrets.API_TOKEN }} - SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN_POC }} Build-Rules: runs-on: ubuntu-latest needs: NextGen-Static-Analysis @@ -76,7 +76,7 @@ jobs: --github-pr-repo=${{ github.event.repository.name }} \ --github-token=${{ secrets.GITHUB_TOKEN }} env: - SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN_POC }} SHIFTLEFT_API_HOST: www.shiftleft.io SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 From 47537ea68d4d6ee4855df512a8939af79564ed94 Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Tue, 4 Jun 2024 15:00:36 -0400 Subject: [PATCH 131/170] Update QwietPRBF.yml --- .github/workflows/QwietPRBF.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/QwietPRBF.yml b/.github/workflows/QwietPRBF.yml index 9e863a2d..21cfb1d7 100644 --- a/.github/workflows/QwietPRBF.yml +++ b/.github/workflows/QwietPRBF.yml @@ -33,7 +33,7 @@ jobs: #run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --javasrc . env: - SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN_POC }} + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} SHIFTLEFT_API_HOST: www.shiftleft.io SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 @@ -59,7 +59,7 @@ jobs: "${url}" env: GH_API_TOKEN: ${{ secrets.API_TOKEN }} - SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN_POC }} + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} Build-Rules: runs-on: ubuntu-latest needs: NextGen-Static-Analysis @@ -76,7 +76,7 @@ jobs: --github-pr-repo=${{ github.event.repository.name }} \ --github-token=${{ secrets.GITHUB_TOKEN }} env: - SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN_POC }} + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} SHIFTLEFT_API_HOST: www.shiftleft.io SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 From 7bfae29302a41b7b1d2fc2cc83e9221680e588ff Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Tue, 4 Jun 2024 15:02:55 -0400 Subject: [PATCH 132/170] Update QwietPRBF.yml --- .github/workflows/QwietPRBF.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/QwietPRBF.yml b/.github/workflows/QwietPRBF.yml index 21cfb1d7..2f4f0271 100644 --- a/.github/workflows/QwietPRBF.yml +++ b/.github/workflows/QwietPRBF.yml @@ -31,7 +31,7 @@ jobs: id: extract_branch - name: NextGen Static Analysis #run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar - run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --javasrc . + run: QWIET_ENABLE_MULTI_LANGUAGE_ANALYSIS=true ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --javasrc . env: SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} SHIFTLEFT_API_HOST: www.shiftleft.io From 35f2a7dee9b46f02921e19adf04191050e90bbc5 Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Mon, 1 Jul 2024 09:51:03 -0400 Subject: [PATCH 133/170] Update QwietPRBF.yml --- .github/workflows/QwietPRBF.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/QwietPRBF.yml b/.github/workflows/QwietPRBF.yml index 2f4f0271..76a72ae0 100644 --- a/.github/workflows/QwietPRBF.yml +++ b/.github/workflows/QwietPRBF.yml @@ -33,7 +33,7 @@ jobs: #run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar run: QWIET_ENABLE_MULTI_LANGUAGE_ANALYSIS=true ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --javasrc . env: - SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN_POC }} SHIFTLEFT_API_HOST: www.shiftleft.io SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 @@ -59,7 +59,7 @@ jobs: "${url}" env: GH_API_TOKEN: ${{ secrets.API_TOKEN }} - SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN_POC }} Build-Rules: runs-on: ubuntu-latest needs: NextGen-Static-Analysis From 018c3660139d6887b31b8b7bd6100a3609d6a8e6 Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Mon, 8 Jul 2024 12:48:07 -0400 Subject: [PATCH 134/170] Update QwietPRBF.yml --- .github/workflows/QwietPRBF.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/QwietPRBF.yml b/.github/workflows/QwietPRBF.yml index 76a72ae0..fb32fe37 100644 --- a/.github/workflows/QwietPRBF.yml +++ b/.github/workflows/QwietPRBF.yml @@ -31,7 +31,7 @@ jobs: id: extract_branch - name: NextGen Static Analysis #run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar - run: QWIET_ENABLE_MULTI_LANGUAGE_ANALYSIS=true ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --javasrc . + run: QWIET_ENABLE_MULTI_LANGUAGE_ANALYSIS=true ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwiet-java-GH --container 18fgsa/s3-resource --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --javasrc . env: SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN_POC }} SHIFTLEFT_API_HOST: www.shiftleft.io From c12e9ed372fc82ec1fba04b38ab09b970e8ae437 Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Fri, 12 Jul 2024 08:52:55 -0400 Subject: [PATCH 135/170] Update QwietPRBF.yml --- .github/workflows/QwietPRBF.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/QwietPRBF.yml b/.github/workflows/QwietPRBF.yml index fb32fe37..c3cba671 100644 --- a/.github/workflows/QwietPRBF.yml +++ b/.github/workflows/QwietPRBF.yml @@ -31,7 +31,7 @@ jobs: id: extract_branch - name: NextGen Static Analysis #run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar - run: QWIET_ENABLE_MULTI_LANGUAGE_ANALYSIS=true ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwiet-java-GH --container 18fgsa/s3-resource --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --javasrc . + run: QWIET_ENABLE_MULTI_LANGUAGE_ANALYSIS=true ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwiet-java-GH --container 18fgsa/s3-resource --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} env: SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN_POC }} SHIFTLEFT_API_HOST: www.shiftleft.io From 0ffaebddbc528830655afcec02135fe3eaa2a60a Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Fri, 12 Jul 2024 09:00:28 -0400 Subject: [PATCH 136/170] Update QwietPRBF.yml --- .github/workflows/QwietPRBF.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/QwietPRBF.yml b/.github/workflows/QwietPRBF.yml index c3cba671..fcd5516b 100644 --- a/.github/workflows/QwietPRBF.yml +++ b/.github/workflows/QwietPRBF.yml @@ -31,7 +31,7 @@ jobs: id: extract_branch - name: NextGen Static Analysis #run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar - run: QWIET_ENABLE_MULTI_LANGUAGE_ANALYSIS=true ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwiet-java-GH --container 18fgsa/s3-resource --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} + run: QWIET_ENABLE_MULTI_LANGUAGE_ANALYSIS=true ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app Qwiet-java-GH --container 18fgsa/s3-resource --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} env: SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN_POC }} SHIFTLEFT_API_HOST: www.shiftleft.io From 2a5823e2c62a5d8033c2516cb45b3f0c24de5652 Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Fri, 12 Jul 2024 09:04:54 -0400 Subject: [PATCH 137/170] Update QwietPRBF.yml --- .github/workflows/QwietPRBF.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/QwietPRBF.yml b/.github/workflows/QwietPRBF.yml index fcd5516b..1e29b98a 100644 --- a/.github/workflows/QwietPRBF.yml +++ b/.github/workflows/QwietPRBF.yml @@ -31,7 +31,8 @@ jobs: id: extract_branch - name: NextGen Static Analysis #run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar - run: QWIET_ENABLE_MULTI_LANGUAGE_ANALYSIS=true ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app Qwiet-java-GH --container 18fgsa/s3-resource --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} + #run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app Qwiet-java-GH --container 18fgsa/s3-resource --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} + run: QWIET_ENABLE_MULTI_LANGUAGE_ANALYSIS=true ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app Qwiet-Multi-GH --container 18fgsa/s3-resource --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} env: SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN_POC }} SHIFTLEFT_API_HOST: www.shiftleft.io From d8c2f498b79ae8fabeffca9c53f4c9e7c0c2d5e3 Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Fri, 12 Jul 2024 16:40:14 -0400 Subject: [PATCH 138/170] Update QwietPRBF.yml --- .github/workflows/QwietPRBF.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/QwietPRBF.yml b/.github/workflows/QwietPRBF.yml index 1e29b98a..8ecb7fd6 100644 --- a/.github/workflows/QwietPRBF.yml +++ b/.github/workflows/QwietPRBF.yml @@ -31,8 +31,8 @@ jobs: id: extract_branch - name: NextGen Static Analysis #run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar - #run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app Qwiet-java-GH --container 18fgsa/s3-resource --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} - run: QWIET_ENABLE_MULTI_LANGUAGE_ANALYSIS=true ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app Qwiet-Multi-GH --container 18fgsa/s3-resource --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} + run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app Qwiet-java-GH --container 18fgsa/s3-resource --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} + #run: QWIET_ENABLE_MULTI_LANGUAGE_ANALYSIS=true ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app Qwiet-Multi-GH --container 18fgsa/s3-resource --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} env: SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN_POC }} SHIFTLEFT_API_HOST: www.shiftleft.io From b78857bc10a88e2b2b0b1ef1c0f6e68dca6fe46c Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Fri, 12 Jul 2024 16:52:50 -0400 Subject: [PATCH 139/170] Update QwietPRBF.yml --- .github/workflows/QwietPRBF.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/QwietPRBF.yml b/.github/workflows/QwietPRBF.yml index 8ecb7fd6..a29ba34b 100644 --- a/.github/workflows/QwietPRBF.yml +++ b/.github/workflows/QwietPRBF.yml @@ -31,7 +31,7 @@ jobs: id: extract_branch - name: NextGen Static Analysis #run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar - run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app Qwiet-java-GH --container 18fgsa/s3-resource --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} + run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app Qwiet-javatoo-GH --container 18fgsa/s3-resource --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} #run: QWIET_ENABLE_MULTI_LANGUAGE_ANALYSIS=true ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app Qwiet-Multi-GH --container 18fgsa/s3-resource --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} env: SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN_POC }} From 70e851266670896586309caca594a99f1843eb09 Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Tue, 16 Jul 2024 10:30:26 -0400 Subject: [PATCH 140/170] Create AutofixPRnBR.yml --- .github/workflows/AutofixPRnBR.yml | 41 ++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100644 .github/workflows/AutofixPRnBR.yml diff --git a/.github/workflows/AutofixPRnBR.yml b/.github/workflows/AutofixPRnBR.yml new file mode 100644 index 00000000..05161a86 --- /dev/null +++ b/.github/workflows/AutofixPRnBR.yml @@ -0,0 +1,41 @@ + +--- +# This workflow integrates ShiftLeft NG SAST with GitHub +# Visit https://docs.shiftleft.io for help +name: QwietAFPRnBR + +on: + pull_request: + workflow_dispatch: + schedule: + # * is a special character in YAML so you have to quote this string + - cron: '0 11 * * 6' +jobs: + NextGen-Static-Analysis: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + # We are building this application with Java 11 + - name: Setup Java JDK + uses: actions/setup-java@v1.4.3 + with: + java-version: 1.8 + #- name: Package with maven + # run: mvn clean package + - name: Download ShiftLeft CLI + run: | + curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl + - name: Extract branch name + shell: bash + run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})" + id: extract_branch + - name: NextGen Static Analysis + #run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar + run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app Qwiet-java-GH --container 18fgsa/s3-resource --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} + #run: QWIET_ENABLE_MULTI_LANGUAGE_ANALYSIS=true ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app Qwiet-Multi-GH --container 18fgsa/s3-resource --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} + env: + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} + SHIFTLEFT_API_HOST: www.shiftleft.io + SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 + SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 + From d24a3c592d70fcb9e1a108b4a2b2424883ee059a Mon Sep 17 00:00:00 2001 From: ShiftLeft Date: Fri, 26 Jul 2024 09:22:15 -0400 Subject: [PATCH 141/170] adding ShiftLeft GitHub action --- .github/workflows/shiftleft.yml | 15 +++------------ 1 file changed, 3 insertions(+), 12 deletions(-) diff --git a/.github/workflows/shiftleft.yml b/.github/workflows/shiftleft.yml index a223e9e0..26556934 100644 --- a/.github/workflows/shiftleft.yml +++ b/.github/workflows/shiftleft.yml @@ -17,15 +17,6 @@ jobs: with: distribution: zulu java-version: 11.0.x - - - name: Download ShiftLeft CLI - run: mvn clean package - - - name: Setup Java JDK v8 - uses: actions/setup-java@v3 - with: - distribution: zulu - java-version: 8 - name: Download ShiftLeft CLI run: | @@ -35,9 +26,9 @@ jobs: run: | ${GITHUB_WORKSPACE}/sl --version ${GITHUB_WORKSPACE}/sl analyze --strict --wait \ - --app qwietAI-java-demo \ + --app shiftleft-java-demo \ --tag branch=${{ github.head_ref }} \ - --javasrc . + --javasrc --container 18fgsa/s3-resource . env: SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} SHIFTLEFT_API_HOST: www.shiftleft.io @@ -55,7 +46,7 @@ jobs: curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl - name: Validate Build Rules run: | - ${GITHUB_WORKSPACE}/sl check-analysis --app qwietAI-java-demo \ + ${GITHUB_WORKSPACE}/sl check-analysis --app shiftleft-java-demo \ --github-pr-number=${{github.event.number}} \ --github-pr-user=${{ github.repository_owner }} \ --github-pr-repo=${{ github.event.repository.name }} \ From f8609456a4e936fc2f88f0038fdb41e40b1b8f19 Mon Sep 17 00:00:00 2001 From: ShiftLeft Date: Fri, 26 Jul 2024 09:26:24 -0400 Subject: [PATCH 142/170] adding ShiftLeft GitHub action From 6546f2f06fc9446af9364d243c9877f557cc54e8 Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Tue, 6 Aug 2024 13:30:29 -0400 Subject: [PATCH 143/170] Update QwietPRBF.yml --- .github/workflows/QwietPRBF.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/QwietPRBF.yml b/.github/workflows/QwietPRBF.yml index a29ba34b..5a017650 100644 --- a/.github/workflows/QwietPRBF.yml +++ b/.github/workflows/QwietPRBF.yml @@ -17,7 +17,7 @@ jobs: - uses: actions/checkout@v3 # We are building this application with Java 11 - name: Setup Java JDK - uses: actions/setup-java@v1.4.3 + uses: actions/setup-java@v3 with: java-version: 1.8 #- name: Package with maven @@ -31,7 +31,7 @@ jobs: id: extract_branch - name: NextGen Static Analysis #run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar - run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app Qwiet-javatoo-GH --container 18fgsa/s3-resource --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} + run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app Qwiet-javagent-GH --container 18fgsa/s3-resource --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} #run: QWIET_ENABLE_MULTI_LANGUAGE_ANALYSIS=true ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app Qwiet-Multi-GH --container 18fgsa/s3-resource --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} env: SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN_POC }} @@ -71,7 +71,7 @@ jobs: curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl - name: Validate Build Rules run: | - ${GITHUB_WORKSPACE}/sl check-analysis --app Qwiet-java-GHComp \ + ${GITHUB_WORKSPACE}/sl check-analysis --app Qwiet-javagent-GH \ --github-pr-number=${{github.event.number}} \ --github-pr-user=${{ github.repository_owner }} \ --github-pr-repo=${{ github.event.repository.name }} \ From 5cd7a72c94627b5b050d35b18fac8a84a5b19813 Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Tue, 6 Aug 2024 13:32:16 -0400 Subject: [PATCH 144/170] Update QwietPRBF.yml --- .github/workflows/QwietPRBF.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/QwietPRBF.yml b/.github/workflows/QwietPRBF.yml index 5a017650..9ae7779f 100644 --- a/.github/workflows/QwietPRBF.yml +++ b/.github/workflows/QwietPRBF.yml @@ -17,9 +17,9 @@ jobs: - uses: actions/checkout@v3 # We are building this application with Java 11 - name: Setup Java JDK - uses: actions/setup-java@v3 with: - java-version: 1.8 + distribution: zulu + java-version: 11 #- name: Package with maven # run: mvn clean package - name: Download ShiftLeft CLI From 4a41ab8005b01628bdd30a8d118b3ef5089f55aa Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Tue, 6 Aug 2024 13:33:26 -0400 Subject: [PATCH 145/170] Update QwietPRBF.yml --- .github/workflows/QwietPRBF.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/QwietPRBF.yml b/.github/workflows/QwietPRBF.yml index 9ae7779f..37633a5a 100644 --- a/.github/workflows/QwietPRBF.yml +++ b/.github/workflows/QwietPRBF.yml @@ -17,6 +17,7 @@ jobs: - uses: actions/checkout@v3 # We are building this application with Java 11 - name: Setup Java JDK + uses: actions/setup-java@v3 with: distribution: zulu java-version: 11 From ea82258fcb31d895fa9b244332990e11db9e7ef7 Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Fri, 6 Sep 2024 22:59:13 -0400 Subject: [PATCH 146/170] Update QwietPRBF.yml --- .github/workflows/QwietPRBF.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/QwietPRBF.yml b/.github/workflows/QwietPRBF.yml index 37633a5a..d4995d09 100644 --- a/.github/workflows/QwietPRBF.yml +++ b/.github/workflows/QwietPRBF.yml @@ -32,7 +32,7 @@ jobs: id: extract_branch - name: NextGen Static Analysis #run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar - run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app Qwiet-javagent-GH --container 18fgsa/s3-resource --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} + run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app Qwiet-javafix --container 18fgsa/s3-resource --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} #run: QWIET_ENABLE_MULTI_LANGUAGE_ANALYSIS=true ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app Qwiet-Multi-GH --container 18fgsa/s3-resource --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} env: SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN_POC }} From 9e7680060aad809532c59aa57837c1ac0a9e2a7e Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Fri, 6 Sep 2024 23:00:58 -0400 Subject: [PATCH 147/170] Update QwietPRBF.yml --- .github/workflows/QwietPRBF.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/QwietPRBF.yml b/.github/workflows/QwietPRBF.yml index d4995d09..64a29a82 100644 --- a/.github/workflows/QwietPRBF.yml +++ b/.github/workflows/QwietPRBF.yml @@ -72,7 +72,7 @@ jobs: curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl - name: Validate Build Rules run: | - ${GITHUB_WORKSPACE}/sl check-analysis --app Qwiet-javagent-GH \ + ${GITHUB_WORKSPACE}/sl check-analysis --app Qwiet-javafix \ --github-pr-number=${{github.event.number}} \ --github-pr-user=${{ github.repository_owner }} \ --github-pr-repo=${{ github.event.repository.name }} \ From 2dce73191ad3b82b665fbefbcfb838107e2c57c5 Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Mon, 9 Sep 2024 11:49:37 -0400 Subject: [PATCH 148/170] Update QwietPRBF.yml --- .github/workflows/QwietPRBF.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/QwietPRBF.yml b/.github/workflows/QwietPRBF.yml index 64a29a82..1bf99c4f 100644 --- a/.github/workflows/QwietPRBF.yml +++ b/.github/workflows/QwietPRBF.yml @@ -32,7 +32,7 @@ jobs: id: extract_branch - name: NextGen Static Analysis #run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar - run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app Qwiet-javafix --container 18fgsa/s3-resource --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} + run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app Qwiet-javatoo --container 18fgsa/s3-resource --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} #run: QWIET_ENABLE_MULTI_LANGUAGE_ANALYSIS=true ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app Qwiet-Multi-GH --container 18fgsa/s3-resource --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} env: SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN_POC }} @@ -72,7 +72,7 @@ jobs: curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl - name: Validate Build Rules run: | - ${GITHUB_WORKSPACE}/sl check-analysis --app Qwiet-javafix \ + ${GITHUB_WORKSPACE}/sl check-analysis --app Qwiet-javatoo \ --github-pr-number=${{github.event.number}} \ --github-pr-user=${{ github.repository_owner }} \ --github-pr-repo=${{ github.event.repository.name }} \ From f246e75424c29a7650e8e4ee62747ad839114b79 Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Mon, 9 Sep 2024 12:01:52 -0400 Subject: [PATCH 149/170] Update CustomerController.java --- .../controller/CustomerController.java | 362 +----------------- 1 file changed, 14 insertions(+), 348 deletions(-) diff --git a/src/main/java/io/shiftleft/controller/CustomerController.java b/src/main/java/io/shiftleft/controller/CustomerController.java index 40e1c491..b13ba0d0 100644 --- a/src/main/java/io/shiftleft/controller/CustomerController.java +++ b/src/main/java/io/shiftleft/controller/CustomerController.java @@ -1,222 +1,6 @@ package io.shiftleft.controller; -import io.shiftleft.model.Account; -import io.shiftleft.model.Address; -import java.io.BufferedReader; -import java.io.BufferedWriter; -import java.io.File; -import java.io.FileInputStream; -import java.io.FileOutputStream; -import java.io.IOException; -import java.math.BigInteger; -import java.nio.charset.StandardCharsets; -import java.nio.file.Files; -import java.nio.file.Paths; -import java.security.MessageDigest; -import java.security.NoSuchAlgorithmException; -import java.util.Arrays; -import java.util.Base64; -import java.util.Date; -import java.util.HashSet; -import java.util.List; - -import java.util.Set; -import javax.annotation.PostConstruct; -import javax.servlet.http.HttpServletResponse; -import org.apache.commons.codec.digest.DigestUtils; -import org.apache.http.HttpHeaders; -import org.apache.http.auth.AuthenticationException; -import org.apache.http.auth.UsernamePasswordCredentials; -import org.apache.http.client.ClientProtocolException; -import org.apache.http.client.methods.CloseableHttpResponse; -import org.apache.http.client.methods.HttpPost; -import org.apache.http.entity.StringEntity; -import org.apache.http.impl.auth.BasicScheme; -import org.apache.http.impl.client.CloseableHttpClient; -import org.apache.http.impl.client.HttpClients; -import org.joda.time.DateTime; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.context.annotation.Configuration; -import org.springframework.context.annotation.PropertySource; -import org.springframework.core.env.Environment; -import org.springframework.core.io.ClassPathResource; -import org.springframework.http.HttpStatus; -import org.springframework.util.FileCopyUtils; -import org.springframework.web.bind.annotation.PathVariable; -import org.springframework.web.bind.annotation.RequestBody; -import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RequestMethod; -import org.springframework.web.bind.annotation.RequestParam; -import org.springframework.web.bind.annotation.RestController; -import org.springframework.web.context.request.WebRequest; - -import com.ulisesbocchio.jasyptspringboot.annotation.EnableEncryptableProperties; - -import io.shiftleft.data.DataLoader; -import io.shiftleft.exception.CustomerNotFoundException; -import io.shiftleft.exception.InvalidCustomerRequestException; -import io.shiftleft.model.Customer; -import io.shiftleft.repository.CustomerRepository; - -import org.springframework.web.util.HtmlUtils; - -/** - * Customer Controller exposes a series of RESTful endpoints - */ - -@Configuration -@EnableEncryptableProperties -@PropertySource({ "classpath:config/application-sfdc.properties" }) -@RestController -public class CustomerController { - - @Autowired - private CustomerRepository customerRepository; - - @Autowired - Environment env; - - private static Logger log = LoggerFactory.getLogger(CustomerController.class); - - @PostConstruct - public void init() { - log.info("Start Loading SalesForce Properties"); - log.info("Url is {}", env.getProperty("sfdc.url")); - log.info("UserName is {}", env.getProperty("sfdc.username")); - log.info("Password is {}", env.getProperty("sfdc.password")); - log.info("End Loading SalesForce Properties"); - } - - private void dispatchEventToSalesForce(String event) - throws ClientProtocolException, IOException, AuthenticationException { - CloseableHttpClient client = HttpClients.createDefault(); - HttpPost httpPost = new HttpPost(env.getProperty("sfdc.url")); - httpPost.setEntity(new StringEntity(event)); - UsernamePasswordCredentials creds = new UsernamePasswordCredentials(env.getProperty("sfdc.username"), - env.getProperty("sfdc.password")); - httpPost.addHeader(new BasicScheme().authenticate(creds, httpPost, null)); - - CloseableHttpResponse response = client.execute(httpPost); - log.info("Response from SFDC is {}", response.getStatusLine().getStatusCode()); - client.close(); - } - - /** - * Get customer using id. Returns HTTP 404 if customer not found - * - * @param customerId - * @return retrieved customer - */ - @RequestMapping(value = "/customers/{customerId}", method = RequestMethod.GET) - public Customer getCustomer(@PathVariable("customerId") Long customerId) { - - /* validate customer Id parameter */ - if (null == customerId) { - throw new InvalidCustomerRequestException(); - } - - Customer customer = customerRepository.findOne(customerId); - if (null == customer) { - throw new CustomerNotFoundException(); - } - - Account account = new Account(4242l,1234, "savings", 1, 0); - log.info("Account Data is {}", account); - log.info("Customer Data is {}", customer); - - try { - dispatchEventToSalesForce(String.format(" Customer %s Logged into SalesForce", customer)); - } catch (Exception e) { - log.error("Failed to Dispatch Event to SalesForce . Details {} ", e.getLocalizedMessage()); - - } - - return customer; - } - - /** - * Handler for / loads the index.tpl - * @param httpResponse - * @param request - * @return - * @throws IOException - */ - @RequestMapping(value = "/", method = RequestMethod.GET) - public String index(HttpServletResponse httpResponse, WebRequest request) throws IOException { - ClassPathResource cpr = new ClassPathResource("static/index.html"); - String ret = ""; - try { - byte[] bdata = FileCopyUtils.copyToByteArray(cpr.getInputStream()); - ret= new String(bdata, StandardCharsets.UTF_8); - } catch (IOException e) { - //LOG.warn("IOException", e); - } - return ret; - } - - /** - * Check if settings= is present in cookie - * @param request - * @return - */ - private boolean checkCookie(WebRequest request) throws Exception { - try { - return request.getHeader("Cookie").startsWith("settings="); - } - catch (Exception ex) - { - System.out.println(ex.getMessage()); - } - return false; - } - - /** - * restores the preferences on the filesystem - * - * @param httpResponse - * @param request - * @throws Exception - */ - @RequestMapping(value = "/loadSettings", method = RequestMethod.GET) - public void loadSettings(HttpServletResponse httpResponse, WebRequest request) throws Exception { - // get cookie values - if (!checkCookie(request)) { - httpResponse.getOutputStream().println("Error"); - throw new Exception("cookie is incorrect"); - } - String md5sum = request.getHeader("Cookie").substring("settings=".length(), 41); - ClassPathResource cpr = new ClassPathResource("static"); - File folder = new File(cpr.getPath()); - File[] listOfFiles = folder.listFiles(); - String filecontent = new String(); - for (File f : listOfFiles) { - // not efficient, i know - filecontent = new String(); - byte[] encoded = Files.readAllBytes(f.toPath()); - filecontent = new String(encoded, StandardCharsets.UTF_8); - if (filecontent.contains(md5sum)) { - // this will send me to the developer hell (if exists) - - // encode the file settings, md5sum is removed - String s = new String(Base64.getEncoder().encode(filecontent.replace(md5sum, "").getBytes())); - // setting the new cookie - httpResponse.setHeader("Cookie", "settings=" + s + "," + md5sum); - return; - } - } - } - - - /** - * Saves the preferences (screen resolution, language..) on the filesystem - * - * @param httpResponse - * @param request - * @throws Exception - */ - @RequestMapping(value = "/saveSettings", method = RequestMethod.GET) +@RequestMapping(value = "/saveSettings", method = RequestMethod.GET) public void saveSettings(HttpServletResponse httpResponse, WebRequest request) throws Exception { // "Settings" will be stored in a cookie // schema: base64(filename,value1,value2...), md5sum(base64(filename,value1,value2...)) @@ -228,8 +12,8 @@ public void saveSettings(HttpServletResponse httpResponse, WebRequest request) t String settingsCookie = request.getHeader("Cookie"); String[] cookie = settingsCookie.split(","); - if(cookie.length<2) { - httpResponse.getOutputStream().println("Malformed cookie"); +if(cookie.length<2) { + httpResponse.getOutputStream().println("Malformed cookie"); throw new Exception("cookie is incorrect"); } @@ -238,7 +22,7 @@ public void saveSettings(HttpServletResponse httpResponse, WebRequest request) t // Check md5sum String cookieMD5sum = cookie[1]; String calcMD5Sum = DigestUtils.md5Hex(base64txt); - if(!cookieMD5sum.equals(calcMD5Sum)) +if(!cookieMD5sum.equals(calcMD5Sum)) { httpResponse.getOutputStream().println("Wrong md5"); throw new Exception("Invalid MD5"); @@ -246,9 +30,17 @@ public void saveSettings(HttpServletResponse httpResponse, WebRequest request) t // Now we can store on filesystem String[] settings = new String(Base64.getDecoder().decode(base64txt)).split(","); - // storage will have ClassPathResource as basepath +// storage will have ClassPathResource as basepath ClassPathResource cpr = new ClassPathResource("./static/"); - File file = new File(cpr.getPath()+settings[0]); + + // Whitelist the filename to prevent directory traversal + String filename = settings[0]; + if(!filename.matches("[a-zA-Z0-9._-]+")) { + httpResponse.getOutputStream().println("Invalid filename"); + throw new Exception("Filename contains invalid characters"); + } + + File file = new File(cpr.getPath()+filename); if(!file.exists()) { file.getParentFile().mkdirs(); } @@ -262,129 +54,3 @@ public void saveSettings(HttpServletResponse httpResponse, WebRequest request) t fos.close(); httpResponse.getOutputStream().println("Settings Saved"); } - - /** - * Debug test for saving and reading a customer - * - * @param firstName String - * @param lastName String - * @param dateOfBirth String - * @param ssn String - * @param tin String - * @param phoneNumber String - * @param httpResponse - * @param request - * @return String - * @throws IOException - */ - @RequestMapping(value = "/debug", method = RequestMethod.GET) - public String debug(@RequestParam String customerId, - @RequestParam int clientId, - @RequestParam String firstName, - @RequestParam String lastName, - @RequestParam String dateOfBirth, - @RequestParam String ssn, - @RequestParam String socialSecurityNum, - @RequestParam String tin, - @RequestParam String phoneNumber, - HttpServletResponse httpResponse, - WebRequest request) throws IOException{ - - // empty for now, because we debug - Set accounts1 = new HashSet(); - //dateofbirth example -> "1982-01-10" - Customer customer1 = new Customer(customerId, clientId, firstName, lastName, DateTime.parse(dateOfBirth).toDate(), - ssn, socialSecurityNum, tin, phoneNumber, new Address("Debug str", - "", "Debug city", "CA", "12345"), - accounts1); - - customerRepository.save(customer1); - httpResponse.setStatus(HttpStatus.CREATED.value()); - httpResponse.setHeader("Location", String.format("%s/customers/%s", - request.getContextPath(), customer1.getId())); - - return customer1.toString().toLowerCase().replace("script",""); - } - - /** - * Debug test for saving and reading a customer - * - * @param firstName String - * @param httpResponse - * @param request - * @return void - * @throws IOException - */ - @RequestMapping(value = "/debugEscaped", method = RequestMethod.GET) - public void debugEscaped(@RequestParam String firstName, HttpServletResponse httpResponse, - WebRequest request) throws IOException{ - String escaped = HtmlUtils.htmlEscape(firstName); - System.out.println(escaped); - httpResponse.getOutputStream().println(escaped); - } - /** - * Gets all customers. - * - * @return the customers - */ - @RequestMapping(value = "/customers", method = RequestMethod.GET) - public List getCustomers() { - return (List) customerRepository.findAll(); - } - - /** - * Create a new customer and return in response with HTTP 201 - * - * @param the - * customer - * @return created customer - */ - @RequestMapping(value = { "/customers" }, method = { RequestMethod.POST }) - public Customer createCustomer(@RequestParam Customer customer, HttpServletResponse httpResponse, - WebRequest request) { - - Customer createdcustomer = null; - createdcustomer = customerRepository.save(customer); - httpResponse.setStatus(HttpStatus.CREATED.value()); - httpResponse.setHeader("Location", - String.format("%s/customers/%s", request.getContextPath(), customer.getId())); - - return createdcustomer; - } - - /** - * Update customer with given customer id. - * - * @param customer - * the customer - */ - @RequestMapping(value = { "/customers/{customerId}" }, method = { RequestMethod.PUT }) - public void updateCustomer(@RequestBody Customer customer, @PathVariable("customerId") Long customerId, - HttpServletResponse httpResponse) { - - if (!customerRepository.exists(customerId)) { - httpResponse.setStatus(HttpStatus.NOT_FOUND.value()); - } else { - customerRepository.save(customer); - httpResponse.setStatus(HttpStatus.NO_CONTENT.value()); - } - } - - /** - * Deletes the customer with given customer id if it exists and returns - * HTTP204. - * - * @param customerId - * the customer id - */ - @RequestMapping(value = "/customers/{customerId}", method = RequestMethod.DELETE) - public void removeCustomer(@PathVariable("customerId") Long customerId, HttpServletResponse httpResponse) { - - if (customerRepository.exists(customerId)) { - customerRepository.delete(customerId); - } - - httpResponse.setStatus(HttpStatus.NO_CONTENT.value()); - } - -} From 91f8871009cde1ba24814499da8b7f9eb2f92aa1 Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Mon, 9 Sep 2024 12:17:14 -0400 Subject: [PATCH 150/170] Fixing src/main/java/io/shiftleft/controller/SearchController.java for finding 7 --- .../io/shiftleft/controller/SearchController.java | 14 ++------------ 1 file changed, 2 insertions(+), 12 deletions(-) diff --git a/src/main/java/io/shiftleft/controller/SearchController.java b/src/main/java/io/shiftleft/controller/SearchController.java index faa40976..56f304e6 100644 --- a/src/main/java/io/shiftleft/controller/SearchController.java +++ b/src/main/java/io/shiftleft/controller/SearchController.java @@ -18,15 +18,5 @@ public class SearchController { @RequestMapping(value = "/search/user", method = RequestMethod.GET) - public String doGetSearch(@RequestParam String foo, HttpServletResponse response, HttpServletRequest request) { - java.lang.Object message = new Object(); - try { - ExpressionParser parser = new SpelExpressionParser(); - Expression exp = parser.parseExpression(foo); - message = (Object) exp.getValue(); - } catch (Exception ex) { - System.out.println(ex.getMessage()); - } - return message.toString(); - } -} + + From 9e2db7edc0614071ba8837d53289e689c62774d2 Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Mon, 9 Sep 2024 12:26:42 -0400 Subject: [PATCH 151/170] Update AdminController.java --- .../shiftleft/controller/AdminController.java | 87 ++++++++++--------- 1 file changed, 45 insertions(+), 42 deletions(-) diff --git a/src/main/java/io/shiftleft/controller/AdminController.java b/src/main/java/io/shiftleft/controller/AdminController.java index 296c2657..c42e2f7e 100644 --- a/src/main/java/io/shiftleft/controller/AdminController.java +++ b/src/main/java/io/shiftleft/controller/AdminController.java @@ -81,48 +81,51 @@ public String doGetPrintSecrets(@CookieValue(value = "auth", defaultValue = "not * @return redirect to company numbers * @throws Exception */ - @RequestMapping(value = "/admin/login", method = RequestMethod.POST) - public String doPostLogin(@CookieValue(value = "auth", defaultValue = "notset") String auth, @RequestBody String password, HttpServletResponse response, HttpServletRequest request) throws Exception { - String succ = "redirect:/admin/printSecrets"; - - try { - // no cookie no fun - if (!auth.equals("notset")) { - if(isAdmin(auth)) { - request.getSession().setAttribute("auth",auth); - return succ; - } - } - - // split password=value - String[] pass = password.split("="); - if(pass.length!=2) { - return fail; - } - // compare pass - if(pass[1] != null && pass[1].length()>0 && pass[1].equals("shiftleftsecret")) - { - AuthToken authToken = new AuthToken(AuthToken.ADMIN); - ByteArrayOutputStream bos = new ByteArrayOutputStream(); - ObjectOutputStream oos = new ObjectOutputStream(bos); - oos.writeObject(authToken); - String cookieValue = new String(Base64.getEncoder().encode(bos.toByteArray())); - response.addCookie(new Cookie("auth", cookieValue )); - - // cookie is lost after redirection - request.getSession().setAttribute("auth",cookieValue); - - return succ; - } - return fail; - } - catch (Exception ex) - { - ex.printStackTrace(); - // no succ == fail - return fail; - } - } +@RequestMapping(value = "/admin/login", method = RequestMethod.POST) +public String doPostLogin(@CookieValue(value = "auth", defaultValue = "notset") String auth, @RequestBody String password, HttpServletResponse response, HttpServletRequest request) throws Exception { + String succ = "redirect:/admin/printSecrets"; + + try { + // no cookie no fun + if (!auth.equals("notset")) { + if(isAdmin(auth)) { + request.getSession().setAttribute("auth",auth); + return succ; + } + } + + // split password=value + String[] pass = password.split("="); + if(pass.length!=2) { + return fail; + } + // compare pass + if(pass[1] != null && pass[1].length()>0 && pass[1].equals("shiftleftsecret")) + { + AuthToken authToken = new AuthToken(AuthToken.ADMIN); + ByteArrayOutputStream bos = new ByteArrayOutputStream(); + ObjectOutputStream oos = new ObjectOutputStream(bos); + oos.writeObject(authToken); + String cookieValue = new String(Base64.getEncoder().encode(bos.toByteArray())); + // Set HttpOnly flag to true + Cookie cookie = new Cookie("auth", cookieValue ); + cookie.setHttpOnly(true); + response.addCookie(cookie); + + // cookie is lost after redirection + request.getSession().setAttribute("auth",cookieValue); + + return succ; + } + return fail; + } + catch (Exception ex) + { + ex.printStackTrace(); + // no succ == fail + return fail; + } +} /** * Same as POST but just a redirect From 15419a2436c89f608c78a82d5ec87f4752213c68 Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Mon, 9 Sep 2024 22:36:54 -0400 Subject: [PATCH 152/170] Create poc.yml --- .github/workflows/poc.yml | 85 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 85 insertions(+) create mode 100644 .github/workflows/poc.yml diff --git a/.github/workflows/poc.yml b/.github/workflows/poc.yml new file mode 100644 index 00000000..fed003d7 --- /dev/null +++ b/.github/workflows/poc.yml @@ -0,0 +1,85 @@ + +--- +# This workflow integrates ShiftLeft NG SAST with GitHub +# Visit https://docs.shiftleft.io for help +name: QwietPoC + +on: + pull_request: + workflow_dispatch: + schedule: + # * is a special character in YAML so you have to quote this string + - cron: '0 11 * * 6' +jobs: + NextGen-Static-Analysis: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + # We are building this application with Java 11 + - name: Setup Java JDK + uses: actions/setup-java@v3 + with: + distribution: zulu + java-version: 11 + #- name: Package with maven + # run: mvn clean package + - name: Download ShiftLeft CLI + run: | + curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl + - name: Extract branch name + shell: bash + run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})" + id: extract_branch + - name: NextGen Static Analysis + #run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar + run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app QwietAI-Java-app --container 18fgsa/s3-resource --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} + #run: QWIET_ENABLE_MULTI_LANGUAGE_ANALYSIS=true ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app Qwiet-Multi-GH --container 18fgsa/s3-resource --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} + env: + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN_POC }} + SHIFTLEFT_API_HOST: www.shiftleft.io + SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 + SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 + - name: Run Bestfix script to generate report + shell: bash + if: github.event_name == 'pull_request' + run: | + git clone https://github.com/gzttech/beautifulspoon.git + pip3 install beautifulspoon + git clone https://github.com/ShiftLeftSecurity/field-integrations.git + pip3 install -r field-integrations/shiftleft-utils/requirements.txt + python3 field-integrations/shiftleft-utils/bestfix.py -a ${{ github.event.repository.name }} -o $GITHUB_WORKSPACE/ngsast-bestfix-report.html + bspoon $GITHUB_WORKSPACE/ngsast-bestfix-report.html --select body > $GITHUB_WORKSPACE/qwiet.html + BESTFIX_OUTPUT=$(cat $GITHUB_WORKSPACE/ngsast-bestfix-report.html) + BESTFIX_BODY=$(jq -n --arg body "$BESTFIX_OUTPUT" '{body: $body}') + + url="https://api.github.com/repos/${{ github.repository_owner }}/${{ github.event.repository.name }}/issues/${{github.event.number}}/comments" + + curl -s -X POST \ + -H "Accept: application/vnd.github+json" \ + -H "Authorization: Bearer ${GH_API_TOKEN}" \ + -d "${BESTFIX_BODY}" \ + "${url}" + env: + GH_API_TOKEN: ${{ secrets.API_TOKEN }} + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN_POC }} + Build-Rules: + runs-on: ubuntu-latest + needs: NextGen-Static-Analysis + steps: + - uses: actions/checkout@v3 + - name: Download ShiftLeft CLI + run: | + curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl + - name: Validate Build Rules + run: | + ${GITHUB_WORKSPACE}/sl check-analysis --app QwietAI-Java-app \ + --github-pr-number=${{github.event.number}} \ + --github-pr-user=${{ github.repository_owner }} \ + --github-pr-repo=${{ github.event.repository.name }} \ + --github-token=${{ secrets.GITHUB_TOKEN }} + env: + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} + SHIFTLEFT_API_HOST: www.shiftleft.io + SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 + SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 + From 1b4bd6d9668c73e1e6a60c4ec3c3fb774c01c989 Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Tue, 10 Sep 2024 09:10:15 -0400 Subject: [PATCH 153/170] Update AdminController.java --- .../shiftleft/controller/AdminController.java | 87 +++++++++---------- 1 file changed, 42 insertions(+), 45 deletions(-) diff --git a/src/main/java/io/shiftleft/controller/AdminController.java b/src/main/java/io/shiftleft/controller/AdminController.java index c42e2f7e..296c2657 100644 --- a/src/main/java/io/shiftleft/controller/AdminController.java +++ b/src/main/java/io/shiftleft/controller/AdminController.java @@ -81,51 +81,48 @@ public String doGetPrintSecrets(@CookieValue(value = "auth", defaultValue = "not * @return redirect to company numbers * @throws Exception */ -@RequestMapping(value = "/admin/login", method = RequestMethod.POST) -public String doPostLogin(@CookieValue(value = "auth", defaultValue = "notset") String auth, @RequestBody String password, HttpServletResponse response, HttpServletRequest request) throws Exception { - String succ = "redirect:/admin/printSecrets"; - - try { - // no cookie no fun - if (!auth.equals("notset")) { - if(isAdmin(auth)) { - request.getSession().setAttribute("auth",auth); - return succ; - } - } - - // split password=value - String[] pass = password.split("="); - if(pass.length!=2) { - return fail; - } - // compare pass - if(pass[1] != null && pass[1].length()>0 && pass[1].equals("shiftleftsecret")) - { - AuthToken authToken = new AuthToken(AuthToken.ADMIN); - ByteArrayOutputStream bos = new ByteArrayOutputStream(); - ObjectOutputStream oos = new ObjectOutputStream(bos); - oos.writeObject(authToken); - String cookieValue = new String(Base64.getEncoder().encode(bos.toByteArray())); - // Set HttpOnly flag to true - Cookie cookie = new Cookie("auth", cookieValue ); - cookie.setHttpOnly(true); - response.addCookie(cookie); - - // cookie is lost after redirection - request.getSession().setAttribute("auth",cookieValue); - - return succ; - } - return fail; - } - catch (Exception ex) - { - ex.printStackTrace(); - // no succ == fail - return fail; - } -} + @RequestMapping(value = "/admin/login", method = RequestMethod.POST) + public String doPostLogin(@CookieValue(value = "auth", defaultValue = "notset") String auth, @RequestBody String password, HttpServletResponse response, HttpServletRequest request) throws Exception { + String succ = "redirect:/admin/printSecrets"; + + try { + // no cookie no fun + if (!auth.equals("notset")) { + if(isAdmin(auth)) { + request.getSession().setAttribute("auth",auth); + return succ; + } + } + + // split password=value + String[] pass = password.split("="); + if(pass.length!=2) { + return fail; + } + // compare pass + if(pass[1] != null && pass[1].length()>0 && pass[1].equals("shiftleftsecret")) + { + AuthToken authToken = new AuthToken(AuthToken.ADMIN); + ByteArrayOutputStream bos = new ByteArrayOutputStream(); + ObjectOutputStream oos = new ObjectOutputStream(bos); + oos.writeObject(authToken); + String cookieValue = new String(Base64.getEncoder().encode(bos.toByteArray())); + response.addCookie(new Cookie("auth", cookieValue )); + + // cookie is lost after redirection + request.getSession().setAttribute("auth",cookieValue); + + return succ; + } + return fail; + } + catch (Exception ex) + { + ex.printStackTrace(); + // no succ == fail + return fail; + } + } /** * Same as POST but just a redirect From bd17acf061e4e61b4309138b7d0144d1481a3124 Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Tue, 10 Sep 2024 09:10:51 -0400 Subject: [PATCH 154/170] Update SearchController.java --- .../io/shiftleft/controller/SearchController.java | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/src/main/java/io/shiftleft/controller/SearchController.java b/src/main/java/io/shiftleft/controller/SearchController.java index 56f304e6..faa40976 100644 --- a/src/main/java/io/shiftleft/controller/SearchController.java +++ b/src/main/java/io/shiftleft/controller/SearchController.java @@ -18,5 +18,15 @@ public class SearchController { @RequestMapping(value = "/search/user", method = RequestMethod.GET) - - + public String doGetSearch(@RequestParam String foo, HttpServletResponse response, HttpServletRequest request) { + java.lang.Object message = new Object(); + try { + ExpressionParser parser = new SpelExpressionParser(); + Expression exp = parser.parseExpression(foo); + message = (Object) exp.getValue(); + } catch (Exception ex) { + System.out.println(ex.getMessage()); + } + return message.toString(); + } +} From 06bd2b47918f4fc78405a8371567430b66ddd229 Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Tue, 10 Sep 2024 09:32:57 -0400 Subject: [PATCH 155/170] Update poc.yml --- .github/workflows/poc.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/poc.yml b/.github/workflows/poc.yml index fed003d7..4eba15a3 100644 --- a/.github/workflows/poc.yml +++ b/.github/workflows/poc.yml @@ -61,7 +61,7 @@ jobs: "${url}" env: GH_API_TOKEN: ${{ secrets.API_TOKEN }} - SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN_POC }} + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} Build-Rules: runs-on: ubuntu-latest needs: NextGen-Static-Analysis From d5771d07c4dfd746bdbd2350d722a30c7bfc76cf Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Tue, 10 Sep 2024 09:38:31 -0400 Subject: [PATCH 156/170] Update poc.yml --- .github/workflows/poc.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/poc.yml b/.github/workflows/poc.yml index 4eba15a3..e9b10a20 100644 --- a/.github/workflows/poc.yml +++ b/.github/workflows/poc.yml @@ -78,7 +78,7 @@ jobs: --github-pr-repo=${{ github.event.repository.name }} \ --github-token=${{ secrets.GITHUB_TOKEN }} env: - SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN_POC }} SHIFTLEFT_API_HOST: www.shiftleft.io SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 From 92462f2f9d7a7c9ddaf1a74e2bebe12d092b0bf5 Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Fri, 11 Oct 2024 10:20:18 -0400 Subject: [PATCH 157/170] Update poc.yml --- .github/workflows/poc.yml | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/.github/workflows/poc.yml b/.github/workflows/poc.yml index e9b10a20..dd75c2fa 100644 --- a/.github/workflows/poc.yml +++ b/.github/workflows/poc.yml @@ -62,6 +62,33 @@ jobs: env: GH_API_TOKEN: ${{ secrets.API_TOKEN }} SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} + - name: Download export.py and requirements.txt + run: | + curl -O https://raw.githubusercontent.com/ShiftLeftSecurity/field-integrations/master/shiftleft-utils/export.py + curl -O https://raw.githubusercontent.com/ShiftLeftSecurity/field-integrations/master/shiftleft-utils/config.py + curl -O https://raw.githubusercontent.com/ShiftLeftSecurity/field-integrations/master/shiftleft-utils/common.py + curl -O https://raw.githubusercontent.com/ShiftLeftSecurity/field-integrations/master/shiftleft-utils/requirements.txt + - name: Verify export.py file exists + run: | + ls -la ${GITHUB_WORKSPACE} + + - name: Install Python dependencies + run: | + python3 -m pip install --upgrade pip + python3 -m pip install -r requirements.txt + + - name: Run export.py and generate SARIF report + run: | + #APP_NAME=${{ github.event.repository.name }} + python3 ${GITHUB_WORKSPACE}/export.py -f sarif -a QwietAI-Java-app + env: + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} + + - name: Upload SARIF file to GitHub Security Tab + uses: github/codeql-action/upload-sarif@v3 # Updated to v3 + with: + sarif_file: ./ngsast-report-QwietAI-java-app.sarif # Correct dynamic path for SARIF output + Build-Rules: runs-on: ubuntu-latest needs: NextGen-Static-Analysis From d188796d0b24c2a68149e21b3c91738547cc6fa3 Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Fri, 11 Oct 2024 10:25:21 -0400 Subject: [PATCH 158/170] Update poc.yml --- .github/workflows/poc.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/poc.yml b/.github/workflows/poc.yml index dd75c2fa..90546077 100644 --- a/.github/workflows/poc.yml +++ b/.github/workflows/poc.yml @@ -87,7 +87,7 @@ jobs: - name: Upload SARIF file to GitHub Security Tab uses: github/codeql-action/upload-sarif@v3 # Updated to v3 with: - sarif_file: ./ngsast-report-QwietAI-java-app.sarif # Correct dynamic path for SARIF output + sarif_file: ./ngsast-report-QwietAI-Java-app.sarif # Correct dynamic path for SARIF output Build-Rules: runs-on: ubuntu-latest From 5a891a24ca64816e70541585c5040f2f49fef037 Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Fri, 11 Oct 2024 10:39:48 -0400 Subject: [PATCH 159/170] Create codeql.yml --- .github/workflows/codeql.yml | 94 ++++++++++++++++++++++++++++++++++++ 1 file changed, 94 insertions(+) create mode 100644 .github/workflows/codeql.yml diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 00000000..2e039b82 --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,94 @@ +# For most projects, this workflow file will not need changing; you simply need +# to commit it to your repository. +# +# You may wish to alter this file to override the set of languages analyzed, +# or to provide custom queries or build logic. +# +# ******** NOTE ******** +# We have attempted to detect the languages in your repository. Please check +# the `language` matrix defined below to confirm you have the correct set of +# supported CodeQL languages. +# +name: "CodeQL Advanced" + +on: + push: + branches: [ "master" ] + pull_request: + branches: [ "master" ] + schedule: + - cron: '26 23 * * 1' + +jobs: + analyze: + name: Analyze (${{ matrix.language }}) + # Runner size impacts CodeQL analysis time. To learn more, please see: + # - https://gh.io/recommended-hardware-resources-for-running-codeql + # - https://gh.io/supported-runners-and-hardware-resources + # - https://gh.io/using-larger-runners (GitHub.com only) + # Consider using larger runners or machines with greater resources for possible analysis time improvements. + runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }} + permissions: + # required for all workflows + security-events: write + + # required to fetch internal or private CodeQL packs + packages: read + + # only required for workflows in private repositories + actions: read + contents: read + + strategy: + fail-fast: false + matrix: + include: + - language: java-kotlin + build-mode: none # This mode only analyzes Java. Set this to 'autobuild' or 'manual' to analyze Kotlin too. + - language: python + build-mode: none + # CodeQL supports the following values keywords for 'language': 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'swift' + # Use `c-cpp` to analyze code written in C, C++ or both + # Use 'java-kotlin' to analyze code written in Java, Kotlin or both + # Use 'javascript-typescript' to analyze code written in JavaScript, TypeScript or both + # To learn more about changing the languages that are analyzed or customizing the build mode for your analysis, + # see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning. + # If you are analyzing a compiled language, you can modify the 'build-mode' for that language to customize how + # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v3 + with: + languages: ${{ matrix.language }} + build-mode: ${{ matrix.build-mode }} + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. + + # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs + # queries: security-extended,security-and-quality + + # If the analyze step fails for one of the languages you are analyzing with + # "We were unable to automatically build your code", modify the matrix above + # to set the build mode to "manual" for that language. Then modify this step + # to build your code. + # ℹī¸ Command-line programs to run using the OS shell. + # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun + - if: matrix.build-mode == 'manual' + shell: bash + run: | + echo 'If you are using a "manual" build mode for one or more of the' \ + 'languages you are analyzing, replace this with the commands to build' \ + 'your code, for example:' + echo ' make bootstrap' + echo ' make release' + exit 1 + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v3 + with: + category: "/language:${{matrix.language}}" From e4a7b337bcc640103bd6395d1424e26c2e96844a Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Tue, 22 Oct 2024 11:06:08 -0400 Subject: [PATCH 160/170] Update poc.yml --- .github/workflows/poc.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/poc.yml b/.github/workflows/poc.yml index 90546077..ba384a1e 100644 --- a/.github/workflows/poc.yml +++ b/.github/workflows/poc.yml @@ -32,7 +32,7 @@ jobs: id: extract_branch - name: NextGen Static Analysis #run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar - run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app QwietAI-Java-app --container 18fgsa/s3-resource --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} + run: QWIET_EXTERNAL_SECRETS_ALL_FILES ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app QwietAI-Java-app --container 18fgsa/s3-resource --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} #run: QWIET_ENABLE_MULTI_LANGUAGE_ANALYSIS=true ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app Qwiet-Multi-GH --container 18fgsa/s3-resource --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} env: SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN_POC }} From 9632da4f1866ecb32137ca631a890e6dc6cf4fa4 Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Wed, 4 Dec 2024 12:27:28 -0500 Subject: [PATCH 161/170] Update poc.yml --- .github/workflows/poc.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/poc.yml b/.github/workflows/poc.yml index ba384a1e..90546077 100644 --- a/.github/workflows/poc.yml +++ b/.github/workflows/poc.yml @@ -32,7 +32,7 @@ jobs: id: extract_branch - name: NextGen Static Analysis #run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar - run: QWIET_EXTERNAL_SECRETS_ALL_FILES ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app QwietAI-Java-app --container 18fgsa/s3-resource --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} + run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app QwietAI-Java-app --container 18fgsa/s3-resource --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} #run: QWIET_ENABLE_MULTI_LANGUAGE_ANALYSIS=true ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app Qwiet-Multi-GH --container 18fgsa/s3-resource --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} env: SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN_POC }} From 6c01f9b983628fee5c46472175c6151c12d0bde9 Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Thu, 19 Dec 2024 16:41:26 -0500 Subject: [PATCH 162/170] Update poc.yml --- .github/workflows/poc.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/poc.yml b/.github/workflows/poc.yml index 90546077..94f8d205 100644 --- a/.github/workflows/poc.yml +++ b/.github/workflows/poc.yml @@ -32,7 +32,7 @@ jobs: id: extract_branch - name: NextGen Static Analysis #run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar - run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app QwietAI-Java-app --container 18fgsa/s3-resource --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} + run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app QwietAI-java-GH --container 18fgsa/s3-resource --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} #run: QWIET_ENABLE_MULTI_LANGUAGE_ANALYSIS=true ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app Qwiet-Multi-GH --container 18fgsa/s3-resource --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} env: SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN_POC }} From e69b2e6a418b3578d85882865e388fec5b503b2d Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Thu, 19 Dec 2024 17:31:54 -0500 Subject: [PATCH 163/170] Update poc.yml --- .github/workflows/poc.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/poc.yml b/.github/workflows/poc.yml index 94f8d205..0d8b5cf4 100644 --- a/.github/workflows/poc.yml +++ b/.github/workflows/poc.yml @@ -61,7 +61,7 @@ jobs: "${url}" env: GH_API_TOKEN: ${{ secrets.API_TOKEN }} - SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN_POC }} - name: Download export.py and requirements.txt run: | curl -O https://raw.githubusercontent.com/ShiftLeftSecurity/field-integrations/master/shiftleft-utils/export.py @@ -82,7 +82,7 @@ jobs: #APP_NAME=${{ github.event.repository.name }} python3 ${GITHUB_WORKSPACE}/export.py -f sarif -a QwietAI-Java-app env: - SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN_POC }} - name: Upload SARIF file to GitHub Security Tab uses: github/codeql-action/upload-sarif@v3 # Updated to v3 From 6fc03504b78068d9eb4b62527831713cae71a1fa Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Mon, 23 Dec 2024 14:54:32 -0500 Subject: [PATCH 164/170] Create TestSecTab.yml --- .github/workflows/TestSecTab.yml | 68 ++++++++++++++++++++++++++++++++ 1 file changed, 68 insertions(+) create mode 100644 .github/workflows/TestSecTab.yml diff --git a/.github/workflows/TestSecTab.yml b/.github/workflows/TestSecTab.yml new file mode 100644 index 00000000..cd986e2b --- /dev/null +++ b/.github/workflows/TestSecTab.yml @@ -0,0 +1,68 @@ +# This workflow integrates QwietAI preZero SAST with GitHub and exports SARIF results to the Security Tab +name: QwietAFPRnBR2 + +on: + pull_request: + workflow_dispatch: + schedule: + # * is a special character in YAML so you have to quote this string + - cron: '0 11 * * 6' + +permissions: + security-events: write # Ensure proper permissions to upload SARIF results + +jobs: + QwietAI-preZero-Analysis: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + + - name: Setup Java JDK v8 + uses: actions/setup-java@v3 + with: + distribution: zulu + java-version: 8 + + - name: Download QwietAI CLI + run: | + curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl + + - name: Extract branch name + shell: bash + run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})" + id: extract_branch + + - name: QwietAI preZero Analysis + run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --container 18fgsa/s3-resource --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --javasrc . -- --exclude common.py,export2.py,export3.py,export4.py + env: + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} + SHIFTLEFT_API_HOST: www.shiftleft.io + SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 + SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 + + - name: Download export.py and requirements.txt + run: | + curl -O https://raw.githubusercontent.com/ShiftLeftSecurity/field-integrations/master/shiftleft-utils/export.py + curl -O https://raw.githubusercontent.com/ShiftLeftSecurity/field-integrations/master/shiftleft-utils/config.py + curl -O https://raw.githubusercontent.com/ShiftLeftSecurity/field-integrations/master/shiftleft-utils/common.py + curl -O https://raw.githubusercontent.com/ShiftLeftSecurity/field-integrations/master/shiftleft-utils/requirements.txt + - name: Verify export.py file exists + run: | + ls -la ${GITHUB_WORKSPACE} + + - name: Install Python dependencies + run: | + python3 -m pip install --upgrade pip + python3 -m pip install -r requirements.txt + + - name: Run export.py and generate SARIF report + run: | + #APP_NAME=${{ github.event.repository.name }} + python3 ${GITHUB_WORKSPACE}/export.py -f sarif -a SECTAB + env: + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} + + - name: Upload SARIF file to GitHub Security Tab + uses: github/codeql-action/upload-sarif@v3 # Updated to v3 + with: + sarif_file: ./ngsast-report-SECTAB.sarif # Correct dynamic path for SARIF output From 1ac0f44c4c3292963b55f700a9c8abd5f7e94f6d Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Mon, 23 Dec 2024 14:56:59 -0500 Subject: [PATCH 165/170] Update TestSecTab.yml --- .github/workflows/TestSecTab.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/TestSecTab.yml b/.github/workflows/TestSecTab.yml index cd986e2b..281d6b59 100644 --- a/.github/workflows/TestSecTab.yml +++ b/.github/workflows/TestSecTab.yml @@ -33,7 +33,7 @@ jobs: id: extract_branch - name: QwietAI preZero Analysis - run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --container 18fgsa/s3-resource --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --javasrc . -- --exclude common.py,export2.py,export3.py,export4.py + run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwietjavatab --verbose --container 18fgsa/s3-resource --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --javasrc . -- --exclude common.py,export2.py,export3.py,export4.py env: SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} SHIFTLEFT_API_HOST: www.shiftleft.io @@ -58,11 +58,11 @@ jobs: - name: Run export.py and generate SARIF report run: | #APP_NAME=${{ github.event.repository.name }} - python3 ${GITHUB_WORKSPACE}/export.py -f sarif -a SECTAB + python3 ${GITHUB_WORKSPACE}/export.py -f sarif -a Qwietjavatab env: SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} - name: Upload SARIF file to GitHub Security Tab uses: github/codeql-action/upload-sarif@v3 # Updated to v3 with: - sarif_file: ./ngsast-report-SECTAB.sarif # Correct dynamic path for SARIF output + sarif_file: ./ngsast-report-Qwietjavatab.sarif # Correct dynamic path for SARIF output From 4cbb4b16b3ee1db18e3bccb5934bd3f68bffc4ab Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Mon, 23 Dec 2024 15:08:30 -0500 Subject: [PATCH 166/170] Update TestSecTab.yml --- .github/workflows/TestSecTab.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/TestSecTab.yml b/.github/workflows/TestSecTab.yml index 281d6b59..d5095ad5 100644 --- a/.github/workflows/TestSecTab.yml +++ b/.github/workflows/TestSecTab.yml @@ -33,7 +33,7 @@ jobs: id: extract_branch - name: QwietAI preZero Analysis - run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwietjavatab --verbose --container 18fgsa/s3-resource --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --javasrc . -- --exclude common.py,export2.py,export3.py,export4.py + run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app Qwietjavatab --verbose --container 18fgsa/s3-resource --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} . -- --exclude common.py,export2.py,export3.py,export4.py env: SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} SHIFTLEFT_API_HOST: www.shiftleft.io From 204929a12769fe6963d348e4b330bd56c492a589 Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Thu, 26 Dec 2024 17:32:13 -0500 Subject: [PATCH 167/170] Update poc.yml --- .github/workflows/poc.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/poc.yml b/.github/workflows/poc.yml index 0d8b5cf4..c72048ee 100644 --- a/.github/workflows/poc.yml +++ b/.github/workflows/poc.yml @@ -32,7 +32,7 @@ jobs: id: extract_branch - name: NextGen Static Analysis #run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app Qwiet-java-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar - run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app QwietAI-java-GH --container 18fgsa/s3-resource --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} + run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app QwietAI-MultiLang --container 18fgsa/s3-resource --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} #run: QWIET_ENABLE_MULTI_LANGUAGE_ANALYSIS=true ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app Qwiet-Multi-GH --container 18fgsa/s3-resource --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} env: SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN_POC }} From 6f400dbff931c2b5a35a07ed80e5262546af1441 Mon Sep 17 00:00:00 2001 From: ShiftLeft Date: Fri, 27 Dec 2024 10:28:37 -0500 Subject: [PATCH 168/170] adding ShiftLeft GitHub action From c8fb8d40a79632d9a8de59a92953626c7c3515c3 Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Fri, 3 Jan 2025 09:25:35 -0500 Subject: [PATCH 169/170] Update poc.yml --- .github/workflows/poc.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/poc.yml b/.github/workflows/poc.yml index c72048ee..594c89e4 100644 --- a/.github/workflows/poc.yml +++ b/.github/workflows/poc.yml @@ -80,14 +80,14 @@ jobs: - name: Run export.py and generate SARIF report run: | #APP_NAME=${{ github.event.repository.name }} - python3 ${GITHUB_WORKSPACE}/export.py -f sarif -a QwietAI-Java-app + python3 ${GITHUB_WORKSPACE}/export.py -f sarif -a QwietAI-MultiLang env: SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN_POC }} - name: Upload SARIF file to GitHub Security Tab uses: github/codeql-action/upload-sarif@v3 # Updated to v3 with: - sarif_file: ./ngsast-report-QwietAI-Java-app.sarif # Correct dynamic path for SARIF output + sarif_file: ./ngsast-report-QwietAI-MultiLang.sarif # Correct dynamic path for SARIF output Build-Rules: runs-on: ubuntu-latest @@ -99,7 +99,7 @@ jobs: curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl - name: Validate Build Rules run: | - ${GITHUB_WORKSPACE}/sl check-analysis --app QwietAI-Java-app \ + ${GITHUB_WORKSPACE}/sl check-analysis --app QwietAI-MultiLang \ --github-pr-number=${{github.event.number}} \ --github-pr-user=${{ github.repository_owner }} \ --github-pr-repo=${{ github.event.repository.name }} \ From 9d0cb9c2f8c00acf2ffbc789aa0d9382c84c1186 Mon Sep 17 00:00:00 2001 From: Magno Gomes <117935539+ongamse@users.noreply.github.com> Date: Fri, 3 Jan 2025 09:27:34 -0500 Subject: [PATCH 170/170] Delete .github/workflows/codeql.yml --- .github/workflows/codeql.yml | 94 ------------------------------------ 1 file changed, 94 deletions(-) delete mode 100644 .github/workflows/codeql.yml diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml deleted file mode 100644 index 2e039b82..00000000 --- a/.github/workflows/codeql.yml +++ /dev/null @@ -1,94 +0,0 @@ -# For most projects, this workflow file will not need changing; you simply need -# to commit it to your repository. -# -# You may wish to alter this file to override the set of languages analyzed, -# or to provide custom queries or build logic. -# -# ******** NOTE ******** -# We have attempted to detect the languages in your repository. Please check -# the `language` matrix defined below to confirm you have the correct set of -# supported CodeQL languages. -# -name: "CodeQL Advanced" - -on: - push: - branches: [ "master" ] - pull_request: - branches: [ "master" ] - schedule: - - cron: '26 23 * * 1' - -jobs: - analyze: - name: Analyze (${{ matrix.language }}) - # Runner size impacts CodeQL analysis time. To learn more, please see: - # - https://gh.io/recommended-hardware-resources-for-running-codeql - # - https://gh.io/supported-runners-and-hardware-resources - # - https://gh.io/using-larger-runners (GitHub.com only) - # Consider using larger runners or machines with greater resources for possible analysis time improvements. - runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }} - permissions: - # required for all workflows - security-events: write - - # required to fetch internal or private CodeQL packs - packages: read - - # only required for workflows in private repositories - actions: read - contents: read - - strategy: - fail-fast: false - matrix: - include: - - language: java-kotlin - build-mode: none # This mode only analyzes Java. Set this to 'autobuild' or 'manual' to analyze Kotlin too. - - language: python - build-mode: none - # CodeQL supports the following values keywords for 'language': 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'swift' - # Use `c-cpp` to analyze code written in C, C++ or both - # Use 'java-kotlin' to analyze code written in Java, Kotlin or both - # Use 'javascript-typescript' to analyze code written in JavaScript, TypeScript or both - # To learn more about changing the languages that are analyzed or customizing the build mode for your analysis, - # see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning. - # If you are analyzing a compiled language, you can modify the 'build-mode' for that language to customize how - # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL - uses: github/codeql-action/init@v3 - with: - languages: ${{ matrix.language }} - build-mode: ${{ matrix.build-mode }} - # If you wish to specify custom queries, you can do so here or in a config file. - # By default, queries listed here will override any specified in a config file. - # Prefix the list here with "+" to use these queries and those in the config file. - - # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs - # queries: security-extended,security-and-quality - - # If the analyze step fails for one of the languages you are analyzing with - # "We were unable to automatically build your code", modify the matrix above - # to set the build mode to "manual" for that language. Then modify this step - # to build your code. - # ℹī¸ Command-line programs to run using the OS shell. - # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun - - if: matrix.build-mode == 'manual' - shell: bash - run: | - echo 'If you are using a "manual" build mode for one or more of the' \ - 'languages you are analyzing, replace this with the commands to build' \ - 'your code, for example:' - echo ' make bootstrap' - echo ' make release' - exit 1 - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3 - with: - category: "/language:${{matrix.language}}"