forked from drdavella/pygoat-defectdojo
-
Notifications
You must be signed in to change notification settings - Fork 0
52 lines (50 loc) · 1.85 KB
/
semgrep-to-dojo.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
name: semgrep-sast-scan-and-import-to-defectdojo
on:
push:
branches:
- master
pull_request:
branches:
- master
permissions:
contents: read
id-token: write
jobs:
semgrep-sast-scan-to-defectdojo:
name: semgrep sast scan
runs-on: ubuntu-latest
container:
image: returntocorp/semgrep
if: (github.actor != 'dependabot[bot]')
steps:
- name: checkout
uses: actions/checkout@v3
- name: semgrep scan
run: |
mkdir -p semgrep/results
semgrep --config auto --json --output=semgrep/results/semgrep.json
- name: import scan results into defectdojo
run: |
curl -X POST "${{ secrets.defectdojo_url }}/api/v2/import-scan/" \
-H "accept: application/json" \
-H "Content-Type: multipart/form-data" \
-H "Authorization: Token ${{ secrets.defectdojo_token }}" \
-F "scan_date=$(date +'%Y-%m-%d')" \
-F "scan_type=Semgrep JSON Report" \
-F "file=@semgrep/results/semgrep.json;type=application/json" \
-F "tags=github_actions,ci" \
-F "auto_create_context=true" \
-F "engagement_name=pygoat_ci_scan" \
-F "product_name=pygoat_demo" \
-F "product_type_name=typical_app" \
-F "source_code_management_uri=${{ github.server_url }}/${{ github.repository }}" \
-F "branch_tag=${{ github.ref }}" \
-F "commit_hash=${{ github.sha }}" \
-F "close_old_findings=true"
- name: Fix DefectDojo Findings with Pixeebot
uses: pixee/upload-tool-results-action@dca12668dd9cb999cd4a441e81ed67cb8d5d8b2d
with:
tool: defectdojo
defectdojo-token: ${{ secrets.DEFECTDOJO_TOKEN }}
defectdojo-api-url: ${{ secrets.DEFECTDOJO_URL }}
defectdojo-product-name: pygoat_demo