[Java] [GitHub Actions] Secure Pipelines Demo

Sample Secure Pipeline with GithHub Actions - Ideal for Open Source Projects

Setup

Add Snyk API Token in GitHub Repositority Secrets - SNYK_TOKEN
Add Git Guardian API Token for in GitHub Repositority Secrets - GITGUARDIAN_API_KEY

Step	Github Action	Open Source Alternative
Secrets Scanner	GitGuardian	truffleHog
SCA - Dependency Checker	snyk	OWASP Dependency Check
Static Code Analysis	Spot Bugs
Static Code Analysis	CodeQL
Container Scan	Anchore
Container Lint	Dockle
K8s Hardening	Dockle
License Checker	License finder
DAST	OWASP ZAP Basline Scan

Name		Name	Last commit message	Last commit date
Latest commit History 13 Commits
.github		.github
.mvn/wrapper		.mvn/wrapper
doc		doc
imgs		imgs
src		src
.gitignore		.gitignore
Dockerfile		Dockerfile
HELP.md		HELP.md
LICENSE		LICENSE
README.md		README.md
mvnw		mvnw
mvnw.cmd		mvnw.cmd
pod.yaml		pod.yaml
pom.xml		pom.xml