test

Signed-off-by: Rewant Soni <[email protected]>
rewantsoni · Apr 4, 2024 · 4bd4d24 · 4bd4d24
1 parent 224d681
commit 4bd4d24
Showing 1 changed file with 68 additions and 0 deletions.
diff --git a/.github/workflows/security.yaml b/.github/workflows/security.yaml
@@ -0,0 +1,68 @@
+name: Security Checks
+
+on:
+  push:
+    branches: ['*']
+  pull_request:
+    branches: ['*']
+
+jobs:
+  static_code_analysis:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v2
+      - name: Static Code Analysis
+        run: sonar-scanner
+      - name: Upload SonarQube Report
+        uses: actions/upload-artifact@v2
+        with:
+          name: sonarqube-report
+          path: sonarqube-report.txt
+
+  dependency_scanning:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v2
+      - name: Dependency Scanning
+        run: snyk test
+
+  container_scanning:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v2
+      - name: Container Image Scanning
+        run: trivy image --severity HIGH,CRITICAL mydockerimage:latest
+
+  dast_scan:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v2
+      - name: DAST Scan
+        run: zap-cli --start-scan --spider target_url --scan target_url --html-report zap-report.html
+
+  secret_detection:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v2
+      - name: Secret Detection
+        run: detect-secrets scan
+
+  security_linting:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v2
+      - name: Security Linting
+        run: bandit -r .
+
+  security_tests:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v2
+      - name: Security Tests