Skip to content

Commit

Permalink
Merge pull request #16 from instriq/develop
Browse files Browse the repository at this point in the history
add ci workflow files
  • Loading branch information
htrgouvea authored Dec 18, 2024
2 parents 92dccbf + 30c477f commit 6ccd5d9
Show file tree
Hide file tree
Showing 2 changed files with 50 additions and 0 deletions.
10 changes: 10 additions & 0 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
version: 2
updates:
- package-ecosystem: docker
directory: /
schedule:
interval: weekly
- package-ecosystem: github-actions
directory: /
schedule:
interval: weekly
40 changes: 40 additions & 0 deletions .github/workflows/security-gate.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
name: Security Gate - LESIS

on:
pull_request:
branches:
- master
- develop

permissions:
security-events: read
contents: read

jobs:
build:
runs-on: ubuntu-latest
env:
MAX_CRITICAL: 0
MAX_HIGH: 0
MAX_MEDIUM: 0
MAX_LOW: 0
GITHUB_TOKEN: ${{ secrets.TOKEN }}
steps:
- name: Checkout repository
uses: actions/checkout@v4

- name: Pull Docker image from GitHub Container Registry
run: docker pull ghcr.io/instriq/security-gate/security-gate:latest

- name: Verify security alerts from GHAS
run: |
docker run ghcr.io/instriq/security-gate/security-gate:latest \
-t "$GITHUB_TOKEN" \
-r "${{ github.repository }}" \
-c "$MAX_CRITICAL" \
-h "$MAX_HIGH" \
-m "$MAX_MEDIUM" \
-l "$MAX_LOW" \
--dependency-alerts \
--secret-alerts \
--code-alerts

0 comments on commit 6ccd5d9

Please sign in to comment.