Merge pull request #8 from instriq/develop

New deploy workflow

.github/workflows/deploy-image.yml

@@ -16,16 +16,20 @@ jobs:
         uses: docker/setup-buildx-action@v3
 
       - name: Build Docker image
+        id: build
         run: |
-          docker build --file Dockerfile --tag ${{ github.repository }}:latest .
-          docker tag ${{ github.repository }}:latest docker.pkg.github.com/${{ github.repository }}/security-gate:latest
+          COMMIT_SHA=$(echo "${GITHUB_SHA}" | cut -c1-7)
+          docker build --file Dockerfile --tag ${{ github.repository }}:latest --tag ${{ github.repository }}:${COMMIT_SHA} .
+          echo "COMMIT_SHA=${COMMIT_SHA}" >> $GITHUB_ENV
 
       - name: Log in to GitHub Container Registry
         uses: docker/login-action@v3
         with:
-          registry: docker.pkg.github.com
+          registry: ghcr.io
           username: ${{ github.repository_owner }}
           password: ${{ secrets.LESIS_DEPLOY }}
 
       - name: Push Docker image to GitHub Container Registry
-        run: docker push docker.pkg.github.com/${{ github.repository }}/security-gate:latest
+        run: |
+          docker push ghcr.io/${{ github.repository }}/security-gate:latest
+          docker push ghcr.io/${{ github.repository }}/security-gate:${{ env.COMMIT_SHA }}

.github/workflows/docker-image.yml

@@ -2,9 +2,9 @@ name: Docker Image CI
 
 on:
   push:
-    branches: [ "master", "develop" ]
+    branches: [ "main", "develop" ]
   pull_request:
-    branches: [ "master", "develop" ]
+    branches: [ "main", "develop" ]
 
 jobs:
 

README.md

@@ -61,7 +61,10 @@ jobs:
         --critical $MAX_CRITICAL \
         --high $MAX_HIGH \
         --medium $MAX_MEDIUM \
-        --low $MAX_LOW
+        --low $MAX_LOW \
+        --dependency-alerts \
+        --code-alerts \
+        --secret-alerts 
 ```
 
 ---
@@ -89,9 +92,9 @@ Core Commands
         -h, --high             High severity limit
         -m, --medium           Medium severity limit
         -l, --low              Low severity limit
-        --dependency-alerts    Check for dependency alerts
-        --secret-alerts        Check for secret scanning alerts
-        --code-alerts          Check for code scanning alerts
+        --dependency-alerts    Check dependency alerts
+        --secret-alerts        Check secret scanning alerts
+        --code-alerts          Check code scanning alerts
 ```
 
 ---
@@ -100,7 +103,7 @@ Core Commands
 
 ```
 $ docker build -t security-gate .
-$ docker run -ti --rm security-gate -t <GITHUB_TOKEN> -r <organization/repository> --critical 1 --high 2 --medium 3 --low 5
+$ docker run -ti --rm security-gate -t <GITHUB_TOKEN> -r <organization/repository> --critical 1 --high 2 --medium 3 --low 5 --dependency-alerts --code-alerts --secret-alerts 
 ```
 
 ---

lib/SecurityGate/Utils/Helper.pm

@@ -15,9 +15,9 @@ package SecurityGate::Utils::Helper {
                 \r\t-h, --high             High severity limit
                 \r\t-m, --medium           Medium severity limit
                 \r\t-l, --low              Low severity limit
-                \r\t--dependency-alerts    Check for dependency alerts
-                \r\t--secret-alerts        Check for secret scanning alerts
-                \r\t--code-alerts          Check for code scanning alerts\n\n";
+                \r\t--dependency-alerts    Check dependency alerts
+                \r\t--secret-alerts        Check secret scanning alerts
+                \r\t--code-alerts          Check code scanning alerts\n\n";
 	}
 }