Skip to content

Latest commit

 

History

History
29 lines (21 loc) · 2.75 KB

README.md

File metadata and controls

29 lines (21 loc) · 2.75 KB
Raw

[Java] [GitHub Actions] Secure Pipelines Demo

Secure Pipeline Demo - Java

Sample Secure Pipeline with GithHub Actions - Ideal for Open Source Projects

Setup

  • Add Snyk API Token in GitHub Repositority Secrets - SNYK_TOKEN
  • Add Git Guardian API Token for in GitHub Repositority Secrets - GITGUARDIAN_API_KEY

Actions Used

Step Github Action Comments Open Source Alternative
Secrets Scanner GitGuardian truffleHog
SCA - Dependency Checker snyk OWASP Dependency Check
Static Code Analysis Spot Bugs
Static Code Analysis CodeQL
Container Scan Anchore
Container Lint Dockle
K8s Hardening Dockle
License Checker License finder
DAST OWASP ZAP Basline Scan

Pipeline

GitHub Pipeline