Java-Techie-jt · sdpktest · Oct 11, 2023 · Oct 18, 2023 · Oct 18, 2023 · Oct 18, 2023
diff --git a/.github/workflows/gitleaks.yml b/.github/workflows/gitleaks.yml
@@ -0,0 +1,28 @@
+name: GitLeaks Scan
+# testing sample DevOps with Git workflow
+on:
+  push:
+    branches:
+      - main  # Modify this to match your repository's main branch
+  pull_request:
+    branches: [ "main" ]    
+
+jobs:
+  gitleaks:
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v2
+
+    - name: Install GitLeaks
+      run: |
+        wget -q -O gitleaks.tar.gz https://github.com/gitleaks/gitleaks/releases/download/v8.18.0/gitleaks_8.18.0_linux_x64.tar.gz
+        ls -l
+        tar -xzvf gitleaks.tar.gz
+        chmod +x gitleaks
+        sudo mv gitleaks /usr/local/bin/
+
+    - name: Run GitLeaks
+      run: |
+        gitleaks detect --redact
diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml
@@ -0,0 +1,68 @@
+# This workflow will build a Java project with Maven, and cache/restore any dependencies to improve the workflow execution time
+# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-java-with-maven
+
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+name: Maven and SCA_SAST scan with DC and FindSecBug
+
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    branches: [ "main" ]
+
+jobs:
+  BuildWithGitHubActions:
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v3
+    - name: Set up JDK 17
+      uses: actions/setup-java@v3
+      with:
+        java-version: '17'
+        distribution: 'temurin'
+        cache: maven
+    - name: Build with Maven
+      run: mvn -B package --file pom.xml
+
+    - name: Download OWASP Dependency-Check
+      run: |
+       wget -q -O dependency-check-8.4.0-release.zip  https://github.com/jeremylong/DependencyCheck/releases/download/v8.4.0/dependency-check-8.4.0-release.zip
+       ls -l
+       unzip -qq dependency-check-8.4.0-release.zip   
+
+    - name: Run OWASP Dependency-Check
+      run: ./dependency-check/bin/dependency-check.sh --scan ./ --format HTML --project "Dependencychecker_DevOpsTest" --out ./report   
+
+    - name: Upload OWASP Dependency-Check Report
+      uses: actions/upload-artifact@v2
+      with:
+        name: dependency-check-report
+        path: ./report
+
+    - name: Download FindSecBugs   
+      run: |
+       wget -q -O findsecbugs-cli-1.12.0.zip https://github.com/find-sec-bugs/find-sec-bugs/releases/download/version-1.12.0/findsecbugs-cli-1.12.0.zip 
+       unzip -qq findsecbugs-cli-1.12.0.zip
+       chmod 755 findsecbugs.sh 
+       chmod +x findsecbugs.sh
+       ls -l
+
+
+    - name: Run FindSecBugs
+      run: ./findsecbugs.sh -progress -output findsecbugs-results.html -html target/*.jar
+
+    - name: Upload FindSecBugs Report
+      uses: actions/upload-artifact@v2
+      with:
+        name: findsecbugs-report
+        path: findsecbugs-results.html
+
+    # Optional: Uploads the full dependency graph to GitHub to improve the quality of Dependabot alerts this repository can receive
+    #- name: Update dependency graph
+    #  uses: advanced-security/maven-dependency-submission-action@571e99aab1055c2e71a1e2309b9691de18d6b7d6
diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,4 @@
 FROM openjdk:8
 EXPOSE 8080
 ADD target/devops-integration.jar devops-integration.jar
-ENTRYPOINT ["java","-jar","/devops-integration.jar"]
+ENTRYPOINT ["java","-jar","/devops-integration.jar"]  
diff --git a/Jenkinsfile b/Jenkinsfile
@@ -1,4 +1,4 @@
-pipeline {
+pipeline { 
     agent any
     tools{
         maven 'maven_3_5_0'
@@ -36,4 +36,4 @@ pipeline {
             }
         }
     }
-}
+}
diff --git a/pom.xml b/pom.xml
@@ -15,6 +15,9 @@
 	<description>Demo project for Spring Boot</description>
 	<properties>
 		<java.version>1.8</java.version>
+               <sonar.organization>sdpktest</sonar.organization>
+               <sonar.host.url>https://sonarcloud.io</sonar.host.url>
+
 	</properties>
 	<dependencies>
 		<dependency>

diff --git a/src/main/java/com/javatechie/DevopsIntegrationApplication.java b/src/main/java/com/javatechie/DevopsIntegrationApplication.java
@@ -1,10 +1,9 @@
 package com.javatechie;
-
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RestController;
-
+//testing
 @SpringBootApplication
 @RestController
 public class DevopsIntegrationApplication {

diff --git a/test2.java b/test2.java
@@ -0,0 +1 @@
+// testing