Update complete-workflow.yml #18
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build code, run unit test, run SAST, SCA, DAST security scans | |
| on: push | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| name: Run unit tests and SAST scan on the source code | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up JDK 21 | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: '21' | |
| distribution: 'zulu' | |
| cache: maven | |
| - name: Build with Maven cloud | |
| run: mvn -B verify sonar:sonar -Dsonar.projectKey=dotnetgithubactionsproject -Dsonar.organization=dotnetgithubactionsorg -Dsonar.host.url=https://sonarcloud.io -Dsonar.token=$SONAR_TOKEN | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
| security: | |
| runs-on: ubuntu-latest | |
| needs: build | |
| name: Run the SCA scan on the source code | |
| steps: | |
| - uses: actions/checkout@master | |
| - name: RunSnyk to check for vulnerabilities | |
| uses: snyk/actions/maven@master | |
| continue-on-error: true | |
| env: | |
| SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | |
| zap_scan: | |
| runs-on: ubuntu-latest | |
| needs: security | |
| name: Run DAST scan on the web application | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v2 | |
| with: | |
| ref: master | |
| - name: ZAP Scan | |
| uses: zaproxy/[email protected] | |
| with: | |
| target: 'http://testphp.vulnweb.com/' | |
| rules_file_name: '.zap/rules.tsv' | |
| cmd_options: '-a' |