-
Notifications
You must be signed in to change notification settings - Fork 30
69 lines (56 loc) · 2.21 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
name: Prisma Cloud Shift Left demo
on: [ push,pull_request ]
jobs:
prisma_cloud_job:
runs-on: ubuntu-latest
name: Run Prisma Cloud steps
env:
TL_USER: ${{ secrets.TL_USER }}
TL_PASS: ${{ secrets.TL_PASS }}
TL_CONSOLE: ${{ secrets.TL_CONSOLE }}
BYPASS_REPOSCAN: 1
BYPASS_OSS_LICENSE: 1
BYPASS_IMAGESCAN: 1
BYPASS_WF: 1
BYPASS_SANDBOX: 1
steps:
- name: Checkout
uses: actions/checkout@v2
#- name: Check image Git dependencies has no vulnerabilities.
# run: bash ./files/checkGit.sh
- name: twistcli download
run: curl -s -k -u $TL_USER:$TL_PASS "https://$TL_CONSOLE/api/v1/util/twistcli" -v -o twistcli;chmod +x twistcli
- name: Repo Vulnerability scan
run: bash ./files/repoScan.sh
- name: OSS License Check
run: bash ./files/licenseCheck.sh
- name: Apply security policies (Policy-as-Code) for evilpetclinic
run: bash ./files/addPolicies.sh
- name: Image Sandbox analysis
run: bash ./files/sandbox.sh
- name: Scan Image for vulnerabilities
env:
JOB_NAME: github-actions
run: bash ./files/scanImage.sh
- name: Scan Image for Malware using Wildfire
run: bash ./files/malwareCheck.sh
- name: Run PC Code Security action
id: PCCS
uses: bridgecrewio/checkov-action@master
env:
PRISMA_API_URL: https://api.prismacloud.io
with:
directory: ./files
soft_fail: true # optional: do not return an error code if there are failed checks
api-key: ${{ secrets.BC_API_KEY }}
framework: all
quiet: false
output_format: cli # optional: the output format, one of: cli, json, junitxml, github_failed_only
download_external_modules: true
#log_level: WARNING # optional: set log level. Default WARNING
- name: Deploy evilpetclinic app
run: bash files/exec.sh deploy.sh
- name: Runtime attacks
run: bash files/exec.sh runtime_attacks.sh
- name: WAAS attacks
run: bash files/exec.sh waas_attacks.sh