Merge pull request #1 from petersnick/sast-start

Sast start

.github/workflows/integration.yml

@@ -2,7 +2,7 @@ name: Integration
 
 on:
   push:
-    branches: [ steven-demo-start ]
+    branches: [ sast-start ]
   pull_request:
     branches: [ development, main ]
     types: [opened, synchronize, reopened]   
@@ -27,32 +27,32 @@ jobs:
     - run: npm i
     - run: npm run build
 
-  sonarcloud:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v2
-      with:
-        # Disabling shallow clone is recommended for improving relevancy of reporting
-        fetch-depth: 0
-    - name: SonarCloud Scan
-      uses: sonarsource/sonarcloud-github-action@master
-      env:
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        SONAR_TOKEN: ${{ secrets.SONAR_CLOUD_DEMO }}
+sonarcloud:
+   runs-on: ubuntu-latest
+   steps:
+   - uses: actions/checkout@v2
+     with:
+       # Disabling shallow clone is recommended for improving relevancy of reporting
+       fetch-depth: 0
+   - name: SonarCloud Scan
+     uses: sonarsource/sonarcloud-github-action@master
+     env:
+       GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+       SONAR_TOKEN: ${{ secrets.SONAR_CLOUD_DEMO }}
 
-  security:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@master
-      - name: Run Snyk to check for vulnerabilities
-        uses: snyk/actions/node@master
-        continue-on-error: false
-        env:
-          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
-        with:
-          command: monitor
+#  security:
+ #   runs-on: ubuntu-latest
+ #   steps:
+ #     - uses: actions/checkout@master
+   #   - name: Run Snyk to check for vulnerabilities
+  #      uses: snyk/actions/node@master
+   #     continue-on-error: false
+   #     env:
+   #       SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+    #    with:
+   #       command: monitor
 
-  unit-tests:
+ unit-tests:
 
     runs-on: ubuntu-latest
 

.github/workflows/release.yml

@@ -13,4 +13,31 @@ jobs:
     - uses: actions/checkout@v3
     - run: docker build . -t ${{secrets.DOCKERHUB_USERNAME}}/nest-demo-app
     - run: echo "${{secrets.DOCKERHUB_PASSWORD}}" | docker login -u ${{secrets.DOCKERHUB_USERNAME}} --password-stdin
-    - run: docker push ${{secrets.DOCKERHUB_USERNAME}}/nest-demo-app
+    - run: docker push ${{secrets.DOCKERHUB_USERNAME}}/nest-demo-app
+
+
+ # snyk_image_scanning:    
+
+  #  runs-on: ubuntu-latest
+
+  #  steps:
+  #  - uses: actions/checkout@v2
+  #  - name: Build the Docker image
+ #     run: docker build -t ${{secrets.DOCKERHUB_USERNAME}}/nest-demo-app .
+ #   - name: Run Snyk to check Docker image for vulnerabilities
+ #     # Snyk can be used to break the build when it detects vulnerabilities.
+#      # In this case we want to upload the issues to GitHub Code Scanning
+#      continue-on-error: true
+#      uses: snyk/actions/docker@master
+#      env:
+#        # In order to use the Snyk Action you will need to have a Snyk API token.
+#        # More details in https://github.com/snyk/actions#getting-your-snyk-token
+#        # or you can signup for free at https://snyk.io/login
+#        SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+#      with:
+#        image: ${{secrets.DOCKERHUB_USERNAME}}/nest-demo-app
+#        args: --file=Dockerfile --exclude-base-image-vulns  
+#    - name: Upload Snyk report as sarif 📦
+#      uses: github/codeql-action/upload-sarif@v2
+#      with:
+#        sarif_file: snyk.sarif

src/app.service.ts

@@ -5,4 +5,8 @@ export class AppService {
   getHello(): string {
     return 'Hello World New Docker Image!';
   }
+   /**
+  * // TODO: Make SAST scanning
+  * use the .github folder files to fix this
+  */
 }