Merge pull request #3 from petersnick/development

Dev to Main
petersnick · Mar 27, 2024 · 887bfdf · 887bfdf
2 parents 8125082 + 1ac05f6
commit 887bfdf
Show file tree

Hide file tree

Showing 3 changed files with 55 additions and 83 deletions.
diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml
@@ -2,9 +2,9 @@ name: Integration
 
 on:
   push:
-    branches: [ development, steven ]
+    branches: [ sast-start ]
   pull_request:
-    branches: [ main ]
+    branches: [ development, main ]
     types: [opened, synchronize, reopened]   
 
 jobs:
@@ -27,32 +27,32 @@ jobs:
     - run: npm i
     - run: npm run build
 
-  sonarcloud:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v2
-      with:
-        # Disabling shallow clone is recommended for improving relevancy of reporting
-        fetch-depth: 0
-    - name: SonarCloud Scan
-      uses: sonarsource/sonarcloud-github-action@master
-      env:
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        SONAR_TOKEN: ${{ secrets.SONAR_CLOUD_DEMO }}
+sonarcloud:
+   runs-on: ubuntu-latest
+   steps:
+   - uses: actions/checkout@v2
+     with:
+       # Disabling shallow clone is recommended for improving relevancy of reporting
+       fetch-depth: 0
+   - name: SonarCloud Scan
+     uses: sonarsource/sonarcloud-github-action@master
+     env:
+       GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+       SONAR_TOKEN: ${{ secrets.SONAR_CLOUD_DEMO }}
 
-  security:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@master
-      - name: Run Snyk to check for vulnerabilities
-        uses: snyk/actions/node@master
-        continue-on-error: false
-        env:
-          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
-        with:
-          command: monitor
+#  security:
+ #   runs-on: ubuntu-latest
+ #   steps:
+ #     - uses: actions/checkout@master
+   #   - name: Run Snyk to check for vulnerabilities
+  #      uses: snyk/actions/node@master
+   #     continue-on-error: false
+   #     env:
+   #       SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+    #    with:
+   #       command: monitor
 
-  unit-tests:
+ unit-tests:
 
     runs-on: ubuntu-latest
 

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -16,60 +16,28 @@ jobs:
     - run: docker push ${{secrets.DOCKERHUB_USERNAME}}/nest-demo-app
 
 
-  snyk_image_scanning:    
-   # permissions:
-   #    id-token: read
-   #    contents: read
-   #    packages: read
-    runs-on: ubuntu-latest
-
-    steps:
-    - uses: actions/checkout@v2
-    - name: Build the Docker image
-      run: docker build -t ${{secrets.DOCKERHUB_USERNAME}}/nest-demo-app .
-    - name: Run Snyk to check Docker image for vulnerabilities
-      # Snyk can be used to break the build when it detects vulnerabilities.
-      # In this case we want to upload the issues to GitHub Code Scanning
-      continue-on-error: true
-      uses: snyk/actions/docker@master
-      env:
-        # In order to use the Snyk Action you will need to have a Snyk API token.
-        # More details in https://github.com/snyk/actions#getting-your-snyk-token
-        # or you can signup for free at https://snyk.io/login
-        SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
-      with:
-        image: ${{secrets.DOCKERHUB_USERNAME}}/nest-demo-app
-        args: --file=Dockerfile --exclude-base-image-vulns
-    #- name: Upload result to GitHub Code Scanning
-    #  uses: github/codeql-action/upload-sarif@v1
-     # with:
-      #  sarif_file: snyk.sarif
-    - name: Upload Snyk report as sarif 📦
-      uses: github/codeql-action/upload-sarif@v2
-      with:
-        sarif_file: snyk.sarif
-
-   # steps:
-   #       - name: Checkout 🛎️
-    #        uses: actions/checkout@v2
-
-   #       - name: Log in to the Container registry 📦
-   #         uses: docker/login-action@v2
-   #         with:
-   #           registry: ${{ env.GITHUB_REGISTRY }}
-   #           username: ${{ github.actor }}
-   #           password: ${{ secrets.GITHUB_TOKEN }}
-
-    #      - name: Scan Docker image 🐳
-    #        uses: snyk/actions/docker@master
-    #        continue-on-error: true
-     #       with:
-     #         image: ${{ env.GITHUB_REGISTRY }}/${{ env.GITHUB_REPOSITORY }}:${{ env.DOCKER_IMAGE_TAG }}
-     #         args: --file=Dockerfile --severity-threshold=high --sarif-file-output=snyk.sarif
-    #        env:
-     #         SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
-
-      #    - name: Upload Snyk report as sarif 📦
-      #      uses: github/codeql-action/upload-sarif@v2
-      #      with:
-       #       sarif_file: snyk.sarif
+ # snyk_image_scanning:    
+
+  #  runs-on: ubuntu-latest
+
+  #  steps:
+  #  - uses: actions/checkout@v2
+  #  - name: Build the Docker image
+ #     run: docker build -t ${{secrets.DOCKERHUB_USERNAME}}/nest-demo-app .
+ #   - name: Run Snyk to check Docker image for vulnerabilities
+ #     # Snyk can be used to break the build when it detects vulnerabilities.
+#      # In this case we want to upload the issues to GitHub Code Scanning
+#      continue-on-error: true
+#      uses: snyk/actions/docker@master
+#      env:
+#        # In order to use the Snyk Action you will need to have a Snyk API token.
+#        # More details in https://github.com/snyk/actions#getting-your-snyk-token
+#        # or you can signup for free at https://snyk.io/login
+#        SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+#      with:
+#        image: ${{secrets.DOCKERHUB_USERNAME}}/nest-demo-app
+#        args: --file=Dockerfile --exclude-base-image-vulns  
+#    - name: Upload Snyk report as sarif 📦
+#      uses: github/codeql-action/upload-sarif@v2
+#      with:
+#        sarif_file: snyk.sarif
diff --git a/src/app.service.ts b/src/app.service.ts
@@ -5,4 +5,8 @@ export class AppService {
   getHello(): string {
     return 'Hello World New Docker Image!';
   }
+   /**
+  * // TODO: Make SAST scanning
+  * use the .github folder files to fix this
+  */
 }