From 2d601e766d164fff0a28e2c0e93b6680c70e7b70 Mon Sep 17 00:00:00 2001 From: ShiftLeft Date: Thu, 7 Sep 2023 10:37:07 -0700 Subject: [PATCH 01/47] adding ShiftLeft GitHub action --- .github/workflows/shiftleft.yml | 64 +++++++++++++++++++++++++++++++++ 1 file changed, 64 insertions(+) create mode 100644 .github/workflows/shiftleft.yml diff --git a/.github/workflows/shiftleft.yml b/.github/workflows/shiftleft.yml new file mode 100644 index 000000000..24fe30894 --- /dev/null +++ b/.github/workflows/shiftleft.yml @@ -0,0 +1,64 @@ + +--- +# This workflow integrates ShiftLeft NG SAST with GitHub +# Visit https://docs.shiftleft.io for help +name: ShiftLeft + +on: + pull_request: + workflow_dispatch: + +jobs: + NextGen-Static-Analysis: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + # We are building this application with Java 11 + - name: Setup Java JDK + uses: actions/setup-java@v3 + with: + java-version: 11.0.x + distribution: zulu + - name: Package with maven + run: mvn compile package + - name: Download ShiftLeft CLI + run: | + curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl + # ShiftLeft requires Java 1.8. Post the package step override the version + - name: Setup Java JDK + uses: actions/setup-java@v3 + with: + distribution: zulu + java-version: 8 + - name: Extract branch name + shell: bash + run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})" + id: extract_branch + - name: NextGen Static Analysis + run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app shiftleft-java-demo --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --cpg --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar + env: + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} + SHIFTLEFT_API_HOST: www.shiftleft.io + SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 + SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 + Build-Rules: + runs-on: ubuntu-latest + needs: NextGen-Static-Analysis + steps: + - uses: actions/checkout@v3 + - name: Download ShiftLeft CLI + run: | + curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl + - name: Validate Build Rules + run: | + ${GITHUB_WORKSPACE}/sl check-analysis --app shiftleft-java-demo \ + --github-pr-number=${{github.event.number}} \ + --github-pr-user=${{ github.repository_owner }} \ + --github-pr-repo=${{ github.event.repository.name }} \ + --github-token=${{ secrets.GITHUB_TOKEN }} + env: + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} + SHIFTLEFT_API_HOST: www.shiftleft.io + SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 + SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 + \ No newline at end of file From 098c53b4981509c6dc6f4ac08b0aaff8ac5e3df9 Mon Sep 17 00:00:00 2001 From: ShiftLeft Date: Thu, 7 Sep 2023 10:37:08 -0700 Subject: [PATCH 02/47] adding ShiftLeft build rules --- shiftleft.yml | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 shiftleft.yml diff --git a/shiftleft.yml b/shiftleft.yml new file mode 100644 index 000000000..820144af2 --- /dev/null +++ b/shiftleft.yml @@ -0,0 +1,15 @@ +version: 2 +build_rules: + - id: Allow no critical findings + severities: + - critical + - id: Allow one OSS or container finding + finding_types: + - oss_vuln + - container + threshold: 1 + - id: Allow no reachable OSS vulnerability + finding_types: + - oss_vuln + options: + reachable: true From c89f71ed9ee41d465aa25d0d8cc0e957c30624e4 Mon Sep 17 00:00:00 2001 From: ShiftLeft Date: Tue, 26 Sep 2023 16:56:51 -0700 Subject: [PATCH 03/47] adding ShiftLeft GitHub action From 9e3f180e95d8cfdc1b99ef58d69c7802cc34a489 Mon Sep 17 00:00:00 2001 From: Elango Senthilnathan Date: Fri, 13 Oct 2023 14:52:19 -0700 Subject: [PATCH 04/47] Workflow Update --- .github/workflows/shiftleft.yml | 47 ++++++++++++++++++++++++++------- 1 file changed, 38 insertions(+), 9 deletions(-) diff --git a/.github/workflows/shiftleft.yml b/.github/workflows/shiftleft.yml index 24fe30894..dcd68ff62 100644 --- a/.github/workflows/shiftleft.yml +++ b/.github/workflows/shiftleft.yml @@ -2,7 +2,7 @@ --- # This workflow integrates ShiftLeft NG SAST with GitHub # Visit https://docs.shiftleft.io for help -name: ShiftLeft +name: Qwiet Workflow on: pull_request: @@ -13,34 +13,65 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 + # We are building this application with Java 11 - name: Setup Java JDK uses: actions/setup-java@v3 with: java-version: 11.0.x distribution: zulu + + - uses: actions/setup-python@v4 + with: + python-version: '3.10' + - name: Package with maven run: mvn compile package + - name: Download ShiftLeft CLI run: | curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl + # ShiftLeft requires Java 1.8. Post the package step override the version - name: Setup Java JDK uses: actions/setup-java@v3 with: distribution: zulu java-version: 8 + + - name: Download bestfix script + shell: bash + run: | + apt-get -y install python3-pip + git clone https://github.com/ShiftLeftSecurity/field-integrations.git + pip3 install -r field-integrations/shiftleft-utils/requirements.txt + - name: Extract branch name shell: bash run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})" id: extract_branch + - name: NextGen Static Analysis - run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app shiftleft-java-demo --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --cpg --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar + run: ${GITHUB_WORKSPACE}/sl analyze --wait --app ${{ github.event.repository.name }} --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --cpg --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar env: SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} - SHIFTLEFT_API_HOST: www.shiftleft.io - SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 - SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 + + - name: Run Bestfix script to generate report + shell: bash + run: | + python3 field-integrations/shiftleft-utils/bestfix.py -a ${{ github.event.repository.name }} -s . + BESTFIX_OUTPUT=$(cat ngsast-bestfix-$CI_PROJECT_NAME.html) + BESTFIX_BODY=$(jq -n --arg body "$BESTFIX_OUTPUT" '{body: $body}') + curl -L \ + -X POST \ + -H "Accept: application/vnd.github+json" \ + -H "Authorization: Bearer ${GH_API_TOKEN}" \ + -H "X-GitHub-Api-Version: 2022-11-28" \ + https://api.github.com/repos/${{ github.repository_owner }}/${{ github.event.repository.name }}/pulls/${{github.event.number}}/comments \ + -d '$BESTFIX_BODY' + env: + GH_API_TOKEN: ${{ secrets.API_TOKEN }} + Build-Rules: runs-on: ubuntu-latest needs: NextGen-Static-Analysis @@ -51,14 +82,12 @@ jobs: curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl - name: Validate Build Rules run: | - ${GITHUB_WORKSPACE}/sl check-analysis --app shiftleft-java-demo \ + ${GITHUB_WORKSPACE}/sl check-analysis --app ${{ github.event.repository.name }} \ --github-pr-number=${{github.event.number}} \ --github-pr-user=${{ github.repository_owner }} \ --github-pr-repo=${{ github.event.repository.name }} \ --github-token=${{ secrets.GITHUB_TOKEN }} env: SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} - SHIFTLEFT_API_HOST: www.shiftleft.io - SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 - SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 + \ No newline at end of file From d6f01ef5e5bd09c062b2f256d44db4ff14958979 Mon Sep 17 00:00:00 2001 From: Elango Senthilnathan <144163174+elangosenthilnathan@users.noreply.github.com> Date: Fri, 13 Oct 2023 14:53:17 -0700 Subject: [PATCH 05/47] Update shiftleft.yml --- .github/workflows/shiftleft.yml | 49 ++++++++++++++++++++++++++------- 1 file changed, 39 insertions(+), 10 deletions(-) diff --git a/.github/workflows/shiftleft.yml b/.github/workflows/shiftleft.yml index 24fe30894..98366cddf 100644 --- a/.github/workflows/shiftleft.yml +++ b/.github/workflows/shiftleft.yml @@ -2,7 +2,7 @@ --- # This workflow integrates ShiftLeft NG SAST with GitHub # Visit https://docs.shiftleft.io for help -name: ShiftLeft +name: Qwiet Workflow on: pull_request: @@ -13,34 +13,65 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 + # We are building this application with Java 11 - name: Setup Java JDK uses: actions/setup-java@v3 with: java-version: 11.0.x distribution: zulu + + - uses: actions/setup-python@v4 + with: + python-version: '3.10' + - name: Package with maven run: mvn compile package + - name: Download ShiftLeft CLI run: | curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl + # ShiftLeft requires Java 1.8. Post the package step override the version - name: Setup Java JDK uses: actions/setup-java@v3 with: distribution: zulu java-version: 8 + + - name: Download bestfix script + shell: bash + run: | + apt-get -y install python3-pip + git clone https://github.com/ShiftLeftSecurity/field-integrations.git + pip3 install -r field-integrations/shiftleft-utils/requirements.txt + - name: Extract branch name shell: bash run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})" id: extract_branch + - name: NextGen Static Analysis - run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app shiftleft-java-demo --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --cpg --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar + run: ${GITHUB_WORKSPACE}/sl analyze --wait --app ${{ github.event.repository.name }} --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --cpg --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar env: SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} - SHIFTLEFT_API_HOST: www.shiftleft.io - SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 - SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 + + - name: Run Bestfix script to generate report + shell: bash + run: | + python3 field-integrations/shiftleft-utils/bestfix.py -a ${{ github.event.repository.name }} -s . + BESTFIX_OUTPUT=$(cat ngsast-bestfix-$CI_PROJECT_NAME.html) + BESTFIX_BODY=$(jq -n --arg body "$BESTFIX_OUTPUT" '{body: $body}') + curl -L \ + -X POST \ + -H "Accept: application/vnd.github+json" \ + -H "Authorization: Bearer ${GH_API_TOKEN}" \ + -H "X-GitHub-Api-Version: 2022-11-28" \ + https://api.github.com/repos/${{ github.repository_owner }}/${{ github.event.repository.name }}/pulls/${{github.event.number}}/comments \ + -d '$BESTFIX_BODY' + env: + GH_API_TOKEN: ${{ secrets.API_TOKEN }} + Build-Rules: runs-on: ubuntu-latest needs: NextGen-Static-Analysis @@ -51,14 +82,12 @@ jobs: curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl - name: Validate Build Rules run: | - ${GITHUB_WORKSPACE}/sl check-analysis --app shiftleft-java-demo \ + ${GITHUB_WORKSPACE}/sl check-analysis --app ${{ github.event.repository.name }} \ --github-pr-number=${{github.event.number}} \ --github-pr-user=${{ github.repository_owner }} \ --github-pr-repo=${{ github.event.repository.name }} \ --github-token=${{ secrets.GITHUB_TOKEN }} env: SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} - SHIFTLEFT_API_HOST: www.shiftleft.io - SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 - SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 - \ No newline at end of file + + From e9333bfca7fc1b75c10a301269f7ae74e33be545 Mon Sep 17 00:00:00 2001 From: Elango Senthilnathan <144163174+elangosenthilnathan@users.noreply.github.com> Date: Fri, 13 Oct 2023 15:02:28 -0700 Subject: [PATCH 06/47] Update shiftleft.yml --- .github/workflows/shiftleft.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/shiftleft.yml b/.github/workflows/shiftleft.yml index 1282605b1..a961cd437 100644 --- a/.github/workflows/shiftleft.yml +++ b/.github/workflows/shiftleft.yml @@ -42,7 +42,7 @@ jobs: - name: Download bestfix script shell: bash run: | - apt-get -y install python3-pip + python3 -m pip install --upgrade pip git clone https://github.com/ShiftLeftSecurity/field-integrations.git pip3 install -r field-integrations/shiftleft-utils/requirements.txt From dd362eb5b3c19cb7190fbf75d61216231ada9d91 Mon Sep 17 00:00:00 2001 From: Elango Senthilnathan <144163174+elangosenthilnathan@users.noreply.github.com> Date: Fri, 13 Oct 2023 18:35:50 -0700 Subject: [PATCH 07/47] Update shiftleft.yml --- .github/workflows/shiftleft.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/shiftleft.yml b/.github/workflows/shiftleft.yml index a961cd437..f6f3e9810 100644 --- a/.github/workflows/shiftleft.yml +++ b/.github/workflows/shiftleft.yml @@ -1,4 +1,3 @@ - --- # This workflow integrates ShiftLeft NG SAST with GitHub # Visit https://docs.shiftleft.io for help From 86069aa0588d38f87d99b07a021e6203dfdcd0cd Mon Sep 17 00:00:00 2001 From: Elango Senthilnathan <144163174+elangosenthilnathan@users.noreply.github.com> Date: Fri, 13 Oct 2023 18:52:18 -0700 Subject: [PATCH 08/47] Update shiftleft.yml --- .github/workflows/shiftleft.yml | 192 +++++++++++++++++--------------- 1 file changed, 104 insertions(+), 88 deletions(-) diff --git a/.github/workflows/shiftleft.yml b/.github/workflows/shiftleft.yml index f6f3e9810..e1187f5b1 100644 --- a/.github/workflows/shiftleft.yml +++ b/.github/workflows/shiftleft.yml @@ -1,90 +1,106 @@ ---- -# This workflow integrates ShiftLeft NG SAST with GitHub -# Visit https://docs.shiftleft.io for help -name: Qwiet Workflow - -on: - pull_request: - workflow_dispatch: - -jobs: - NextGen-Static-Analysis: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - # We are building this application with Java 11 - - name: Setup Java JDK - uses: actions/setup-java@v3 - with: - java-version: 11.0.x - distribution: zulu - - - uses: actions/setup-python@v4 - with: - python-version: '3.10' - - - name: Package with maven - run: mvn compile package - - name: Download ShiftLeft CLI - run: | - curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl - - # ShiftLeft requires Java 1.8. Post the package step override the version - - name: Setup Java JDK - uses: actions/setup-java@v3 - with: - distribution: zulu - java-version: 8 - - - name: Download bestfix script - shell: bash - run: | - python3 -m pip install --upgrade pip - git clone https://github.com/ShiftLeftSecurity/field-integrations.git - pip3 install -r field-integrations/shiftleft-utils/requirements.txt - - - name: Extract branch name - shell: bash - run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})" - id: extract_branch - - - name: NextGen Static Analysis - run: SHIFTLEFT_SBOM_GENERATOR=2 ${GITHUB_WORKSPACE}/sl analyze --wait --app ${{ github.event.repository.name }} --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --cpg --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar - env: - SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} - - - name: Run Bestfix script to generate report - shell: bash - run: | - python3 field-integrations/shiftleft-utils/bestfix.py -a ${{ github.event.repository.name }} -s . - BESTFIX_OUTPUT=$(cat ngsast-bestfix-$CI_PROJECT_NAME.html) - BESTFIX_BODY=$(jq -n --arg body "$BESTFIX_OUTPUT" '{body: $body}') - curl -L \ - -X POST \ - -H "Accept: application/vnd.github+json" \ - -H "Authorization: Bearer ${GH_API_TOKEN}" \ - -H "X-GitHub-Api-Version: 2022-11-28" \ - https://api.github.com/repos/${{ github.repository_owner }}/${{ github.event.repository.name }}/pulls/${{github.event.number}}/comments \ - -d '$BESTFIX_BODY' - env: - GH_API_TOKEN: ${{ secrets.API_TOKEN }} +--- + # This workflow integrates ShiftLeft NG SAST with GitHub + # Visit https://docs.shiftleft.io for help + name: Qwiet Workflow + + on: + pull_request: + workflow_dispatch: + + jobs: + NextGen-Static-Analysis: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + + # We are building this application with Java 11 + - name: Setup Java JDK + uses: actions/setup-java@v3 + with: + java-version: 11.0.x + distribution: zulu + + - uses: actions/setup-python@v4 + with: + python-version: '3.10' + + - name: Package with maven + run: mvn compile package + + - name: Download ShiftLeft CLI + run: | + curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl + + # ShiftLeft requires Java 1.8. Post the package step override the version + - name: Setup Java JDK + uses: actions/setup-java@v3 + with: + distribution: zulu + java-version: 8 + + - name: Download bestfix script + shell: bash + run: | + python3 -m pip install --upgrade pip + git clone https://github.com/ShiftLeftSecurity/field-integrations.git + pip3 install -r field-integrations/shiftleft-utils/requirements.txt + + - name: Extract branch name + shell: bash + run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})" + id: extract_branch + + - name: NextGen Static Analysis + run: SHIFTLEFT_SBOM_GENERATOR=2 ${GITHUB_WORKSPACE}/sl analyze --wait --app ${{ github.event.repository.name }} --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --cpg --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar + env: + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} + + - name: Run Bestfix script to generate report + shell: bash + run: | + python3 field-integrations/shiftleft-utils/bestfix.py -a ${{ github.event.repository.name }} -s . + BESTFIX_OUTPUT=$(cat ngsast-bestfix-${{ github.event.repository.name }}.html) + git_hash=${{ github.event.pull_request.head.sha }} + + JSON_STRING="{ + \"body\":\"${BESTFIX_OUTPUT}\", + \"commit_id\":\"${git_hash}\", + \"path\":\".github/workflows/shiftleft.yml\", + \"line\":2, + \"start_line\":1, + \"start_side\":\"RIGHT\", + \"side\":\"RIGHT\" + }" + + url="https://api.github.com/repos/${{ github.repository_owner }}/${{ github.event.repository.name }}/pulls/${{github.event.number}}/comments" - Build-Rules: - runs-on: ubuntu-latest - needs: NextGen-Static-Analysis - steps: - - uses: actions/checkout@v3 - - name: Download ShiftLeft CLI - run: | - curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl - - name: Validate Build Rules - run: | - ${GITHUB_WORKSPACE}/sl check-analysis --v2 --app ${{ github.event.repository.name }} \ - --github-pr-number=${{github.event.number}} \ - --github-pr-user=${{ github.repository_owner }} \ - --github-pr-repo=${{ github.event.repository.name }} \ - --github-token=${{ secrets.GITHUB_TOKEN }} - env: - SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} + curl -L \ + -X POST \ + -H "Accept: application/vnd.github.html+json" \ + -H "Authorization: Bearer ${GH_API_TOKEN}" \ + "${url}" \ + -d "$JSON_STRING" + env: + GH_API_TOKEN: ${{ secrets.API_TOKEN }} + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} + + Build-Rules: + runs-on: ubuntu-latest + needs: NextGen-Static-Analysis + steps: + - uses: actions/checkout@v3 + - name: Download ShiftLeft CLI + run: | + curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl + - name: Validate Build Rules + run: | + ${GITHUB_WORKSPACE}/sl check-analysis --v2 --app ${{ github.event.repository.name }} \ + --github-pr-number=${{github.event.number}} \ + --github-pr-user=${{ github.repository_owner }} \ + --github-pr-repo=${{ github.event.repository.name }} \ + --github-token=${{ secrets.API_TOKEN }} + env: + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} + GH_API_TOKEN: ${{ secrets.API_TOKEN }} + From 0820ba5640762ba56c375272bec4f1bd4a4232b5 Mon Sep 17 00:00:00 2001 From: Elango Senthilnathan <144163174+elangosenthilnathan@users.noreply.github.com> Date: Fri, 13 Oct 2023 20:16:33 -0700 Subject: [PATCH 09/47] Update shiftleft.yml --- .github/workflows/shiftleft.yml | 47 ++++++++++++++++++++------------- 1 file changed, 29 insertions(+), 18 deletions(-) diff --git a/.github/workflows/shiftleft.yml b/.github/workflows/shiftleft.yml index e1187f5b1..dd695580e 100644 --- a/.github/workflows/shiftleft.yml +++ b/.github/workflows/shiftleft.yml @@ -59,32 +59,43 @@ - name: Run Bestfix script to generate report shell: bash run: | - python3 field-integrations/shiftleft-utils/bestfix.py -a ${{ github.event.repository.name }} -s . - BESTFIX_OUTPUT=$(cat ngsast-bestfix-${{ github.event.repository.name }}.html) - git_hash=${{ github.event.pull_request.head.sha }} + #python3 field-integrations/shiftleft-utils/bestfix.py -a ${{ github.event.repository.name }} -s . + python3 field-integrations/shiftleft-utils/bestfix.py -a $(basename $(pwd)) -o $GITHUB_WORKSPACE/ngsast-bestfix-report.html + BESTFIX_OUTPUT=$(cat $GITHUB_WORKSPACE/ngsast-bestfix-report.html) + BESTFIX_BODY=$(jq -n --arg body "$BESTFIX_OUTPUT" '{body: $body}') + #git_hash=${{ github.event.pull_request.head.sha }} - JSON_STRING="{ - \"body\":\"${BESTFIX_OUTPUT}\", - \"commit_id\":\"${git_hash}\", - \"path\":\".github/workflows/shiftleft.yml\", - \"line\":2, - \"start_line\":1, - \"start_side\":\"RIGHT\", - \"side\":\"RIGHT\" - }" + # JSON_STRING="{ + # \"body\":\"${BESTFIX_OUTPUT}\", + # \"commit_id\":\"${git_hash}\", + # \"path\":\".github/workflows/shiftleft.yml\", + # \"line\":2, + # \"start_line\":1, + # \"start_side\":\"RIGHT\", + # \"side\":\"RIGHT\" + # }" - url="https://api.github.com/repos/${{ github.repository_owner }}/${{ github.event.repository.name }}/pulls/${{github.event.number}}/comments" + JSON_STRING="{ + \"body\":\"${BESTFIX_OUTPUT}\" + }" - curl -L \ - -X POST \ - -H "Accept: application/vnd.github.html+json" \ + url="https://api.github.com/repos/${{ github.repository_owner }}/${{ github.event.repository.name }}/issues/${{github.event.number}}/comments" + + curl -X POST \ + -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer ${GH_API_TOKEN}" \ "${url}" \ - -d "$JSON_STRING" + -d "${BESTFIX_BODY}" + + env: GH_API_TOKEN: ${{ secrets.API_TOKEN }} SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} - + - uses: actions/upload-artifact@v3 + with: + name: ngsast-bestfix-report + path: ngsast-bestfix-report.html + Build-Rules: runs-on: ubuntu-latest needs: NextGen-Static-Analysis From cb6645e9f4173bb5b805bce16fd31e059523f9f6 Mon Sep 17 00:00:00 2001 From: Elango Senthilnathan <144163174+elangosenthilnathan@users.noreply.github.com> Date: Mon, 16 Oct 2023 10:32:08 -0700 Subject: [PATCH 10/47] Update shiftleft.yml --- .github/workflows/shiftleft.yml | 23 ++++++----------------- 1 file changed, 6 insertions(+), 17 deletions(-) diff --git a/.github/workflows/shiftleft.yml b/.github/workflows/shiftleft.yml index dd695580e..b57284321 100644 --- a/.github/workflows/shiftleft.yml +++ b/.github/workflows/shiftleft.yml @@ -45,6 +45,8 @@ python3 -m pip install --upgrade pip git clone https://github.com/ShiftLeftSecurity/field-integrations.git pip3 install -r field-integrations/shiftleft-utils/requirements.txt + git clone https://github.com/gzttech/beautifulspoon.git + pip3 install beautifulspoon - name: Extract branch name shell: bash @@ -59,25 +61,12 @@ - name: Run Bestfix script to generate report shell: bash run: | - #python3 field-integrations/shiftleft-utils/bestfix.py -a ${{ github.event.repository.name }} -s . + python3 field-integrations/shiftleft-utils/bestfix.py -a $(basename $(pwd)) -o $GITHUB_WORKSPACE/ngsast-bestfix-report.html - BESTFIX_OUTPUT=$(cat $GITHUB_WORKSPACE/ngsast-bestfix-report.html) + beautifulspoon $GITHUB_WORKSPACE/ngsast-bestfix-report.html --select body > $GITHUB_WORKSPACE/qwiet.html + BESTFIX_OUTPUT=$(cat $GITHUB_WORKSPACE/qwiet.html) + #BESTFIX_OUTPUT=$(cat $GITHUB_WORKSPACE/ngsast-bestfix-report.html) BESTFIX_BODY=$(jq -n --arg body "$BESTFIX_OUTPUT" '{body: $body}') - #git_hash=${{ github.event.pull_request.head.sha }} - - # JSON_STRING="{ - # \"body\":\"${BESTFIX_OUTPUT}\", - # \"commit_id\":\"${git_hash}\", - # \"path\":\".github/workflows/shiftleft.yml\", - # \"line\":2, - # \"start_line\":1, - # \"start_side\":\"RIGHT\", - # \"side\":\"RIGHT\" - # }" - - JSON_STRING="{ - \"body\":\"${BESTFIX_OUTPUT}\" - }" url="https://api.github.com/repos/${{ github.repository_owner }}/${{ github.event.repository.name }}/issues/${{github.event.number}}/comments" From 12e041b3e07f76d015f03f27b4cfb2bea1add3fa Mon Sep 17 00:00:00 2001 From: ShiftLeft Date: Tue, 5 Dec 2023 10:28:29 -0800 Subject: [PATCH 11/47] adding ShiftLeft GitHub action --- .github/workflows/shiftleft.yml | 160 ++++++++++++-------------------- 1 file changed, 58 insertions(+), 102 deletions(-) diff --git a/.github/workflows/shiftleft.yml b/.github/workflows/shiftleft.yml index b57284321..15f631a33 100644 --- a/.github/workflows/shiftleft.yml +++ b/.github/workflows/shiftleft.yml @@ -1,106 +1,62 @@ --- - # This workflow integrates ShiftLeft NG SAST with GitHub - # Visit https://docs.shiftleft.io for help - name: Qwiet Workflow - - on: - pull_request: - workflow_dispatch: - - jobs: - NextGen-Static-Analysis: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - # We are building this application with Java 11 - - name: Setup Java JDK - uses: actions/setup-java@v3 - with: - java-version: 11.0.x - distribution: zulu - - - uses: actions/setup-python@v4 - with: - python-version: '3.10' - - - name: Package with maven - run: mvn compile package - - - name: Download ShiftLeft CLI - run: | - curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl - - # ShiftLeft requires Java 1.8. Post the package step override the version - - name: Setup Java JDK - uses: actions/setup-java@v3 - with: - distribution: zulu - java-version: 8 - - - name: Download bestfix script - shell: bash - run: | - python3 -m pip install --upgrade pip - git clone https://github.com/ShiftLeftSecurity/field-integrations.git - pip3 install -r field-integrations/shiftleft-utils/requirements.txt - git clone https://github.com/gzttech/beautifulspoon.git - pip3 install beautifulspoon - - - name: Extract branch name - shell: bash - run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})" - id: extract_branch - - - name: NextGen Static Analysis - run: SHIFTLEFT_SBOM_GENERATOR=2 ${GITHUB_WORKSPACE}/sl analyze --wait --app ${{ github.event.repository.name }} --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --cpg --container 18fgsa/s3-resource target/hello-shiftleft-0.0.1.jar - env: - SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} - - - name: Run Bestfix script to generate report - shell: bash - run: | +# This workflow integrates ShiftLeft NG SAST with GitHub +# Visit https://docs.shiftleft.io for help +name: ShiftLeft - python3 field-integrations/shiftleft-utils/bestfix.py -a $(basename $(pwd)) -o $GITHUB_WORKSPACE/ngsast-bestfix-report.html - beautifulspoon $GITHUB_WORKSPACE/ngsast-bestfix-report.html --select body > $GITHUB_WORKSPACE/qwiet.html - BESTFIX_OUTPUT=$(cat $GITHUB_WORKSPACE/qwiet.html) - #BESTFIX_OUTPUT=$(cat $GITHUB_WORKSPACE/ngsast-bestfix-report.html) - BESTFIX_BODY=$(jq -n --arg body "$BESTFIX_OUTPUT" '{body: $body}') +on: + pull_request: + workflow_dispatch: - url="https://api.github.com/repos/${{ github.repository_owner }}/${{ github.event.repository.name }}/issues/${{github.event.number}}/comments" - - curl -X POST \ - -H "Accept: application/vnd.github+json" \ - -H "Authorization: Bearer ${GH_API_TOKEN}" \ - "${url}" \ - -d "${BESTFIX_BODY}" - - - env: - GH_API_TOKEN: ${{ secrets.API_TOKEN }} - SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} - - uses: actions/upload-artifact@v3 - with: - name: ngsast-bestfix-report - path: ngsast-bestfix-report.html - - Build-Rules: - runs-on: ubuntu-latest - needs: NextGen-Static-Analysis - steps: - - uses: actions/checkout@v3 - - name: Download ShiftLeft CLI - run: | - curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl - - name: Validate Build Rules - run: | - ${GITHUB_WORKSPACE}/sl check-analysis --v2 --app ${{ github.event.repository.name }} \ - --github-pr-number=${{github.event.number}} \ - --github-pr-user=${{ github.repository_owner }} \ - --github-pr-repo=${{ github.event.repository.name }} \ - --github-token=${{ secrets.API_TOKEN }} - env: - SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} - GH_API_TOKEN: ${{ secrets.API_TOKEN }} - +jobs: + NextGen-Static-Analysis: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + # We are building this application with Java 11 + - name: Setup Java JDK + uses: actions/setup-java@v3 + with: + java-version: 11.0.x + distribution: zulu + - name: Download ShiftLeft CLI + run: | + curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl + # ShiftLeft requires Java 1.8. Post the package step override the version + - name: Setup Java JDK + uses: actions/setup-java@v3 + with: + distribution: zulu + java-version: 8 + - name: Extract branch name + shell: bash + run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})" + id: extract_branch + - name: NextGen Static Analysis + run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app shiftleft-java-demo --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --javasrc --cpg --container 18fgsa/s3-resource . + env: + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} + SHIFTLEFT_API_HOST: www.shiftleft.io + SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 + SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 + Build-Rules: + runs-on: ubuntu-latest + needs: NextGen-Static-Analysis + steps: + - uses: actions/checkout@v3 + - name: Download ShiftLeft CLI + run: | + curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl + - name: Validate Build Rules + run: | + ${GITHUB_WORKSPACE}/sl check-analysis --app shiftleft-java-demo \ + --github-pr-number=${{github.event.number}} \ + --github-pr-user=${{ github.repository_owner }} \ + --github-pr-repo=${{ github.event.repository.name }} \ + --github-token=${{ secrets.GITHUB_TOKEN }} + env: + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} + SHIFTLEFT_API_HOST: www.shiftleft.io + SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 + SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 + \ No newline at end of file From 468dcf8f9f8f5a83fcef14b29f1fd86157ce591d Mon Sep 17 00:00:00 2001 From: Elango Senthilnathan <144163174+elangosenthilnathan@users.noreply.github.com> Date: Fri, 26 Jan 2024 12:04:53 -0800 Subject: [PATCH 12/47] Create qwiet.yml --- .github/workflows/qwiet.yml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 .github/workflows/qwiet.yml diff --git a/.github/workflows/qwiet.yml b/.github/workflows/qwiet.yml new file mode 100644 index 000000000..e1746dcb0 --- /dev/null +++ b/.github/workflows/qwiet.yml @@ -0,0 +1,20 @@ +name: Qwiet + +on: + pull_request: + workflow_dispatch: + push: + +jobs: + NextGen-Static-Analysis: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - name: Download ShiftLeft CLI + run: | + curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl + + - name: NextGen Static Analysis + run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app javaApp1 --javasrc --cpg . + env: + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} From 8cc72642a8c99fff6661bd6ca905ce8bb47af18a Mon Sep 17 00:00:00 2001 From: Elango Senthilnathan <144163174+elangosenthilnathan@users.noreply.github.com> Date: Fri, 26 Jan 2024 16:08:02 -0800 Subject: [PATCH 13/47] Update qwiet.yml --- .github/workflows/qwiet.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/qwiet.yml b/.github/workflows/qwiet.yml index e1746dcb0..70c572c2e 100644 --- a/.github/workflows/qwiet.yml +++ b/.github/workflows/qwiet.yml @@ -8,10 +8,13 @@ on: jobs: NextGen-Static-Analysis: runs-on: ubuntu-latest + container: + image: shiftleft/core:latest steps: - uses: actions/checkout@v3 - name: Download ShiftLeft CLI run: | + java --version curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl - name: NextGen Static Analysis From a177e84fc70b667ccd66a370a06fd22387a44f59 Mon Sep 17 00:00:00 2001 From: Elango Senthilnathan <144163174+elangosenthilnathan@users.noreply.github.com> Date: Mon, 1 Apr 2024 18:25:10 -0700 Subject: [PATCH 14/47] Update qwiet.yml --- .github/workflows/qwiet.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/qwiet.yml b/.github/workflows/qwiet.yml index 70c572c2e..42b0084be 100644 --- a/.github/workflows/qwiet.yml +++ b/.github/workflows/qwiet.yml @@ -9,12 +9,12 @@ jobs: NextGen-Static-Analysis: runs-on: ubuntu-latest container: - image: shiftleft/core:latest + image: enjoyelan/slcoredocker:latest steps: - uses: actions/checkout@v3 - name: Download ShiftLeft CLI run: | - java --version + docker run hello-world curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl - name: NextGen Static Analysis From 55c77381d829db3009dfee68383ced3698a30289 Mon Sep 17 00:00:00 2001 From: Elango Senthilnathan <144163174+elangosenthilnathan@users.noreply.github.com> Date: Thu, 18 Apr 2024 10:48:31 -0700 Subject: [PATCH 15/47] Update qwiet.yml --- .github/workflows/qwiet.yml | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/.github/workflows/qwiet.yml b/.github/workflows/qwiet.yml index 42b0084be..62435bffe 100644 --- a/.github/workflows/qwiet.yml +++ b/.github/workflows/qwiet.yml @@ -14,10 +14,15 @@ jobs: - uses: actions/checkout@v3 - name: Download ShiftLeft CLI run: | - docker run hello-world curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl - name: NextGen Static Analysis - run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app javaApp1 --javasrc --cpg . + run: | + set +e + ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app javaApp1 . + ${GITHUB_WORKSPACE}/sl check-analysis --v2 --app javaApp1 + exitcode="$?" + echo "exitcode=$exitcode" >> $GITHUB_OUTPUT + echo "ExitCode from CheckAnalysis: " $exitcode env: SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} From 54a8657f4259c0fe63d99f95580fcca8aa001c99 Mon Sep 17 00:00:00 2001 From: Elango Senthilnathan <144163174+elangosenthilnathan@users.noreply.github.com> Date: Thu, 18 Apr 2024 10:53:53 -0700 Subject: [PATCH 16/47] 111 --- .github/workflows/qwiet.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/qwiet.yml b/.github/workflows/qwiet.yml index 62435bffe..af046676f 100644 --- a/.github/workflows/qwiet.yml +++ b/.github/workflows/qwiet.yml @@ -8,8 +8,6 @@ on: jobs: NextGen-Static-Analysis: runs-on: ubuntu-latest - container: - image: enjoyelan/slcoredocker:latest steps: - uses: actions/checkout@v3 - name: Download ShiftLeft CLI From 53d35b048de37f70cb0bab8c48636777d2abaef4 Mon Sep 17 00:00:00 2001 From: Elango Senthilnathan <144163174+elangosenthilnathan@users.noreply.github.com> Date: Mon, 29 Apr 2024 11:12:56 -0700 Subject: [PATCH 17/47] Update qwiet.yml --- .github/workflows/qwiet.yml | 37 +++++++++++++++++++++++-------------- 1 file changed, 23 insertions(+), 14 deletions(-) diff --git a/.github/workflows/qwiet.yml b/.github/workflows/qwiet.yml index af046676f..864479ca7 100644 --- a/.github/workflows/qwiet.yml +++ b/.github/workflows/qwiet.yml @@ -9,18 +9,27 @@ jobs: NextGen-Static-Analysis: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - - name: Download ShiftLeft CLI - run: | - curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl + - uses: actions/checkout@v4 - - name: NextGen Static Analysis - run: | - set +e - ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app javaApp1 . - ${GITHUB_WORKSPACE}/sl check-analysis --v2 --app javaApp1 - exitcode="$?" - echo "exitcode=$exitcode" >> $GITHUB_OUTPUT - echo "ExitCode from CheckAnalysis: " $exitcode - env: - SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} + - name: Perform Scan + uses: ShiftLeftSecurity/scan-action@master + + # - name: Download ShiftLeft CLI + # run: | + # curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl + + # - name: NextGen Static Analysis + # run: | + # set +e + # ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app javaApp1 . + # ${GITHUB_WORKSPACE}/sl check-analysis --v2 --app javaApp1 + # exitcode="$?" + # echo "exitcode=$exitcode" >> $GITHUB_OUTPUT + # echo "ExitCode from CheckAnalysis: " $exitcode + # env: + # SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} + + - uses: actions/upload-artifact@v1 + with: + name: reports + path: reports From 28ce6dc658da02ae03f3d4e20d501091e70df297 Mon Sep 17 00:00:00 2001 From: Elango Senthilnathan <144163174+elangosenthilnathan@users.noreply.github.com> Date: Fri, 17 May 2024 11:46:20 -0700 Subject: [PATCH 18/47] Update shiftleft.yml --- .github/workflows/shiftleft.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/shiftleft.yml b/.github/workflows/shiftleft.yml index 15f631a33..c1ab7bcee 100644 --- a/.github/workflows/shiftleft.yml +++ b/.github/workflows/shiftleft.yml @@ -49,6 +49,9 @@ jobs: curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl - name: Validate Build Rules run: | + echo ${{ github.repository_owner }} + echo "============================" + echo github.event.repository.name ${GITHUB_WORKSPACE}/sl check-analysis --app shiftleft-java-demo \ --github-pr-number=${{github.event.number}} \ --github-pr-user=${{ github.repository_owner }} \ @@ -59,4 +62,4 @@ jobs: SHIFTLEFT_API_HOST: www.shiftleft.io SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 - \ No newline at end of file + From c3b2950fedf5146e1da39eeaf647863f1d66d5ab Mon Sep 17 00:00:00 2001 From: Elango Senthilnathan <144163174+elangosenthilnathan@users.noreply.github.com> Date: Fri, 17 May 2024 11:50:39 -0700 Subject: [PATCH 19/47] Update shiftleft.yml --- .github/workflows/shiftleft.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/shiftleft.yml b/.github/workflows/shiftleft.yml index c1ab7bcee..b91f8733d 100644 --- a/.github/workflows/shiftleft.yml +++ b/.github/workflows/shiftleft.yml @@ -22,6 +22,9 @@ jobs: - name: Download ShiftLeft CLI run: | curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl + echo ${{ github.repository_owner }} + echo "============================" + echo ${{ github.event.repository.name }} # ShiftLeft requires Java 1.8. Post the package step override the version - name: Setup Java JDK uses: actions/setup-java@v3 From 55566d2d8161e232de45857be6dd2877dc9e98d4 Mon Sep 17 00:00:00 2001 From: Elango Senthilnathan <144163174+elangosenthilnathan@users.noreply.github.com> Date: Fri, 17 May 2024 11:51:48 -0700 Subject: [PATCH 20/47] 1 --- .github/workflows/qwiet.yml | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/.github/workflows/qwiet.yml b/.github/workflows/qwiet.yml index 864479ca7..85e80847d 100644 --- a/.github/workflows/qwiet.yml +++ b/.github/workflows/qwiet.yml @@ -14,9 +14,12 @@ jobs: - name: Perform Scan uses: ShiftLeftSecurity/scan-action@master - # - name: Download ShiftLeft CLI - # run: | - # curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl + - name: Download ShiftLeft CLI + run: | + curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl + echo ${{ github.repository_owner }} + echo "============================" + echo ${{ github.event.repository.name }} # - name: NextGen Static Analysis # run: | @@ -29,7 +32,7 @@ jobs: # env: # SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} - - uses: actions/upload-artifact@v1 - with: - name: reports - path: reports + # - uses: actions/upload-artifact@v1 + # with: + # name: reports + # path: reports From bcd8b8d0b4fba984397b53a3c3d7003fe5b7004e Mon Sep 17 00:00:00 2001 From: Elango Senthilnathan <144163174+elangosenthilnathan@users.noreply.github.com> Date: Fri, 17 May 2024 11:53:13 -0700 Subject: [PATCH 21/47] 2 --- .github/workflows/qwiet.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/qwiet.yml b/.github/workflows/qwiet.yml index 85e80847d..5b01a0257 100644 --- a/.github/workflows/qwiet.yml +++ b/.github/workflows/qwiet.yml @@ -11,8 +11,8 @@ jobs: steps: - uses: actions/checkout@v4 - - name: Perform Scan - uses: ShiftLeftSecurity/scan-action@master + # - name: Perform Scan + # uses: ShiftLeftSecurity/scan-action@master - name: Download ShiftLeft CLI run: | From efff9b8e18025c3b36ab6b176eaa2063b7c0afa9 Mon Sep 17 00:00:00 2001 From: Elango Senthilnathan <144163174+elangosenthilnathan@users.noreply.github.com> Date: Wed, 22 May 2024 09:43:32 -0700 Subject: [PATCH 22/47] Create secrets.yml --- secrets.yml | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 secrets.yml diff --git a/secrets.yml b/secrets.yml new file mode 100644 index 000000000..b2fad68af --- /dev/null +++ b/secrets.yml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Secret +metadata: + name: sio-secret +type: kubernetes.io/scaleio +data: + username: YWRtaW4= + password: c0NhbGVpbzEyMw== From f28a4fa8afcdba0ce97afbc04e7fdf2a1f3e12c0 Mon Sep 17 00:00:00 2001 From: Elango Senthilnathan <144163174+elangosenthilnathan@users.noreply.github.com> Date: Wed, 22 May 2024 09:43:54 -0700 Subject: [PATCH 23/47] Create config.properties --- config.properties | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 config.properties diff --git a/config.properties b/config.properties new file mode 100644 index 000000000..ecc6ea51c --- /dev/null +++ b/config.properties @@ -0,0 +1,3 @@ +db.user=mkyong +db.password=password +db.url=localhost From b32ddada835fc1784e6461cbdfbd3b515a6e65e4 Mon Sep 17 00:00:00 2001 From: Elango Senthilnathan <144163174+elangosenthilnathan@users.noreply.github.com> Date: Wed, 22 May 2024 09:45:17 -0700 Subject: [PATCH 24/47] Update DataLoader.java --- src/main/java/io/shiftleft/data/DataLoader.java | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/src/main/java/io/shiftleft/data/DataLoader.java b/src/main/java/io/shiftleft/data/DataLoader.java index c661aff43..908ced398 100644 --- a/src/main/java/io/shiftleft/data/DataLoader.java +++ b/src/main/java/io/shiftleft/data/DataLoader.java @@ -55,6 +55,16 @@ private String getSecurePassword(String masterPassword) throws IOException { return props.getProperty("db.password"); } + public final class Constants { + + private Constants() { + // restrict instantiation + } + + public static final double PI = 3.14159; + public static final double PLANCK_CONSTANT = 6.62606896e-34; + } + private boolean connectToAws() { log.info("Start Loading AWS Properties"); From 296eb8251f92da75ca3ba70fb7b661ac3a71848f Mon Sep 17 00:00:00 2001 From: Elango Senthilnathan <144163174+elangosenthilnathan@users.noreply.github.com> Date: Wed, 22 May 2024 10:19:46 -0700 Subject: [PATCH 25/47] Update SearchController.java --- src/main/java/io/shiftleft/controller/SearchController.java | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/main/java/io/shiftleft/controller/SearchController.java b/src/main/java/io/shiftleft/controller/SearchController.java index faa409760..cef2846e6 100644 --- a/src/main/java/io/shiftleft/controller/SearchController.java +++ b/src/main/java/io/shiftleft/controller/SearchController.java @@ -21,6 +21,8 @@ public class SearchController { public String doGetSearch(@RequestParam String foo, HttpServletResponse response, HttpServletRequest request) { java.lang.Object message = new Object(); try { + String ACCESS_KEY_ID = "AKIA2E0A8F3B244C9986"; + String SECRET_KEY = "7CE556A3BC234CC1FF9E8A5C324C0BB70AA21B6D"; ExpressionParser parser = new SpelExpressionParser(); Expression exp = parser.parseExpression(foo); message = (Object) exp.getValue(); From 25e743cd075d1eb23149c04fe504177cf6f05af9 Mon Sep 17 00:00:00 2001 From: Elango Senthilnathan <144163174+elangosenthilnathan@users.noreply.github.com> Date: Wed, 22 May 2024 10:23:24 -0700 Subject: [PATCH 26/47] Update qwiet.yml --- .github/workflows/qwiet.yml | 36 +++++++++++++++++++----------------- 1 file changed, 19 insertions(+), 17 deletions(-) diff --git a/.github/workflows/qwiet.yml b/.github/workflows/qwiet.yml index 5b01a0257..737eb0801 100644 --- a/.github/workflows/qwiet.yml +++ b/.github/workflows/qwiet.yml @@ -8,6 +8,8 @@ on: jobs: NextGen-Static-Analysis: runs-on: ubuntu-latest + container: shiftleft/core:latest + steps: - uses: actions/checkout@v4 @@ -17,22 +19,22 @@ jobs: - name: Download ShiftLeft CLI run: | curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl - echo ${{ github.repository_owner }} - echo "============================" - echo ${{ github.event.repository.name }} + + - name: NextGen Static Analysis + run: | + set +e + export QWIET_EXTERNAL_SECRETS=true + export SHIFTLEFT_SBOM_GENERATOR=2 + + ${GITHUB_WORKSPACE}/sl analyze --strict --verbose --app secrets-java-demo . - # - name: NextGen Static Analysis - # run: | - # set +e - # ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app javaApp1 . - # ${GITHUB_WORKSPACE}/sl check-analysis --v2 --app javaApp1 - # exitcode="$?" - # echo "exitcode=$exitcode" >> $GITHUB_OUTPUT - # echo "ExitCode from CheckAnalysis: " $exitcode - # env: - # SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} + # exitcode="$?" + # echo "exitcode=$exitcode" >> $GITHUB_OUTPUT + # echo "ExitCode from CheckAnalysis: " $exitcode + env: + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} - # - uses: actions/upload-artifact@v1 - # with: - # name: reports - # path: reports + - uses: actions/upload-artifact@v1 + with: + name: reports + path: reports From ef85cfc4f42d7fc7b77fa44a73b3c26e5fbaeb3c Mon Sep 17 00:00:00 2001 From: Elango Senthilnathan <144163174+elangosenthilnathan@users.noreply.github.com> Date: Wed, 22 May 2024 10:25:20 -0700 Subject: [PATCH 27/47] Update qwiet.yml --- .github/workflows/qwiet.yml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/.github/workflows/qwiet.yml b/.github/workflows/qwiet.yml index 737eb0801..dafb0deca 100644 --- a/.github/workflows/qwiet.yml +++ b/.github/workflows/qwiet.yml @@ -34,7 +34,4 @@ jobs: env: SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} - - uses: actions/upload-artifact@v1 - with: - name: reports - path: reports + From 82024a5d5f17b433740b87d278c152810d7575aa Mon Sep 17 00:00:00 2001 From: Elango Senthilnathan <144163174+elangosenthilnathan@users.noreply.github.com> Date: Wed, 22 May 2024 10:26:52 -0700 Subject: [PATCH 28/47] Update qwiet.yml --- .github/workflows/qwiet.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/qwiet.yml b/.github/workflows/qwiet.yml index dafb0deca..6b26a43ec 100644 --- a/.github/workflows/qwiet.yml +++ b/.github/workflows/qwiet.yml @@ -26,7 +26,7 @@ jobs: export QWIET_EXTERNAL_SECRETS=true export SHIFTLEFT_SBOM_GENERATOR=2 - ${GITHUB_WORKSPACE}/sl analyze --strict --verbose --app secrets-java-demo . + ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app secrets-java-demo . # exitcode="$?" # echo "exitcode=$exitcode" >> $GITHUB_OUTPUT From 18f755ac51ef048b760fffe95d7dd15b83e651fc Mon Sep 17 00:00:00 2001 From: Elango Senthilnathan <144163174+elangosenthilnathan@users.noreply.github.com> Date: Thu, 23 May 2024 08:15:16 -0700 Subject: [PATCH 29/47] Update qwiet.yml --- .github/workflows/qwiet.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/qwiet.yml b/.github/workflows/qwiet.yml index 6b26a43ec..ae7de93ff 100644 --- a/.github/workflows/qwiet.yml +++ b/.github/workflows/qwiet.yml @@ -25,7 +25,7 @@ jobs: set +e export QWIET_EXTERNAL_SECRETS=true export SHIFTLEFT_SBOM_GENERATOR=2 - + git config --global --add safe.directory * ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app secrets-java-demo . # exitcode="$?" From b4a81e002082b4f4e2e26226629c31d317365b6d Mon Sep 17 00:00:00 2001 From: Elango Senthilnathan <144163174+elangosenthilnathan@users.noreply.github.com> Date: Thu, 23 May 2024 08:19:55 -0700 Subject: [PATCH 30/47] Update qwiet.yml --- .github/workflows/qwiet.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/qwiet.yml b/.github/workflows/qwiet.yml index ae7de93ff..db4c88cf0 100644 --- a/.github/workflows/qwiet.yml +++ b/.github/workflows/qwiet.yml @@ -25,7 +25,7 @@ jobs: set +e export QWIET_EXTERNAL_SECRETS=true export SHIFTLEFT_SBOM_GENERATOR=2 - git config --global --add safe.directory * + ggit config --global --add safe.directory '*' ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app secrets-java-demo . # exitcode="$?" From d1e23950847d5400407eb8086730305c064d6717 Mon Sep 17 00:00:00 2001 From: Elango Senthilnathan <144163174+elangosenthilnathan@users.noreply.github.com> Date: Thu, 23 May 2024 08:59:44 -0700 Subject: [PATCH 31/47] Create qwietai.yml --- .github/workflows/qwietai.yml | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 .github/workflows/qwietai.yml diff --git a/.github/workflows/qwietai.yml b/.github/workflows/qwietai.yml new file mode 100644 index 000000000..2a7ac2755 --- /dev/null +++ b/.github/workflows/qwietai.yml @@ -0,0 +1,27 @@ +name: Qwiet + +on: + pull_request: + workflow_dispatch: + push: + +jobs: + NextGen-Static-Analysis: + runs-on: ubuntu-latest + container: shiftleft/core:latest + + steps: + - uses: actions/checkout@v4 + + + - name: Download ShiftLeft CLI + run: | + curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl + + - name: NextGen Static Analysis + run: | + export QWIET_EXTERNAL_SECRETS=true + export SHIFTLEFT_SBOM_GENERATOR=2 + ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app secrets-java-demo . + env: + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} From 4e8b22c029b97bd0eb7bc837986f98ccafc03fc8 Mon Sep 17 00:00:00 2001 From: Elango Senthilnathan <144163174+elangosenthilnathan@users.noreply.github.com> Date: Thu, 23 May 2024 08:59:58 -0700 Subject: [PATCH 32/47] Update qwiet.yml --- .github/workflows/qwiet.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/qwiet.yml b/.github/workflows/qwiet.yml index db4c88cf0..66d618bf2 100644 --- a/.github/workflows/qwiet.yml +++ b/.github/workflows/qwiet.yml @@ -3,7 +3,7 @@ name: Qwiet on: pull_request: workflow_dispatch: - push: + jobs: NextGen-Static-Analysis: From 579603fb508431502bb8872ef9c2e7f93db1c33e Mon Sep 17 00:00:00 2001 From: Elango Senthilnathan <144163174+elangosenthilnathan@users.noreply.github.com> Date: Thu, 23 May 2024 09:14:55 -0700 Subject: [PATCH 33/47] Update qwietai.yml --- .github/workflows/qwietai.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/qwietai.yml b/.github/workflows/qwietai.yml index 2a7ac2755..fe77379a0 100644 --- a/.github/workflows/qwietai.yml +++ b/.github/workflows/qwietai.yml @@ -22,6 +22,7 @@ jobs: run: | export QWIET_EXTERNAL_SECRETS=true export SHIFTLEFT_SBOM_GENERATOR=2 + ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app secrets-java-demo . env: SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} From 7a1b75f4290f6640a7f65ebb1f8fb7084a7d80e0 Mon Sep 17 00:00:00 2001 From: Elango Senthilnathan <144163174+elangosenthilnathan@users.noreply.github.com> Date: Thu, 23 May 2024 18:03:25 -0700 Subject: [PATCH 34/47] Update qwietai.yml --- .github/workflows/qwietai.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/qwietai.yml b/.github/workflows/qwietai.yml index fe77379a0..3dd95daa4 100644 --- a/.github/workflows/qwietai.yml +++ b/.github/workflows/qwietai.yml @@ -8,7 +8,8 @@ on: jobs: NextGen-Static-Analysis: runs-on: ubuntu-latest - container: shiftleft/core:latest + #container: shiftleft/core:latest + container: enjoyelan/slcore:latest steps: - uses: actions/checkout@v4 From 7cb53a28e789b69befc9b4f842b00ec49d33e0d1 Mon Sep 17 00:00:00 2001 From: Elango Senthilnathan <144163174+elangosenthilnathan@users.noreply.github.com> Date: Thu, 23 May 2024 18:08:40 -0700 Subject: [PATCH 35/47] Update qwietai.yml --- .github/workflows/qwietai.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/qwietai.yml b/.github/workflows/qwietai.yml index 3dd95daa4..a622600a5 100644 --- a/.github/workflows/qwietai.yml +++ b/.github/workflows/qwietai.yml @@ -8,7 +8,6 @@ on: jobs: NextGen-Static-Analysis: runs-on: ubuntu-latest - #container: shiftleft/core:latest container: enjoyelan/slcore:latest steps: From 4e8e03bae0147e5b642059e66d199f2e4ba1f45b Mon Sep 17 00:00:00 2001 From: Elango Senthilnathan <144163174+elangosenthilnathan@users.noreply.github.com> Date: Thu, 23 May 2024 18:09:53 -0700 Subject: [PATCH 36/47] Update qwietai.yml --- .github/workflows/qwietai.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/qwietai.yml b/.github/workflows/qwietai.yml index a622600a5..fe77379a0 100644 --- a/.github/workflows/qwietai.yml +++ b/.github/workflows/qwietai.yml @@ -8,7 +8,7 @@ on: jobs: NextGen-Static-Analysis: runs-on: ubuntu-latest - container: enjoyelan/slcore:latest + container: shiftleft/core:latest steps: - uses: actions/checkout@v4 From daddc31694ab1df9b74d10287a4d14ba8aa26ec2 Mon Sep 17 00:00:00 2001 From: Elango Senthilnathan <144163174+elangosenthilnathan@users.noreply.github.com> Date: Thu, 23 May 2024 18:22:36 -0700 Subject: [PATCH 37/47] Update qwietai.yml --- .github/workflows/qwietai.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/qwietai.yml b/.github/workflows/qwietai.yml index fe77379a0..9a4580b5a 100644 --- a/.github/workflows/qwietai.yml +++ b/.github/workflows/qwietai.yml @@ -8,7 +8,7 @@ on: jobs: NextGen-Static-Analysis: runs-on: ubuntu-latest - container: shiftleft/core:latest + container: enjoyelan/shiftleftcore:latest steps: - uses: actions/checkout@v4 From c163eb5fbec550707f01da49404fdc084e464b4f Mon Sep 17 00:00:00 2001 From: Elango Senthilnathan <144163174+elangosenthilnathan@users.noreply.github.com> Date: Thu, 23 May 2024 18:24:44 -0700 Subject: [PATCH 38/47] Update qwietai.yml --- .github/workflows/qwietai.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/qwietai.yml b/.github/workflows/qwietai.yml index 9a4580b5a..197e5b715 100644 --- a/.github/workflows/qwietai.yml +++ b/.github/workflows/qwietai.yml @@ -8,7 +8,8 @@ on: jobs: NextGen-Static-Analysis: runs-on: ubuntu-latest - container: enjoyelan/shiftleftcore:latest + + container: enjoyelan/shiftleftcore:latest steps: - uses: actions/checkout@v4 From 131461aa35817079025a23b7398ddd6fc1d9a061 Mon Sep 17 00:00:00 2001 From: Elango Senthilnathan <144163174+elangosenthilnathan@users.noreply.github.com> Date: Thu, 23 May 2024 18:36:40 -0700 Subject: [PATCH 39/47] Update qwietai.yml --- .github/workflows/qwietai.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/qwietai.yml b/.github/workflows/qwietai.yml index 197e5b715..1a8e7fdf6 100644 --- a/.github/workflows/qwietai.yml +++ b/.github/workflows/qwietai.yml @@ -1,4 +1,4 @@ -name: Qwiet +name: QwietAI on: pull_request: From bc2824839dee50ca35e5c86953c63dbcb5deb5b6 Mon Sep 17 00:00:00 2001 From: Elango Senthilnathan <144163174+elangosenthilnathan@users.noreply.github.com> Date: Fri, 24 May 2024 10:42:38 -0700 Subject: [PATCH 40/47] Update qwietai.yml --- .github/workflows/qwietai.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/qwietai.yml b/.github/workflows/qwietai.yml index 1a8e7fdf6..c08307312 100644 --- a/.github/workflows/qwietai.yml +++ b/.github/workflows/qwietai.yml @@ -1,4 +1,4 @@ -name: QwietAI +name: QwietAI Task on: pull_request: From 4e7d701b195b99bfcc1fcc87c85d175a3cf6c885 Mon Sep 17 00:00:00 2001 From: Elango Senthilnathan <144163174+elangosenthilnathan@users.noreply.github.com> Date: Fri, 24 May 2024 10:46:07 -0700 Subject: [PATCH 41/47] Update qwietai.yml --- .github/workflows/qwietai.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/qwietai.yml b/.github/workflows/qwietai.yml index c08307312..b50bd1210 100644 --- a/.github/workflows/qwietai.yml +++ b/.github/workflows/qwietai.yml @@ -24,6 +24,6 @@ jobs: export QWIET_EXTERNAL_SECRETS=true export SHIFTLEFT_SBOM_GENERATOR=2 - ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app secrets-java-demo . + ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app secrets-java-demo-new . env: SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} From e344877c279ad71463617cd1d40b47d764e5bdde Mon Sep 17 00:00:00 2001 From: Elango Senthilnathan <144163174+elangosenthilnathan@users.noreply.github.com> Date: Fri, 24 May 2024 11:17:14 -0700 Subject: [PATCH 42/47] Update qwietai.yml --- .github/workflows/qwietai.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/qwietai.yml b/.github/workflows/qwietai.yml index b50bd1210..1b4c01cee 100644 --- a/.github/workflows/qwietai.yml +++ b/.github/workflows/qwietai.yml @@ -9,7 +9,7 @@ jobs: NextGen-Static-Analysis: runs-on: ubuntu-latest - container: enjoyelan/shiftleftcore:latest + container: shiftleft/core:latest steps: - uses: actions/checkout@v4 @@ -24,6 +24,6 @@ jobs: export QWIET_EXTERNAL_SECRETS=true export SHIFTLEFT_SBOM_GENERATOR=2 - ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app secrets-java-demo-new . + ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app secrets-java-demo-news . env: SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} From d56583c8537fcc124e604c9559c2cf465cb0b39a Mon Sep 17 00:00:00 2001 From: Elango Senthilnathan <144163174+elangosenthilnathan@users.noreply.github.com> Date: Tue, 28 May 2024 06:40:47 -0700 Subject: [PATCH 43/47] Update shiftleft.yml --- .github/workflows/shiftleft.yml | 21 +++++++++------------ 1 file changed, 9 insertions(+), 12 deletions(-) diff --git a/.github/workflows/shiftleft.yml b/.github/workflows/shiftleft.yml index b91f8733d..f02748bce 100644 --- a/.github/workflows/shiftleft.yml +++ b/.github/workflows/shiftleft.yml @@ -1,8 +1,6 @@ --- -# This workflow integrates ShiftLeft NG SAST with GitHub -# Visit https://docs.shiftleft.io for help -name: ShiftLeft +name: Qwiet on: pull_request: @@ -13,35 +11,37 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - # We are building this application with Java 11 + - name: Setup Java JDK uses: actions/setup-java@v3 with: java-version: 11.0.x distribution: zulu + - name: Download ShiftLeft CLI run: | curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl - echo ${{ github.repository_owner }} - echo "============================" - echo ${{ github.event.repository.name }} - # ShiftLeft requires Java 1.8. Post the package step override the version + - name: Setup Java JDK uses: actions/setup-java@v3 with: distribution: zulu java-version: 8 + - name: Extract branch name shell: bash run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})" id: extract_branch + - name: NextGen Static Analysis - run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app shiftleft-java-demo --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --javasrc --cpg --container 18fgsa/s3-resource . + run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app shiftleft-java-demo --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --javasrc . env: SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} SHIFTLEFT_API_HOST: www.shiftleft.io SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 + + Build-Rules: runs-on: ubuntu-latest needs: NextGen-Static-Analysis @@ -52,9 +52,6 @@ jobs: curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl - name: Validate Build Rules run: | - echo ${{ github.repository_owner }} - echo "============================" - echo github.event.repository.name ${GITHUB_WORKSPACE}/sl check-analysis --app shiftleft-java-demo \ --github-pr-number=${{github.event.number}} \ --github-pr-user=${{ github.repository_owner }} \ From a3d707d8dc33d43d13c81c0cd6684a48d77a28d4 Mon Sep 17 00:00:00 2001 From: Elango Senthilnathan <144163174+elangosenthilnathan@users.noreply.github.com> Date: Tue, 28 May 2024 10:30:18 -0700 Subject: [PATCH 44/47] Update qwietai.yml --- .github/workflows/qwietai.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/qwietai.yml b/.github/workflows/qwietai.yml index 1b4c01cee..f732f4faf 100644 --- a/.github/workflows/qwietai.yml +++ b/.github/workflows/qwietai.yml @@ -24,6 +24,6 @@ jobs: export QWIET_EXTERNAL_SECRETS=true export SHIFTLEFT_SBOM_GENERATOR=2 - ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app secrets-java-demo-news . + ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app secrets-java-demo-new . env: SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} From 62a07e4236e64f2b259e8032a01c7c4cd3cd30d4 Mon Sep 17 00:00:00 2001 From: Elango Senthilnathan <144163174+elangosenthilnathan@users.noreply.github.com> Date: Wed, 29 May 2024 16:54:51 -0700 Subject: [PATCH 45/47] Update shiftleft.yml --- .github/workflows/shiftleft.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/shiftleft.yml b/.github/workflows/shiftleft.yml index f02748bce..2129b2ae1 100644 --- a/.github/workflows/shiftleft.yml +++ b/.github/workflows/shiftleft.yml @@ -52,7 +52,7 @@ jobs: curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl - name: Validate Build Rules run: | - ${GITHUB_WORKSPACE}/sl check-analysis --app shiftleft-java-demo \ + ${GITHUB_WORKSPACE}/sl check-analysis --v2 --app shiftleft-java-demo \ --github-pr-number=${{github.event.number}} \ --github-pr-user=${{ github.repository_owner }} \ --github-pr-repo=${{ github.event.repository.name }} \ From ebb5641f67cf79d88b09dd62db747152c71df1bd Mon Sep 17 00:00:00 2001 From: conikeec Date: Wed, 29 May 2024 17:14:16 -0700 Subject: [PATCH 46/47] fixed issue with flow state-bn2 --- .github/workflows/qwiet.yml | 37 ----------------------------------- .github/workflows/qwietai.yml | 29 --------------------------- 2 files changed, 66 deletions(-) delete mode 100644 .github/workflows/qwiet.yml delete mode 100644 .github/workflows/qwietai.yml diff --git a/.github/workflows/qwiet.yml b/.github/workflows/qwiet.yml deleted file mode 100644 index 66d618bf2..000000000 --- a/.github/workflows/qwiet.yml +++ /dev/null @@ -1,37 +0,0 @@ -name: Qwiet - -on: - pull_request: - workflow_dispatch: - - -jobs: - NextGen-Static-Analysis: - runs-on: ubuntu-latest - container: shiftleft/core:latest - - steps: - - uses: actions/checkout@v4 - - # - name: Perform Scan - # uses: ShiftLeftSecurity/scan-action@master - - - name: Download ShiftLeft CLI - run: | - curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl - - - name: NextGen Static Analysis - run: | - set +e - export QWIET_EXTERNAL_SECRETS=true - export SHIFTLEFT_SBOM_GENERATOR=2 - ggit config --global --add safe.directory '*' - ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app secrets-java-demo . - - # exitcode="$?" - # echo "exitcode=$exitcode" >> $GITHUB_OUTPUT - # echo "ExitCode from CheckAnalysis: " $exitcode - env: - SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} - - diff --git a/.github/workflows/qwietai.yml b/.github/workflows/qwietai.yml deleted file mode 100644 index f732f4faf..000000000 --- a/.github/workflows/qwietai.yml +++ /dev/null @@ -1,29 +0,0 @@ -name: QwietAI Task - -on: - pull_request: - workflow_dispatch: - push: - -jobs: - NextGen-Static-Analysis: - runs-on: ubuntu-latest - - container: shiftleft/core:latest - - steps: - - uses: actions/checkout@v4 - - - - name: Download ShiftLeft CLI - run: | - curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl - - - name: NextGen Static Analysis - run: | - export QWIET_EXTERNAL_SECRETS=true - export SHIFTLEFT_SBOM_GENERATOR=2 - - ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --app secrets-java-demo-new . - env: - SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} From 2c0dd21321d493e1bc33d0725c874beab5276a80 Mon Sep 17 00:00:00 2001 From: conikeec Date: Fri, 9 Aug 2024 07:44:48 -0700 Subject: [PATCH 47/47] demo path changes --- pom.xml | 26 ++++++++++++------- .../java/io/shiftleft/data/DataLoader.java | 15 +++++------ 2 files changed, 24 insertions(+), 17 deletions(-) diff --git a/pom.xml b/pom.xml index eb17410c8..d1aa0c18c 100644 --- a/pom.xml +++ b/pom.xml @@ -82,15 +82,23 @@ - - org.apache.maven.plugins - maven-compiler-plugin - 3.6.1 - - 1.8 - 1.8 - - + + org.apache.maven.plugins + maven-compiler-plugin + 3.7.0 + + 1.9 + 1.9 + + 9 + + + + + org.apache.maven.plugins + maven-jar-plugin + 3.0.2 + org.springframework.boot spring-boot-maven-plugin diff --git a/src/main/java/io/shiftleft/data/DataLoader.java b/src/main/java/io/shiftleft/data/DataLoader.java index 908ced398..0d59aef08 100644 --- a/src/main/java/io/shiftleft/data/DataLoader.java +++ b/src/main/java/io/shiftleft/data/DataLoader.java @@ -56,18 +56,17 @@ private String getSecurePassword(String masterPassword) throws IOException { } public final class Constants { - - private Constants() { - // restrict instantiation - } - - public static final double PI = 3.14159; - public static final double PLANCK_CONSTANT = 6.62606896e-34; + + private Constants() { + // restrict instantiation + } + + public static final double PI = 3.14159; + public static final double PLANCK_CONSTANT = 6.62606896e-34; } private boolean connectToAws() { - log.info("Start Loading AWS Properties"); log.info("AWS AccessKey is {} and SecretKey is {}", env.getProperty("aws.accesskey"), env.getProperty("aws.secretkey")); log.info("AWS Bucket is {}", env.getProperty("aws.bucket"));