-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathaction.yml
87 lines (80 loc) · 2.77 KB
/
action.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
name: 'Contrast Security SARIF'
description: 'Contrast SARIF file generation'
inputs:
apiKey:
description: 'An agent API key provided by Contrast (required).'
required: true
authHeader:
description: 'User authorization credentials provided by Contrast (required).'
required: true
orgId:
description: 'The ID of your organization in Contrast (required).'
required: true
applicationId:
description: 'The ID of your application.'
required: false
apiUrl:
description: 'The name of the host. Includes the protocol section of the URL (https://). Defaults to https://ce.contrastsecurity.com. (optional)'
required: false
default: "https://ce.contrastsecurity.com"
metadata:
description: 'Metadata filter to be passed to the Contrast CLI when running sarif command'
required: false
ghasEnabled:
description: 'When set to true, will upload sarif to the GHAS integration'
required: false
default: 'true'
runs:
using: "composite"
steps:
- name: Get Latest CLI
run: |
echo "Downloading Contrast CLI 2.3.0"
curl --location 'https://pkg.contrastsecurity.com/artifactory/cli/v2/2.3.0/linux/contrast' --output contrast
shell: bash
- run: chmod +x contrast
shell: bash
- name: Get CLI Required Arguments
id: required-args
shell: bash
run: |
echo "Setting Required Args..."
args=()
args+=("--api-key ${{ inputs.apiKey }}")
args+=("--authorization ${{ inputs.authHeader }}")
args+=("--organization-id ${{ inputs.orgId }}")
args+=("--host ${{ inputs.apiUrl }}")
echo "args=${args[@]}" >> $GITHUB_OUTPUT
- name: Get CLI Optional Arguments
id: optional-args
shell: bash
run: |
echo "Setting Optional Args..."
args=()
if [ -n "${{inputs.metadata}}" ]; then
args+=("--metadata")
args+=("${{ inputs.metadata }}")
fi
if [ -n "${{inputs.applicationId}}" ]; then
args+=("--application-id")
args+=("${{ inputs.applicationId }}")
fi
echo "args=${args[@]}" >> $GITHUB_OUTPUT
- name: Run Contrast Sarif CLI Command
continue-on-error: true
id: run-sarif
shell: bash
run: |
echo "Running the Contrast Sarif Command..."
./contrast sarif ${{ steps.required-args.outputs.args }} ${{ steps.optional-args.outputs.args }}
echo sarif=$(cat contrast.sarif) >> $GITHUB_OUTPUT
- name: Upload sarif file to summary
uses: actions/upload-artifact@v3
with:
name: contrast.sarif
path: contrast.sarif
- name: Upload SARIF file
if: ${{ inputs.ghasEnabled == 'true'}}
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: contrast.sarif