From 1e2a23ac58ef3d2be41c2aa9a7873794fef2ca4c Mon Sep 17 00:00:00 2001 From: ronaldvm <33999383+ronaldvm@users.noreply.github.com> Date: Mon, 24 Oct 2022 15:10:58 +1100 Subject: [PATCH 01/16] Set up CI with Azure Pipelines [skip ci] --- azure-pipelines.yml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 azure-pipelines.yml diff --git a/azure-pipelines.yml b/azure-pipelines.yml new file mode 100644 index 00000000..99116361 --- /dev/null +++ b/azure-pipelines.yml @@ -0,0 +1,22 @@ +# Starter pipeline +# Start with a minimal pipeline that you can customize to build and deploy your code. +# Add steps that build, run tests, deploy, and more: +# https://aka.ms/yaml + +trigger: +- master + +pool: + vmImage: ubuntu-latest + + +- task: Bash@3 + inputs: + targetType: 'inline' + script: | + # Write your commands here + echo '************************************************************************************************POLARIS SAAS SCAN STARTED************************************************************************************************' + curl -fLsS -o bridge.zip $(BRIDGE_URL) + rm -rf /tmp/bridge && unzip -q -d /tmp/bridge bridge.zip && rm -f bridge.zip + /tmp/bridge/bridge --stage polaris polaris.serverUrl=$(BRIDGE_POLARIS_SERVERURL) polaris.application.name=$(BRIDGE_POLARIS_APPLICATION_NAME) polaris.project.name=$(BRIDGE_POLARIS_PROJECT_NAME) polaris.assessment.types='["SAST","SCA"]' polaris.accessToken=$(BRIDGE_POLARIS_ACCESSTOKEN + echo '************************************************************************************************POLARIS SAAS SCAN COMPLETE************************************************************************************************' \ No newline at end of file From 6762f345313b78c84e8f5a0d3f750c88c509b3fc Mon Sep 17 00:00:00 2001 From: ronaldvm <33999383+ronaldvm@users.noreply.github.com> Date: Mon, 24 Oct 2022 15:13:25 +1100 Subject: [PATCH 02/16] Update azure-pipelines.yml for Azure Pipelines --- azure-pipelines.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/azure-pipelines.yml b/azure-pipelines.yml index 99116361..1e125fd7 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -9,7 +9,6 @@ trigger: pool: vmImage: ubuntu-latest - - task: Bash@3 inputs: targetType: 'inline' From 8b1413c03748830046282a044cb98a69230e442b Mon Sep 17 00:00:00 2001 From: ronaldvm <33999383+ronaldvm@users.noreply.github.com> Date: Mon, 24 Oct 2022 15:15:13 +1100 Subject: [PATCH 03/16] Update azure-pipelines.yml for Azure Pipelines --- azure-pipelines.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/azure-pipelines.yml b/azure-pipelines.yml index 1e125fd7..bce1e4b2 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -9,6 +9,14 @@ trigger: pool: vmImage: ubuntu-latest +- task: Bash@3 + inputs: + targetType: 'inline' + script: | + # Write your commands here + + echo 'Hello world' + - task: Bash@3 inputs: targetType: 'inline' From a527ca125a72984aee6202b11cbaebc3d8ea6946 Mon Sep 17 00:00:00 2001 From: ronaldvm <33999383+ronaldvm@users.noreply.github.com> Date: Mon, 24 Oct 2022 15:16:13 +1100 Subject: [PATCH 04/16] Update azure-pipelines.yml for Azure Pipelines --- azure-pipelines.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/azure-pipelines.yml b/azure-pipelines.yml index bce1e4b2..f1dbb517 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -22,8 +22,6 @@ pool: targetType: 'inline' script: | # Write your commands here - echo '************************************************************************************************POLARIS SAAS SCAN STARTED************************************************************************************************' curl -fLsS -o bridge.zip $(BRIDGE_URL) rm -rf /tmp/bridge && unzip -q -d /tmp/bridge bridge.zip && rm -f bridge.zip - /tmp/bridge/bridge --stage polaris polaris.serverUrl=$(BRIDGE_POLARIS_SERVERURL) polaris.application.name=$(BRIDGE_POLARIS_APPLICATION_NAME) polaris.project.name=$(BRIDGE_POLARIS_PROJECT_NAME) polaris.assessment.types='["SAST","SCA"]' polaris.accessToken=$(BRIDGE_POLARIS_ACCESSTOKEN - echo '************************************************************************************************POLARIS SAAS SCAN COMPLETE************************************************************************************************' \ No newline at end of file + /tmp/bridge/bridge --stage polaris polaris.serverUrl=$(BRIDGE_POLARIS_SERVERURL) polaris.application.name=$(BRIDGE_POLARIS_APPLICATION_NAME) polaris.project.name=$(BRIDGE_POLARIS_PROJECT_NAME) polaris.assessment.types='["SAST","SCA"]' polaris.accessToken=$(BRIDGE_POLARIS_ACCESSTOKEN \ No newline at end of file From 0395e65b902b756fc229cce8cb65d5c557cff1f8 Mon Sep 17 00:00:00 2001 From: ronaldvm <33999383+ronaldvm@users.noreply.github.com> Date: Mon, 24 Oct 2022 15:16:29 +1100 Subject: [PATCH 05/16] Update azure-pipelines.yml for Azure Pipelines --- azure-pipelines.yml | 11 +---------- 1 file changed, 1 insertion(+), 10 deletions(-) diff --git a/azure-pipelines.yml b/azure-pipelines.yml index f1dbb517..59d0beec 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -15,13 +15,4 @@ pool: script: | # Write your commands here - echo 'Hello world' - -- task: Bash@3 - inputs: - targetType: 'inline' - script: | - # Write your commands here - curl -fLsS -o bridge.zip $(BRIDGE_URL) - rm -rf /tmp/bridge && unzip -q -d /tmp/bridge bridge.zip && rm -f bridge.zip - /tmp/bridge/bridge --stage polaris polaris.serverUrl=$(BRIDGE_POLARIS_SERVERURL) polaris.application.name=$(BRIDGE_POLARIS_APPLICATION_NAME) polaris.project.name=$(BRIDGE_POLARIS_PROJECT_NAME) polaris.assessment.types='["SAST","SCA"]' polaris.accessToken=$(BRIDGE_POLARIS_ACCESSTOKEN \ No newline at end of file + echo 'Hello world' \ No newline at end of file From 434dc64747e7b0581d79e8d43d513971f8a40bc9 Mon Sep 17 00:00:00 2001 From: ronaldvm <33999383+ronaldvm@users.noreply.github.com> Date: Tue, 3 Jan 2023 15:55:57 +1100 Subject: [PATCH 06/16] Update azure-pipelines.yml --- azure-pipelines.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/azure-pipelines.yml b/azure-pipelines.yml index 59d0beec..e192023a 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -9,10 +9,10 @@ trigger: pool: vmImage: ubuntu-latest -- task: Bash@3 +task: Bash@3 inputs: targetType: 'inline' script: | # Write your commands here - echo 'Hello world' \ No newline at end of file + echo 'Hello world' From 2c58f1da8f8ce1f6bc822800f7ab01f1f21eaa96 Mon Sep 17 00:00:00 2001 From: ronaldvm <33999383+ronaldvm@users.noreply.github.com> Date: Tue, 3 Jan 2023 15:58:32 +1100 Subject: [PATCH 07/16] Update azure-pipelines.yml --- azure-pipelines.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/azure-pipelines.yml b/azure-pipelines.yml index e192023a..d33b6d0d 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -9,7 +9,8 @@ trigger: pool: vmImage: ubuntu-latest -task: Bash@3 +steps: +- task: Bash@3 inputs: targetType: 'inline' script: | From 480b2aa73eb8316fcb87154ec7f7af99e82cd4ce Mon Sep 17 00:00:00 2001 From: ronaldvm <33999383+ronaldvm@users.noreply.github.com> Date: Tue, 3 Jan 2023 16:18:21 +1100 Subject: [PATCH 08/16] Update azure-pipelines.yml --- azure-pipelines.yml | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/azure-pipelines.yml b/azure-pipelines.yml index d33b6d0d..316cb693 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -14,6 +14,10 @@ steps: inputs: targetType: 'inline' script: | - # Write your commands here - - echo 'Hello world' + export BRIDGE_POLARIS_APPLICATION_NAME=rmichael-app + export BRIDGE_POLARIS_PROJECT_NAME=P5 + curl -fLsS -o $(Agent.TempDirectory)/bridge.zip $BRIDGE + unzip -qo -d $(Agent.TempDirectory)/bridge $(Agent.TempDirectory)/bridge.zip + $(Agent.TempDirectory)/bridge/bridge --stage polaris polaris.assessment.types='["SAST","SCA"]' + displayName: 'Polaris Scan' + From 89a66cbd72140197b7a6f899dbf69c4100a54fd1 Mon Sep 17 00:00:00 2001 From: ronaldvm <33999383+ronaldvm@users.noreply.github.com> Date: Tue, 3 Jan 2023 16:27:08 +1100 Subject: [PATCH 09/16] Update azure-pipelines.yml for Azure Pipelines --- azure-pipelines.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/azure-pipelines.yml b/azure-pipelines.yml index 316cb693..5b80a0af 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -16,8 +16,9 @@ steps: script: | export BRIDGE_POLARIS_APPLICATION_NAME=rmichael-app export BRIDGE_POLARIS_PROJECT_NAME=P5 + export BRIDGE_POLARIS_ACCESSTOKEN=$(BRIDGE_POLARIS_ACCESSTOKEN) curl -fLsS -o $(Agent.TempDirectory)/bridge.zip $BRIDGE unzip -qo -d $(Agent.TempDirectory)/bridge $(Agent.TempDirectory)/bridge.zip - $(Agent.TempDirectory)/bridge/bridge --stage polaris polaris.assessment.types='["SAST","SCA"]' + $(Agent.TempDirectory)/bridge/bridge --stage polaris polaris.serverUrl=https://poc.polaris.synopsys.com polaris.application.name="rmichael-app" polaris.project.name="P5" polaris.assessment.types=[\"SAST\",\"SCA\"] displayName: 'Polaris Scan' From 316f82fae531295af965cbf613b355036a506c28 Mon Sep 17 00:00:00 2001 From: ronaldvm <33999383+ronaldvm@users.noreply.github.com> Date: Tue, 3 Jan 2023 16:28:53 +1100 Subject: [PATCH 10/16] Update azure-pipelines.yml for Azure Pipelines --- azure-pipelines.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/azure-pipelines.yml b/azure-pipelines.yml index 5b80a0af..7d94b4cc 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -19,6 +19,6 @@ steps: export BRIDGE_POLARIS_ACCESSTOKEN=$(BRIDGE_POLARIS_ACCESSTOKEN) curl -fLsS -o $(Agent.TempDirectory)/bridge.zip $BRIDGE unzip -qo -d $(Agent.TempDirectory)/bridge $(Agent.TempDirectory)/bridge.zip - $(Agent.TempDirectory)/bridge/bridge --stage polaris polaris.serverUrl=https://poc.polaris.synopsys.com polaris.application.name="rmichael-app" polaris.project.name="P5" polaris.assessment.types=[\"SAST\",\"SCA\"] + $(Agent.TempDirectory)/bridge/bridge --stage polaris polaris.serverUrl=https://poc.polaris.synopsys.com polaris.application.name="rmichael-app" polaris.project.name="P5" polaris.assessment.types=["SAST","SCA"] displayName: 'Polaris Scan' From bef9df66479b734c9687c1bcf77351ba48bc1ace Mon Sep 17 00:00:00 2001 From: ronaldvm <33999383+ronaldvm@users.noreply.github.com> Date: Tue, 3 Jan 2023 16:32:45 +1100 Subject: [PATCH 11/16] Update azure-pipelines.yml for Azure Pipelines --- azure-pipelines.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/azure-pipelines.yml b/azure-pipelines.yml index 7d94b4cc..ec104278 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -19,6 +19,6 @@ steps: export BRIDGE_POLARIS_ACCESSTOKEN=$(BRIDGE_POLARIS_ACCESSTOKEN) curl -fLsS -o $(Agent.TempDirectory)/bridge.zip $BRIDGE unzip -qo -d $(Agent.TempDirectory)/bridge $(Agent.TempDirectory)/bridge.zip - $(Agent.TempDirectory)/bridge/bridge --stage polaris polaris.serverUrl=https://poc.polaris.synopsys.com polaris.application.name="rmichael-app" polaris.project.name="P5" polaris.assessment.types=["SAST","SCA"] + $(Agent.TempDirectory)/bridge/bridge --stage polaris polaris.serverUrl=https://poc.polaris.synopsys.com polaris.application.name="rmichael-app" polaris.project.name="P5" polaris.assessment.types=[SAST] displayName: 'Polaris Scan' From 971501ea9aaa975a560c53303ed33f9a32a84d67 Mon Sep 17 00:00:00 2001 From: ronaldvm <33999383+ronaldvm@users.noreply.github.com> Date: Tue, 3 Jan 2023 16:35:32 +1100 Subject: [PATCH 12/16] Update azure-pipelines.yml --- azure-pipelines.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/azure-pipelines.yml b/azure-pipelines.yml index ec104278..89fe31a0 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -19,6 +19,6 @@ steps: export BRIDGE_POLARIS_ACCESSTOKEN=$(BRIDGE_POLARIS_ACCESSTOKEN) curl -fLsS -o $(Agent.TempDirectory)/bridge.zip $BRIDGE unzip -qo -d $(Agent.TempDirectory)/bridge $(Agent.TempDirectory)/bridge.zip - $(Agent.TempDirectory)/bridge/bridge --stage polaris polaris.serverUrl=https://poc.polaris.synopsys.com polaris.application.name="rmichael-app" polaris.project.name="P5" polaris.assessment.types=[SAST] + $(Agent.TempDirectory)/bridge/bridge --stage polaris polaris.serverUrl=https://poc.polaris.synopsys.com polaris.application.name="rmichael-app" polaris.project.name="P5" polaris.assessment.types=[\"SAST\"] displayName: 'Polaris Scan' From 66b61ebd66e162de7b6e56b341594093f6632b68 Mon Sep 17 00:00:00 2001 From: ronaldvm <33999383+ronaldvm@users.noreply.github.com> Date: Tue, 3 Jan 2023 16:36:59 +1100 Subject: [PATCH 13/16] Update azure-pipelines.yml --- azure-pipelines.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/azure-pipelines.yml b/azure-pipelines.yml index 89fe31a0..f8ae2120 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -19,6 +19,6 @@ steps: export BRIDGE_POLARIS_ACCESSTOKEN=$(BRIDGE_POLARIS_ACCESSTOKEN) curl -fLsS -o $(Agent.TempDirectory)/bridge.zip $BRIDGE unzip -qo -d $(Agent.TempDirectory)/bridge $(Agent.TempDirectory)/bridge.zip - $(Agent.TempDirectory)/bridge/bridge --stage polaris polaris.serverUrl=https://poc.polaris.synopsys.com polaris.application.name="rmichael-app" polaris.project.name="P5" polaris.assessment.types=[\"SAST\"] + $(Agent.TempDirectory)/bridge/bridge --stage polaris polaris.serverUrl=https://poc.polaris.synopsys.com polaris.application.name="rmichael-app" polaris.project.name="P5" polaris.assessment.types="[\"SAST\"]" displayName: 'Polaris Scan' From f85026ec210c0e1c589fb4130eaf6e3be2745c56 Mon Sep 17 00:00:00 2001 From: ronaldvm <33999383+ronaldvm@users.noreply.github.com> Date: Tue, 3 Jan 2023 16:39:56 +1100 Subject: [PATCH 14/16] Update azure-pipelines.yml --- azure-pipelines.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/azure-pipelines.yml b/azure-pipelines.yml index f8ae2120..999cc0f0 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -19,6 +19,6 @@ steps: export BRIDGE_POLARIS_ACCESSTOKEN=$(BRIDGE_POLARIS_ACCESSTOKEN) curl -fLsS -o $(Agent.TempDirectory)/bridge.zip $BRIDGE unzip -qo -d $(Agent.TempDirectory)/bridge $(Agent.TempDirectory)/bridge.zip - $(Agent.TempDirectory)/bridge/bridge --stage polaris polaris.serverUrl=https://poc.polaris.synopsys.com polaris.application.name="rmichael-app" polaris.project.name="P5" polaris.assessment.types="[\"SAST\"]" + $(Agent.TempDirectory)/bridge/bridge --stage polaris polaris.serverUrl=https://poc.polaris.synopsys.com polaris.application.name="rmichael-app" polaris.project.name="P5" polaris.assessment.types="SAST" displayName: 'Polaris Scan' From 9b8c7c23c71132c8a60e9d286636ee077cbc9f15 Mon Sep 17 00:00:00 2001 From: ronaldvm <33999383+ronaldvm@users.noreply.github.com> Date: Tue, 3 Jan 2023 16:45:15 +1100 Subject: [PATCH 15/16] Update azure-pipelines.yml --- azure-pipelines.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/azure-pipelines.yml b/azure-pipelines.yml index 999cc0f0..ebcb7196 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -19,6 +19,6 @@ steps: export BRIDGE_POLARIS_ACCESSTOKEN=$(BRIDGE_POLARIS_ACCESSTOKEN) curl -fLsS -o $(Agent.TempDirectory)/bridge.zip $BRIDGE unzip -qo -d $(Agent.TempDirectory)/bridge $(Agent.TempDirectory)/bridge.zip - $(Agent.TempDirectory)/bridge/bridge --stage polaris polaris.serverUrl=https://poc.polaris.synopsys.com polaris.application.name="rmichael-app" polaris.project.name="P5" polaris.assessment.types="SAST" + $(Agent.TempDirectory)/bridge/bridge --stage polaris polaris.serverUrl=https://poc.polaris.synopsys.com polaris.application.name="rmichael-app" polaris.project.name="P5" polaris.assessment.types="SAST","SCA" displayName: 'Polaris Scan' From 19b70583d919ca63127e1f5c7344bcefd7b10109 Mon Sep 17 00:00:00 2001 From: "semgrep.dev on behalf of @ronaldvm" Date: Tue, 7 May 2024 07:24:05 +0000 Subject: [PATCH 16/16] Add Semgrep CI --- .github/workflows/semgrep.yml | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 .github/workflows/semgrep.yml diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml new file mode 100644 index 00000000..1ba2b2ff --- /dev/null +++ b/.github/workflows/semgrep.yml @@ -0,0 +1,24 @@ +on: + workflow_dispatch: {} + pull_request: {} + push: + branches: + - main + - master + paths: + - .github/workflows/semgrep.yml + schedule: + # random HH:MM to avoid a load spike on GitHub Actions at 00:00 + - cron: 44 21 * * * +name: Semgrep +jobs: + semgrep: + name: semgrep/ci + runs-on: ubuntu-20.04 + env: + SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }} + container: + image: returntocorp/semgrep + steps: + - uses: actions/checkout@v3 + - run: semgrep ci