From ca42c33a8074d921987406d8e04b9786abf6a3d0 Mon Sep 17 00:00:00 2001 From: "semgrep.dev on behalf of @oak" Date: Sun, 21 Apr 2024 08:19:48 +0000 Subject: [PATCH 1/5] Add Semgrep CI --- .github/workflows/semgrep.yml | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 .github/workflows/semgrep.yml diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml new file mode 100644 index 0000000000..25e578eeb7 --- /dev/null +++ b/.github/workflows/semgrep.yml @@ -0,0 +1,24 @@ +on: + workflow_dispatch: {} + pull_request: {} + push: + branches: + - main + - master + paths: + - .github/workflows/semgrep.yml + schedule: + # random HH:MM to avoid a load spike on GitHub Actions at 00:00 + - cron: 57 10 * * * +name: Semgrep +jobs: + semgrep: + name: semgrep/ci + runs-on: ubuntu-20.04 + env: + SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }} + container: + image: returntocorp/semgrep + steps: + - uses: actions/checkout@v3 + - run: semgrep ci From a49ec657cc44dc16fedc3f465c8b2bad82ee91a2 Mon Sep 17 00:00:00 2001 From: Alexandre C Date: Sun, 21 Apr 2024 10:31:32 +0200 Subject: [PATCH 2/5] sonarcloud changes for report --- .github/workflows/build.yml | 37 +++++++++++++++++++++++++++++++++++++ pom.xml | 5 +++++ 2 files changed, 42 insertions(+) create mode 100644 .github/workflows/build.yml diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 0000000000..705b49b9bf --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,37 @@ +name: SonarCloud +on: + push: + branches: + - master + pull_request: + types: [opened, synchronize, reopened] +jobs: + build: + name: Build and analyze + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + with: + fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis + - name: Set up JDK 17 + uses: actions/setup-java@v3 + with: + java-version: 17 + distribution: 'zulu' # Alternative distribution options are available. + - name: Cache SonarCloud packages + uses: actions/cache@v3 + with: + path: ~/.sonar/cache + key: ${{ runner.os }}-sonar + restore-keys: ${{ runner.os }}-sonar + - name: Cache Maven packages + uses: actions/cache@v3 + with: + path: ~/.m2 + key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} + restore-keys: ${{ runner.os }}-m2 + - name: Build and analyze + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + run: mvn -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=oak_BenchmarkJava diff --git a/pom.xml b/pom.xml index 45b2c681fe..0342d096fb 100755 --- a/pom.xml +++ b/pom.xml @@ -9,6 +9,11 @@ OWASP Benchmark is a Java test suite designed to evaluate the accuracy, coverage, and speed of automated software vulnerability detection tools. https://github.com/OWASP-Benchmark/BenchmarkJava + + oak3 + https://sonarcloud.io + + davewichers From c2a105d5866406bb64080b340b2757dcd18ac838 Mon Sep 17 00:00:00 2001 From: Alexandre C Date: Sun, 21 Apr 2024 10:33:17 +0200 Subject: [PATCH 3/5] sonarcloud changes for report --- pom.xml | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/pom.xml b/pom.xml index 0342d096fb..be1f8ffda3 100755 --- a/pom.xml +++ b/pom.xml @@ -7,12 +7,7 @@ OWASP Benchmark for Java OWASP Benchmark is a Java test suite designed to evaluate the accuracy, coverage, and speed of automated software vulnerability detection tools. - https://github.com/OWASP-Benchmark/BenchmarkJava - - - oak3 - https://sonarcloud.io - + https://github.com/OWASP-Benchmark/BenchmarkJava> @@ -1225,6 +1220,8 @@ + oak3 + https://sonarcloud.io false 8 UTF-8 From f8ea9f1368ec86775561bd74cf7e9961c13df5a4 Mon Sep 17 00:00:00 2001 From: Alexandre C Date: Sun, 21 Apr 2024 10:35:39 +0200 Subject: [PATCH 4/5] sonarcloud changes for report --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index be1f8ffda3..a3ecdae719 100755 --- a/pom.xml +++ b/pom.xml @@ -7,7 +7,7 @@ OWASP Benchmark for Java OWASP Benchmark is a Java test suite designed to evaluate the accuracy, coverage, and speed of automated software vulnerability detection tools. - https://github.com/OWASP-Benchmark/BenchmarkJava> + https://github.com/OWASP-Benchmark/BenchmarkJava From e447b87518cdd02cf33728da74f939975f4a0209 Mon Sep 17 00:00:00 2001 From: Alexandre C Date: Sun, 21 Apr 2024 10:46:35 +0200 Subject: [PATCH 5/5] sonarcloud changes for report (jdk 11) --- .github/workflows/build.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 705b49b9bf..ac4d583cdd 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -13,10 +13,10 @@ jobs: - uses: actions/checkout@v3 with: fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis - - name: Set up JDK 17 + - name: Set up JDK 11 uses: actions/setup-java@v3 with: - java-version: 17 + java-version: 11 distribution: 'zulu' # Alternative distribution options are available. - name: Cache SonarCloud packages uses: actions/cache@v3