Skip to content

Commit

Permalink
Sync with plan
Browse files Browse the repository at this point in the history
  • Loading branch information
@jit-ci
jit-ci[bot] authored Sep 20, 2023
1 parent 0d73868 commit 748fb29
Showing 1 changed file with 22 additions and 21 deletions.
43 changes: 22 additions & 21 deletions .github/workflows/jit-security.yml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
name: Workflows generated by the MVS plan
run-name: ${{fromJSON(github.event.inputs.client_payload).payload.job_title}}
on:
workflow_dispatch:
inputs:
Expand All @@ -13,7 +14,7 @@ permissions:
jobs:
docker-scan:
if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'docker-scan' && fromJSON(github.event.inputs.client_payload).payload.workflow_slug == 'workflow-docker-scan'
runs-on: ubuntu-22.04
runs-on: ubuntu-20.04
timeout-minutes: 20
steps:
- name: trivy
Expand All @@ -23,7 +24,7 @@ jobs:

enrich:
if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'enrich' && fromJSON(github.event.inputs.client_payload).payload.workflow_slug == 'workflow-enrichment-code'
runs-on: ubuntu-22.04
runs-on: ubuntu-20.04
timeout-minutes: 20
steps:
- name: enrichment
Expand All @@ -33,7 +34,7 @@ jobs:

iac-misconfig-detection-cloudformation:
if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'iac-misconfig-detection-cloudformation' && fromJSON(github.event.inputs.client_payload).payload.workflow_slug == 'workflow-iac-misconfiguration-detection'
runs-on: ubuntu-22.04
runs-on: ubuntu-20.04
timeout-minutes: 20
steps:
- name: kics
Expand All @@ -44,7 +45,7 @@ jobs:

iac-misconfig-detection-pulumi:
if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'iac-misconfig-detection-pulumi' && fromJSON(github.event.inputs.client_payload).payload.workflow_slug == 'workflow-iac-misconfiguration-detection'
runs-on: ubuntu-22.04
runs-on: ubuntu-20.04
timeout-minutes: 20
steps:
- name: kics
Expand All @@ -55,7 +56,7 @@ jobs:

iac-misconfig-detection-terraform:
if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'iac-misconfig-detection-terraform' && fromJSON(github.event.inputs.client_payload).payload.workflow_slug == 'workflow-iac-misconfiguration-detection'
runs-on: ubuntu-22.04
runs-on: ubuntu-20.04
timeout-minutes: 20
steps:
- name: kics
Expand All @@ -66,7 +67,7 @@ jobs:

remediation-pr:
if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'remediation-pr' && fromJSON(github.event.inputs.client_payload).payload.workflow_slug == 'workflow-remediation-pr'
runs-on: ubuntu-22.04
runs-on: ubuntu-20.04
timeout-minutes: 20
steps:
- name: remediation-pr
Expand All @@ -77,7 +78,7 @@ jobs:

secret-detection:
if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'secret-detection' && fromJSON(github.event.inputs.client_payload).payload.workflow_slug == 'workflow-secret-detection'
runs-on: ubuntu-22.04
runs-on: ubuntu-20.04
timeout-minutes: 20
steps:
- name: gitleaks
Expand All @@ -88,7 +89,7 @@ jobs:

software-component-analysis-go:
if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'software-component-analysis-go' && fromJSON(github.event.inputs.client_payload).payload.workflow_slug == 'workflow-sca'
runs-on: ubuntu-22.04
runs-on: ubuntu-20.04
timeout-minutes: 20
steps:
- name: nancy
Expand All @@ -98,7 +99,7 @@ jobs:

software-component-analysis-js:
if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'software-component-analysis-js' && fromJSON(github.event.inputs.client_payload).payload.workflow_slug == 'workflow-sca'
runs-on: ubuntu-22.04
runs-on: ubuntu-20.04
timeout-minutes: 20
steps:
- name: npm-audit
Expand All @@ -109,7 +110,7 @@ jobs:

software-component-analysis-php:
if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'software-component-analysis-php' && fromJSON(github.event.inputs.client_payload).payload.workflow_slug == 'workflow-sca'
runs-on: ubuntu-22.04
runs-on: ubuntu-20.04
timeout-minutes: 20
steps:
- name: osv-scanner
Expand All @@ -120,7 +121,7 @@ jobs:

software-component-analysis-python:
if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'software-component-analysis-python' && fromJSON(github.event.inputs.client_payload).payload.workflow_slug == 'workflow-sca'
runs-on: ubuntu-22.04
runs-on: ubuntu-20.04
timeout-minutes: 20
steps:
- name: osv-scanner
Expand All @@ -131,7 +132,7 @@ jobs:

static-code-analysis-csharp:
if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'static-code-analysis-csharp' && fromJSON(github.event.inputs.client_payload).payload.workflow_slug == 'workflow-sast'
runs-on: ubuntu-22.04
runs-on: ubuntu-20.04
timeout-minutes: 20
steps:
- name: semgrep
Expand All @@ -141,7 +142,7 @@ jobs:

static-code-analysis-go:
if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'static-code-analysis-go' && fromJSON(github.event.inputs.client_payload).payload.workflow_slug == 'workflow-sast'
runs-on: ubuntu-22.04
runs-on: ubuntu-20.04
timeout-minutes: 20
steps:
- name: gosec
Expand All @@ -151,7 +152,7 @@ jobs:

static-code-analysis-java:
if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'static-code-analysis-java' && fromJSON(github.event.inputs.client_payload).payload.workflow_slug == 'workflow-sast'
runs-on: ubuntu-22.04
runs-on: ubuntu-20.04
timeout-minutes: 20
steps:
- name: semgrep
Expand All @@ -161,7 +162,7 @@ jobs:

static-code-analysis-js:
if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'static-code-analysis-js' && fromJSON(github.event.inputs.client_payload).payload.workflow_slug == 'workflow-sast'
runs-on: ubuntu-22.04
runs-on: ubuntu-20.04
timeout-minutes: 20
steps:
- name: semgrep
Expand All @@ -171,7 +172,7 @@ jobs:

static-code-analysis-kotlin:
if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'static-code-analysis-kotlin' && fromJSON(github.event.inputs.client_payload).payload.workflow_slug == 'workflow-sast'
runs-on: ubuntu-22.04
runs-on: ubuntu-20.04
timeout-minutes: 20
steps:
- name: semgrep
Expand All @@ -181,7 +182,7 @@ jobs:

static-code-analysis-php:
if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'static-code-analysis-php' && fromJSON(github.event.inputs.client_payload).payload.workflow_slug == 'workflow-sast'
runs-on: ubuntu-22.04
runs-on: ubuntu-20.04
timeout-minutes: 20
steps:
- name: semgrep
Expand All @@ -191,7 +192,7 @@ jobs:

static-code-analysis-python-semgrep:
if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'static-code-analysis-python-semgrep' && fromJSON(github.event.inputs.client_payload).payload.workflow_slug == 'workflow-sast'
runs-on: ubuntu-22.04
runs-on: ubuntu-20.04
timeout-minutes: 20
steps:
- name: semgrep
Expand All @@ -201,7 +202,7 @@ jobs:

static-code-analysis-rust:
if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'static-code-analysis-rust' && fromJSON(github.event.inputs.client_payload).payload.workflow_slug == 'workflow-sast'
runs-on: ubuntu-22.04
runs-on: ubuntu-20.04
timeout-minutes: 20
steps:
- name: semgrep
Expand All @@ -211,7 +212,7 @@ jobs:

static-code-analysis-scala:
if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'static-code-analysis-scala' && fromJSON(github.event.inputs.client_payload).payload.workflow_slug == 'workflow-sast'
runs-on: ubuntu-22.04
runs-on: ubuntu-20.04
timeout-minutes: 20
steps:
- name: semgrep
Expand All @@ -221,7 +222,7 @@ jobs:

static-code-analysis-swift:
if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'static-code-analysis-swift' && fromJSON(github.event.inputs.client_payload).payload.workflow_slug == 'workflow-sast'
runs-on: ubuntu-22.04
runs-on: ubuntu-20.04
timeout-minutes: 20
steps:
- name: semgrep
Expand Down

0 comments on commit 748fb29

Please sign in to comment.