From 9dcf78e25afb8dcb8168e761382ae8cc5a5c16f6 Mon Sep 17 00:00:00 2001 From: araya Date: Tue, 15 Aug 2023 11:07:15 -0400 Subject: [PATCH 1/2] updated action and added assignee --- .github/workflows/snyk-test.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/snyk-test.yml b/.github/workflows/snyk-test.yml index 1b8d2c4a7..4373729ad 100644 --- a/.github/workflows/snyk-test.yml +++ b/.github/workflows/snyk-test.yml @@ -43,7 +43,7 @@ jobs: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - name: use the custom github action to parse Snyk output - uses: Enterprise-CMCS/macfc-security-scan-report@v1.0.3 + uses: Enterprise-CMCS/macfc-security-scan-report@v1.0.4 with: jira-username: ${{ secrets.JIRA_SERVICE_USERNAME }} jira-token: ${{ secrets.JIRA_SERVICE_USER_TOKEN }} @@ -53,6 +53,7 @@ jobs: jira-custom-field-key-value: '{ "customfield_10007" : "MDCT-2280", "customfield_14154" : [{"id": "16958", "value": "CARTS"}] }' jira-labels: 'CARTS,snyk' jira-title-prefix: '[CARTS] - Snyk :' + assign-jira-ticket-to: '620e936fa715c6006914c7d2' scan-output-path: 'snyk_output.txt' scan-type: 'snyk' From 378d372deb587b61b4a9ba5874baab52c9d7ac79 Mon Sep 17 00:00:00 2001 From: Braxton Excell Date: Tue, 15 Aug 2023 18:11:29 -0500 Subject: [PATCH 2/2] update formatting --- .github/workflows/snyk-test.yml | 59 ++++++++++++++++----------------- 1 file changed, 28 insertions(+), 31 deletions(-) diff --git a/.github/workflows/snyk-test.yml b/.github/workflows/snyk-test.yml index 4373729ad..8fe08e375 100644 --- a/.github/workflows/snyk-test.yml +++ b/.github/workflows/snyk-test.yml @@ -2,9 +2,9 @@ name: Snyk Scan and Report on: pull_request: - branches: [ main ] + branches: [main] schedule: - - cron: '0 4 * * *' # run every day at midnight + - cron: "0 4 * * *" # run every day at midnight permissions: id-token: write @@ -14,47 +14,44 @@ jobs: name: Snyk Run (for PR and push) runs-on: ubuntu-latest if: github.event_name == 'pull_request' - + steps: - name: Check out repository uses: actions/checkout@v2 - + - name: Install Snyk and Run Snyk test run: | npm install -g snyk snyk test --all-projects --json > snyk_output.txt || true env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - - snyk_nightly_run: + snyk_nightly_run: name: Snyk Nightly Run (for nightly cron with JIRA) runs-on: ubuntu-latest if: github.event_name == 'schedule' steps: - - name: Check out repository - uses: actions/checkout@v2 - - - name: Install Snyk and Run Snyk test - run: | - npm install -g snyk - snyk test --all-projects --json > snyk_output.txt || true - env: - SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - - - name: use the custom github action to parse Snyk output - uses: Enterprise-CMCS/macfc-security-scan-report@v1.0.4 - with: - jira-username: ${{ secrets.JIRA_SERVICE_USERNAME }} - jira-token: ${{ secrets.JIRA_SERVICE_USER_TOKEN }} - jira-host: 'qmacbis.atlassian.net' - jira-project-key: 'MDCT' - jira-issue-type: 'Task' - jira-custom-field-key-value: '{ "customfield_10007" : "MDCT-2280", "customfield_14154" : [{"id": "16958", "value": "CARTS"}] }' - jira-labels: 'CARTS,snyk' - jira-title-prefix: '[CARTS] - Snyk :' - assign-jira-ticket-to: '620e936fa715c6006914c7d2' - scan-output-path: 'snyk_output.txt' - scan-type: 'snyk' - + - name: Check out repository + uses: actions/checkout@v2 + + - name: Install Snyk and Run Snyk test + run: | + npm install -g snyk + snyk test --all-projects --json > snyk_output.txt || true + env: + SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + - name: use the custom github action to parse Snyk output + uses: Enterprise-CMCS/macfc-security-scan-report@v1.0.4 + with: + jira-username: ${{ secrets.JIRA_SERVICE_USERNAME }} + jira-token: ${{ secrets.JIRA_SERVICE_USER_TOKEN }} + jira-host: "qmacbis.atlassian.net" + jira-project-key: "MDCT" + jira-issue-type: "Task" + jira-custom-field-key-value: '{ "customfield_10007" : "MDCT-2280", "customfield_14154" : [{"id": "16958", "value": "CARTS"}] }' + jira-labels: "CARTS,snyk" + jira-title-prefix: "[CARTS] - Snyk :" + assign-jira-ticket-to: "620e936fa715c6006914c7d2" # pragma: allowlist secret (Jira user ID for Rehman) + scan-output-path: "snyk_output.txt" + scan-type: "snyk"