bcgov · marcellmueller · Jul 25, 2023 · Jul 25, 2023 · Jul 25, 2023
diff --git a/.github/workflows/gitleaks.yaml b/.github/workflows/gitleaks.yaml
@@ -0,0 +1,10 @@
+name: gitleaks-scan
+on:
+  workflow_dispatch:
+  push:
+jobs:
+  gitleaks-scan:
+    uses: button-inc/button-shared-gh-actions/.github/workflows/scan-code-gitleaks.yml@develop
+  secrets:
+    github-token: ${{ secrets.GITHUB_TOKEN }}
+    gitleaks-license: ${{ secrets.GITLEAKS_LICENSE}}
diff --git a/.github/workflows/owasp.yaml b/.github/workflows/owasp.yaml
@@ -0,0 +1,9 @@
+name: zap-scan
+on:
+  workflow_dispatch:
+    # push:
+jobs:
+  zap-scan:
+    uses: button-inc/button-shared-gh-actions/.github/workflows/scan-code-owasp-zap.yml@develop
+    with:
+      target-url: 'http://localhost:3000/applicantportal'
diff --git a/.github/workflows/sonarcloud.yaml b/.github/workflows/sonarcloud.yaml
@@ -0,0 +1,10 @@
+name: sonarcloud-scan
+on:
+  workflow_dispatch:
+    # push:
+jobs:
+  sonarcloud-scan:
+    uses: button-inc/button-shared-gh-actions/.github/workflows/scan-code-sonarcloud.yml@develop
+    secrets:
+      github-token: ${{ secrets.GITHUB_TOKEN }}
+      sonar-token: ${{ secrets.SONAR_TOKEN}}
diff --git a/.github/workflows/test-code.yaml b/.github/workflows/test-code.yaml
@@ -29,21 +29,8 @@ jobs:
     runs-on: ubuntu-latest
     timeout-minutes: 60
     steps:
-      - name: Checkout code
-        uses: actions/checkout@v3
-      - name: Run Trivy vulnerability scanner in repo mode
-        uses: aquasecurity/trivy-action@master
-        with:
-          scan-type: fs
-          format: sarif
-          output: trivy-results.sarif
-          exit-code: '0'
-          ignore-unfixed: false
-          severity: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL
-      - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v2
-        with:
-          sarif_file: 'trivy-results.sarif'
+      - name: trivy scan
+        uses: ./.github/workflows/trivy.yaml
 
   codeql-scan:
     name: codeql-scan
@@ -89,12 +76,12 @@ jobs:
   gitleaks:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
-      - run: ./.bin/install-gitleaks-linux-x64.sh
-      - run: ./gitleaks detect --exit-code 0 --report-format sarif --report-path "gitleaks.sarif"
-      - uses: github/codeql-action/upload-sarif@v2
-        with:
-          sarif_file: 'gitleaks.sarif'
+      uses: ./.github/workflows/gitleaks.yaml
+      # - run: ./.bin/install-gitleaks-linux-x64.sh
+      # - run: ./gitleaks detect --exit-code 0 --report-format sarif --report-path "gitleaks.sarif"
+      # - uses: github/codeql-action/upload-sarif@v2
+      #   with:
+      #     sarif_file: 'gitleaks.sarif'
 
   jest:
     needs: [install-test-env]
@@ -111,10 +98,7 @@ jobs:
         working-directory: ./app
         run: yarn test --coverage
       - name: SonarCloud Scan
-        uses: sonarsource/sonarcloud-github-action@master
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+        uses: ./.github/workflows/sonarcloud.yaml
 
   eslint:
     needs: [install-test-env]

diff --git a/.github/workflows/trivy.yaml b/.github/workflows/trivy.yaml
@@ -0,0 +1,7 @@
+name: trivy-scan
+on:
+  workflow_dispatch:
+    # push:
+jobs:
+  trivy-scan:
+    uses: button-inc/button-shared-gh-actions/.github/workflows/scan-code-trivy.yml@develop