Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

GitHub Actions Build Badge #45 #46

Merged
merged 4 commits into from
Feb 8, 2022
Merged

GitHub Actions Build Badge #45 #46

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
ec5e374
move Snyk instructions to its only file as it has *many* steps
nelsonic Oct 16, 2021
3ef81fa
Add instructions/examples for GitHub Actions/Workflow fixex #45
nelsonic Oct 16, 2021
faab453
comment out Inch-CI section see: https://github.com/dwyl/repo-badges/…
nelsonic Oct 16, 2021
c0fa886
add direct link to GitHub Actions docs badges section for #45
nelsonic Oct 16, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
134 changes: 46 additions & 88 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,9 @@
Code Repository Badges ![build passing](https://raw.githubusercontent.com/dwyl/repo-badges/master/highresPNGs/build-passing.png)
===========
<div align="center">

# Code Repository Badges
![build passing](https://raw.githubusercontent.com/dwyl/repo-badges/master/highresPNGs/build-passing.png)

</div>

## Why? [![start with why](https://img.shields.io/badge/start%20with-why%3F-brightgreen.svg?style=flat)](http://www.ted.com/talks/simon_sinek_how_great_leaders_inspire_action)

Expand Down Expand Up @@ -64,6 +68,7 @@ We use https://david-dm.org/ to track our dependencies. david-dm is lovingly mai

## How?

<!--
## Documentation ![Inch-CI](https://inch-ci.org/assets/badge-example-b71f9e833318f66f64b3f23877113051.svg)

While including a badge from "Inch-CI" in _no way_ "_guarantees_" that your project
Expand All @@ -79,15 +84,49 @@ Then you can copy the badge directly from the resulting page. e.g:
```md
[![Inline docs](http://inch-ci.org/github/{ORG-or-USERNAME}/{REPO-NAME}.svg?branch=master)](http://inch-ci.org/github/{ORG-or-USERNAME}/{REPO-NAME})
```
-->

### Build Passing [![Build Status](https://travis-ci.org/dwyl/esta.svg?branch=master)](https://travis-ci.org/)
## Build Passing [![Build Status](https://travis-ci.org/dwyl/esta.svg?branch=master)](https://travis-ci.org/)

```md
[![Build Status](https://travis-ci.org/{ORG-or-USERNAME}/{REPO-NAME}.png?branch=master)](https://travis-ci.org/{ORG-or-USERNAME}/{REPO-NAME})
### GitHub Actions/Workflows

If you are using GitHub Actions/Workflows
https://github.com/features/actions
to run your Continuous Integration (CI),
then you can include a badge in your project's `README.md`:
https://docs.github.com/en/actions/monitoring-and-troubleshooting-workflows/adding-a-workflow-status-badge

Regular badge template:
```
![example workflow](https://github.com/<OWNER>/<REPOSITORY>/actions/workflows/<WORKFLOW_FILE>/badge.svg)
```
e.g:
```
![GitHub CI](https://github.com/dwyl/auth_plug/actions/workflows/ci.yml/badge.svg)
```

![GitHub CI](https://github.com/dwyl/auth_plug/actions/workflows/ci.yml/badge.svg)

Custom badge via Shields.io: https://shields.io/category/build
![image](https://user-images.githubusercontent.com/194400/137601498-5a5496dc-f610-4931-8fa6-45e9ef9cd051.png)

Example:
```
![GitHub Workflow Status](https://img.shields.io/github/workflow/status/dwyl/auth_plug/Elixir%20CI?label=build&style=flat-square)
```
![GitHub Workflow Status](https://img.shields.io/github/workflow/status/dwyl/auth_plug/Elixir%20CI?label=build&style=flat-square)

<br />

### Travis-CI

You'll need to setup your project on [**Travis-CI**](https://github.com/dwyl/learn-travis) and write **unit tests** (*preferably TDD!*) for this to work ... if you're stuck ask us how!


```md
[![Build Status](https://travis-ci.org/{ORG-or-USERNAME}/{REPO-NAME}.png?branch=master)](https://travis-ci.org/{ORG-or-USERNAME}/{REPO-NAME})
```

### CodeClimate

Setup your repository by adding it on code climate then copy the badge markdown from them!
Expand Down Expand Up @@ -215,89 +254,8 @@ page views are a good metric to be aware of!_ :chart_with_upwards_trend:

### Snyk _Proactive_ Security Vulnerability Detection

1. Visit: https://snyk.io

![01-snyk-home-page](https://user-images.githubusercontent.com/194400/49246105-0c6c2900-f40c-11e8-9ff1-824c1f327626.png)

2. Click the "Signup with GitHub" button/link:

![02-snyk-signup](https://user-images.githubusercontent.com/194400/49246107-0c6c2900-f40c-11e8-8004-ae31a2369090.png)

3. Click the button to "Athorise Snyk":

![03-snyk-authorise](https://user-images.githubusercontent.com/194400/49246108-0c6c2900-f40c-11e8-82e9-deea841fe6bf.png)

4. Click to "Connect with GitHub":

![04-snyk-integrations-select-github](https://user-images.githubusercontent.com/194400/49246110-0d04bf80-f40c-11e8-9729-9aa52fd7965e.png)

5. _Again_ click "Connect with GitHub":

![05-connect-to-github](https://user-images.githubusercontent.com/194400/49246112-0d04bf80-f40c-11e8-88b2-ef608def7cb0.png)

6. By default Snyk requests access to both **`public`** and **`private`** repos,
Select whatever is relevant to you and continue:

![06-snyk-wants-private-repos-by-default](https://user-images.githubusercontent.com/194400/49246113-0d04bf80-f40c-11e8-9766-2c3cf6f4938a.png)

7. I selected _only_ **`public`** repositories as I _always_ follow the ["principle of least privilege"](https://github.com/dwyl/learn-security#principle-of-least-privilege):

![07-snyk-select-public-repos-only](https://user-images.githubusercontent.com/194400/49246115-0d04bf80-f40c-11e8-9a8a-ca322d79cea1.png)

8. Confirm the access that Snyk is requesting:

![08-snyk-authorise](https://user-images.githubusercontent.com/194400/49246117-0d9d5600-f40c-11e8-825f-1bdab8ac318c.png)

9. Connect to Snyk to a GitHub Repository:

![09-snyk-connect-to-github-repo](https://user-images.githubusercontent.com/194400/49246118-0d9d5600-f40c-11e8-9898-0ccbc2041279.png)

10. Select the desired repository: (_in this case [`hapi-auth-jwt2`](https://github.com/dwyl/hapi-auth-jwt2) ..._)

![10-snyk-select-desired-repo](https://user-images.githubusercontent.com/194400/49246119-0d9d5600-f40c-11e8-9820-1cea4e45f90a.png)

11. Add selected repo:

![11-snyk-add-1-selected-repository](https://user-images.githubusercontent.com/194400/49246121-0d9d5600-f40c-11e8-81bb-d7eb283a2f0f.png)

12. Wait for the repo to be imported by Snyk:

![12-snyk-importing](https://user-images.githubusercontent.com/194400/49246122-0d9d5600-f40c-11e8-91a2-e0bb28439f83.png)

13. Once the repo has finished importing, refresh the page to see your dashboard:

![13-snyk-finished-securing](https://user-images.githubusercontent.com/194400/49246123-0e35ec80-f40c-11e8-9d5b-e73abe619ae7.png)

14. From the Snyk dashboard. Click on the project you want to view:

![14-snyk-dashboard-projects](https://user-images.githubusercontent.com/194400/49246124-0e35ec80-f40c-11e8-87fb-3c15615ebef8.png)

15. Copy the Snyk "Badge" for inclusion in your project:

![15-snyk-project-page](https://user-images.githubusercontent.com/194400/49246125-0e35ec80-f40c-11e8-8347-6030901931da.png)


Badge Format:
```
[![Known Vulnerabilities](https://snyk.io/test/github/{username}/{repo}/badge.svg)](https://snyk.io/test/github/{username}/{repo})

```

Official Badge: [![Known Vulnerabilities](https://snyk.io/test/github/dwyl/hapi-auth-jwt2/badge.svg?targetFile=package.json)](https://snyk.io/test/github/dwyl/hapi-auth-jwt2?targetFile=package.json)
```
[![Known Vulnerabilities](https://snyk.io/test/github/dwyl/hapi-auth-jwt2/badge.svg?targetFile=package.json)](https://snyk.io/test/github/dwyl/hapi-auth-jwt2?targetFile=package.json)
````

Flat Square: [![Known Vulnerabilities](https://snyk.io/test/github/dwyl/hapi-auth-jwt2/badge.svg?targetFile=package.json&style=flat-square)](https://snyk.io/test/github/dwyl/hapi-auth-jwt2?targetFile=package.json)
```
[![Known Vulnerabilities](https://snyk.io/test/github/dwyl/hapi-auth-jwt2/badge.svg?targetFile=package.json&style=flat-square)](https://snyk.io/test/github/dwyl/hapi-auth-jwt2?targetFile=package.json)
```

> Note: _just_ having a 3rd party service telling you there aren't any ***know vulnerabilities***
does ***not guarantee*** that your app is "_secure_"! You still need to write
good code that escapes all input and follows "best practice"!
But the `snyk` badge & service is a _useful_ early warning system.

See:
[snyk-security-scanning.md](https://github.com/dwyl/repo-badges/blob/main/snyk-security-scanning.md)

# Thank _You_!

Expand Down
82 changes: 82 additions & 0 deletions snyk-security-scanning.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,82 @@
1. Visit: https://snyk.io

![01-snyk-home-page](https://user-images.githubusercontent.com/194400/49246105-0c6c2900-f40c-11e8-9ff1-824c1f327626.png)

2. Click the "Signup with GitHub" button/link:

![02-snyk-signup](https://user-images.githubusercontent.com/194400/49246107-0c6c2900-f40c-11e8-8004-ae31a2369090.png)

3. Click the button to "Athorise Snyk":

![03-snyk-authorise](https://user-images.githubusercontent.com/194400/49246108-0c6c2900-f40c-11e8-82e9-deea841fe6bf.png)

4. Click to "Connect with GitHub":

![04-snyk-integrations-select-github](https://user-images.githubusercontent.com/194400/49246110-0d04bf80-f40c-11e8-9729-9aa52fd7965e.png)

5. _Again_ click "Connect with GitHub":

![05-connect-to-github](https://user-images.githubusercontent.com/194400/49246112-0d04bf80-f40c-11e8-88b2-ef608def7cb0.png)

6. By default Snyk requests access to both **`public`** and **`private`** repos,
Select whatever is relevant to you and continue:

![06-snyk-wants-private-repos-by-default](https://user-images.githubusercontent.com/194400/49246113-0d04bf80-f40c-11e8-9766-2c3cf6f4938a.png)

7. I selected _only_ **`public`** repositories as I _always_ follow the ["principle of least privilege"](https://github.com/dwyl/learn-security#principle-of-least-privilege):

![07-snyk-select-public-repos-only](https://user-images.githubusercontent.com/194400/49246115-0d04bf80-f40c-11e8-9a8a-ca322d79cea1.png)

8. Confirm the access that Snyk is requesting:

![08-snyk-authorise](https://user-images.githubusercontent.com/194400/49246117-0d9d5600-f40c-11e8-825f-1bdab8ac318c.png)

9. Connect to Snyk to a GitHub Repository:

![09-snyk-connect-to-github-repo](https://user-images.githubusercontent.com/194400/49246118-0d9d5600-f40c-11e8-9898-0ccbc2041279.png)

10. Select the desired repository: (_in this case [`hapi-auth-jwt2`](https://github.com/dwyl/hapi-auth-jwt2) ..._)

![10-snyk-select-desired-repo](https://user-images.githubusercontent.com/194400/49246119-0d9d5600-f40c-11e8-9820-1cea4e45f90a.png)

11. Add selected repo:

![11-snyk-add-1-selected-repository](https://user-images.githubusercontent.com/194400/49246121-0d9d5600-f40c-11e8-81bb-d7eb283a2f0f.png)

12. Wait for the repo to be imported by Snyk:

![12-snyk-importing](https://user-images.githubusercontent.com/194400/49246122-0d9d5600-f40c-11e8-91a2-e0bb28439f83.png)

13. Once the repo has finished importing, refresh the page to see your dashboard:

![13-snyk-finished-securing](https://user-images.githubusercontent.com/194400/49246123-0e35ec80-f40c-11e8-9d5b-e73abe619ae7.png)

14. From the Snyk dashboard. Click on the project you want to view:

![14-snyk-dashboard-projects](https://user-images.githubusercontent.com/194400/49246124-0e35ec80-f40c-11e8-87fb-3c15615ebef8.png)

15. Copy the Snyk "Badge" for inclusion in your project:

![15-snyk-project-page](https://user-images.githubusercontent.com/194400/49246125-0e35ec80-f40c-11e8-8347-6030901931da.png)


Badge Format:
```
[![Known Vulnerabilities](https://snyk.io/test/github/{username}/{repo}/badge.svg)](https://snyk.io/test/github/{username}/{repo})

```

Official Badge: [![Known Vulnerabilities](https://snyk.io/test/github/dwyl/hapi-auth-jwt2/badge.svg?targetFile=package.json)](https://snyk.io/test/github/dwyl/hapi-auth-jwt2?targetFile=package.json)
```
[![Known Vulnerabilities](https://snyk.io/test/github/dwyl/hapi-auth-jwt2/badge.svg?targetFile=package.json)](https://snyk.io/test/github/dwyl/hapi-auth-jwt2?targetFile=package.json)
````

Flat Square: [![Known Vulnerabilities](https://snyk.io/test/github/dwyl/hapi-auth-jwt2/badge.svg?targetFile=package.json&style=flat-square)](https://snyk.io/test/github/dwyl/hapi-auth-jwt2?targetFile=package.json)
```
[![Known Vulnerabilities](https://snyk.io/test/github/dwyl/hapi-auth-jwt2/badge.svg?targetFile=package.json&style=flat-square)](https://snyk.io/test/github/dwyl/hapi-auth-jwt2?targetFile=package.json)
```

> Note: _just_ having a 3rd party service telling you there aren't any ***know vulnerabilities***
does ***not guarantee*** that your app is "_secure_"! You still need to write
good code that escapes all input and follows "best practice"!
But the `snyk` badge & service is a _useful_ early warning system.