.github/workflows/action_cron.yaml #24
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| on: | |
| schedule: | |
| # Run at 01:00 on Saturday. | |
| - cron: '0 1 * * SAT' | |
| jobs: | |
| ostorlab_test: | |
| runs-on: ubuntu-latest | |
| name: Test ostorlab CI actions. | |
| steps: | |
| - uses: actions/checkout@v2 | |
| - name: build ostorlab.apk | |
| run: mv tests/InsecureBankv2.apk ostorlab.apk | |
| - name: Get sbom file | |
| run: | | |
| mv tests/package-lock.json package-lock.json | |
| - name: Launch Ostorlab scan | |
| id: start_scan | |
| uses: ./ | |
| with: | |
| scan_profile: fast_scan # Specify which scan profile to use for the scan (check scan section). | |
| asset_type: android-apk # type of asset to scan. | |
| target: ostorlab.apk # path for target tto scan. | |
| scan_title: title_scan_ci # type a title for your scan. | |
| ostorlab_api_key: ${{ secrets.ostorlab_api_key }} # your secret api key. | |
| break_on_risk_rating: HIGH # Wait for the scan results and force the action to fail if the scan risk is higher | |
| max_wait_minutes: 30 | |
| extra: --test-credentials-login test_login --test-credentials-password test_pass --test-credentials-role ci_role --test-credentials-name foo1 --test-credentials-value bar1 --test-credentials-name foo2 --test-credentials-value bar2 | |
| - name: Get scan id | |
| run: echo "Scan Created with id ${{ steps.start_scan.outputs.scan_id }} you can access the full report at https://report.ostorlab.co/scan/${{ steps.start_scan.outputs.scan_id }}/" |