forked from MaibornWolff/dd-import
-
Notifications
You must be signed in to change notification settings - Fork 0
46 lines (41 loc) · 1.25 KB
/
dd-import_example.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
name: Example for dd-import
on: [workflow_dispatch]
jobs:
dd-import_example:
runs-on: ubuntu-latest
env:
DD_URL: ${{ secrets.DD_URL }}
DD_API_KEY: ${{ secrets.DD_API_KEY }}
DD_PRODUCT_TYPE_NAME: Research and Development
DD_PRODUCT_NAME: DefectDojo Importer
DD_ENGAGEMENT_NAME: GitLab
steps:
- uses: actions/checkout@v2
- name: Set up Python 3.9
uses: actions/setup-python@v2
with:
python-version: 3.9
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install semgrep dd-import
- name: Semgrep check
run: |
semgrep --config=r/python --json -o semgrep.json --exclude dd_import/environment.py ./dd_import
- name: Upload Semgrep check to DefectDojo
env:
DD_TEST_NAME: Semgrep
DD_TEST_TYPE_NAME: Semgrep JSON Report
DD_FILE_NAME: semgrep.json
DD_SERVICE: dd-import
run: |
dd-reimport-findings
- name: Count lines of code
run: |
sudo apt install cloc
cloc . --json -out cloc.json
- name: Upload cloc to DefectDojo
env:
DD_FILE_NAME: cloc.json
run: |
dd-import-languages