Skip to content

Commit

Permalink
fix: Circle config update, add prodsec orb scans
Browse files Browse the repository at this point in the history
  • Loading branch information
novalex committed Apr 16, 2024
1 parent 5fb1392 commit 4c2fdec
Show file tree
Hide file tree
Showing 3 changed files with 93 additions and 61 deletions.
152 changes: 91 additions & 61 deletions .circleci/config.yml
Original file line number Diff line number Diff line change
@@ -1,66 +1,96 @@
version: 2.1
orbs:
snyk: snyk/[email protected]
prodsec: snyk/[email protected]

features_only: &features_only
filters:
branches:
ignore: master

main_only: &main_only
filters:
branches:
only: master

defaults: &defaults
resource_class: small
docker:
- image: circleci/node:12

jobs:
build-test-monitor:
docker:
- image: circleci/node:12
steps:
- checkout
- run: npm install
- run: npm test
- run: npx semantic-release
build-test:
docker:
- image: circleci/node:12
steps:
- checkout
- run: npm install
- run: npm test
- run: npx tsc
- run: npm run pkg-binaries-linux
- run: ./snyk-api-import-linux help
build-test-from-fork:
docker:
- image: circleci/node:12
steps:
- checkout
- run: npm install
- run: npm test
- run: npx tsc
security-scans:
<<: *defaults
steps:
- checkout
- run: npm install
- prodsec/security_scans:
mode: auto
release-branch: master # TODO: remove when master branch is renamed
iac-scan: disabled
open-source-scan: critical # TODO: remove this once Axios vulns are fixed

build-test-monitor:
<<: *defaults
steps:
- checkout
- run: npm install
- run: npm test
- run: npx semantic-release

build-test:
<<: *defaults
steps:
- checkout
- run: npm install
- run: npm test
- run: npx tsc
- run: npm run pkg-binaries-linux
- run: ./snyk-api-import-linux help

build-test-from-fork:
<<: *defaults
steps:
- checkout
- run: npm install
- run: npm test
- run: npx tsc

workflows:
version: 2
nightly:
triggers:
- schedule:
cron: "0 0 * * *"
filters:
branches:
only:
- master
jobs:
- build-test-monitor:
context: SNYK
version: 2

CICD:
jobs:
- security-scans:
name: Security Scans
context: analysis_import

- prodsec/secrets-scan:
name: Scan repository for secrets
context: snyk-bot-slack
channel: snyk-on-snyk-analysis_import

nightly:
triggers:
- schedule:
cron: '0 0 * * *'
<<: *main_only
jobs:
- build-test-monitor:
context: snyk-api-import

build-test-monitor:
jobs:
- build-test-monitor:
context: snyk-api-import
<<: *main_only

build-test-monitor:
jobs:
- build-test-monitor:
context: SNYK
filters:
branches:
only:
- master
build-test:
jobs:
- build-test:
context: SNYK
filters:
branches:
ignore:
- master
- /pull\/[0-9]+/
- build-test-from-fork:
filters:
branches:
only:
- /pull\/[0-9]+/
build-test:
jobs:
- build-test:
context: snyk-api-import
<<: *features_only
- build-test-from-fork:
filters:
branches:
only:
- /pull\/[0-9]+/
1 change: 1 addition & 0 deletions src/lib/find-files.ts
Original file line number Diff line number Diff line change
Expand Up @@ -114,6 +114,7 @@ function findFile(
return path;
}
} else {
// deepcode ignore reDOS: path is supplied by trusted user of API (not externally supplied)
if (matches(path, ignore)) {
return null;
}
Expand Down
1 change: 1 addition & 0 deletions src/scripts/sync/clone-and-analyze.ts
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,7 @@ export async function cloneAndAnalyze(
if (!repoPath) {
throw new Error('No location returned for clones repo to analyze');
}
// deepcode ignore reDOS: path is supplied by trusted user of API (not externally supplied)
const { files } = await find(
repoPath,
[...defaultExclusionGlobs, ...exclusionGlobs],
Expand Down

0 comments on commit 4c2fdec

Please sign in to comment.