mirror of
https://github.com/status-im/consul.git
synced 2025-01-10 13:55:55 +00:00
Merge pull request #11956 from hashicorp/enable-security-scan
Enable Security Scan for CRT
This commit is contained in:
commit
dc2a95e465
3
.changelog/11956.txt
Normal file
3
.changelog/11956.txt
Normal file
@ -0,0 +1,3 @@
|
||||
```release-note:improvement
|
||||
ci: Enable security scanning for CRT
|
||||
```
|
6
.github/workflows/build.yml
vendored
6
.github/workflows/build.yml
vendored
@ -3,9 +3,9 @@ name: build
|
||||
on:
|
||||
push:
|
||||
# Sequence of patterns matched against refs/heads
|
||||
branches: [
|
||||
"main"
|
||||
]
|
||||
branches:
|
||||
# Push events on the main branch
|
||||
- main
|
||||
|
||||
env:
|
||||
PKG_NAME: consul
|
||||
|
@ -42,8 +42,36 @@ event "upload-dev" {
|
||||
}
|
||||
}
|
||||
|
||||
event "notarize-darwin-amd64" {
|
||||
event "security-scan-binaries" {
|
||||
depends = ["upload-dev"]
|
||||
action "security-scan-binaries" {
|
||||
organization = "hashicorp"
|
||||
repository = "crt-workflows-common"
|
||||
workflow = "security-scan-binaries"
|
||||
config = "security-scan.hcl"
|
||||
}
|
||||
|
||||
notification {
|
||||
on = "fail"
|
||||
}
|
||||
}
|
||||
|
||||
event "security-scan-containers" {
|
||||
depends = ["security-scan-binaries"]
|
||||
action "security-scan-containers" {
|
||||
organization = "hashicorp"
|
||||
repository = "crt-workflows-common"
|
||||
workflow = "security-scan-containers"
|
||||
config = "security-scan.hcl"
|
||||
}
|
||||
|
||||
notification {
|
||||
on = "fail"
|
||||
}
|
||||
}
|
||||
|
||||
event "notarize-darwin-amd64" {
|
||||
depends = ["security-scan-containers"]
|
||||
action "notarize-darwin-amd64" {
|
||||
organization = "hashicorp"
|
||||
repository = "crt-workflows-common"
|
||||
|
19
.release/security-scan.hcl
Normal file
19
.release/security-scan.hcl
Normal file
@ -0,0 +1,19 @@
|
||||
container {
|
||||
dependencies = true
|
||||
alpine_secdb = true
|
||||
|
||||
secrets {
|
||||
all = true
|
||||
}
|
||||
}
|
||||
|
||||
binary {
|
||||
go_modules = true
|
||||
osv = true
|
||||
oss_index = true
|
||||
nvd = true
|
||||
|
||||
secrets {
|
||||
all = true
|
||||
}
|
||||
}
|
@ -1,5 +1,5 @@
|
||||
# This Dockerfile creates a production release image for the project using crt release flow.
|
||||
FROM alpine:3.13 as default
|
||||
FROM alpine:3 as default
|
||||
|
||||
ARG VERSION
|
||||
ARG BIN_NAME
|
||||
|
Loading…
x
Reference in New Issue
Block a user