mirror of https://github.com/status-im/consul.git
Merge pull request #11956 from hashicorp/enable-security-scan
Enable Security Scan for CRT
This commit is contained in:
commit
dc2a95e465
|
@ -0,0 +1,3 @@
|
|||
```release-note:improvement
|
||||
ci: Enable security scanning for CRT
|
||||
```
|
|
@ -3,9 +3,9 @@ name: build
|
|||
on:
|
||||
push:
|
||||
# Sequence of patterns matched against refs/heads
|
||||
branches: [
|
||||
"main"
|
||||
]
|
||||
branches:
|
||||
# Push events on the main branch
|
||||
- main
|
||||
|
||||
env:
|
||||
PKG_NAME: consul
|
||||
|
|
|
@ -42,8 +42,36 @@ event "upload-dev" {
|
|||
}
|
||||
}
|
||||
|
||||
event "notarize-darwin-amd64" {
|
||||
event "security-scan-binaries" {
|
||||
depends = ["upload-dev"]
|
||||
action "security-scan-binaries" {
|
||||
organization = "hashicorp"
|
||||
repository = "crt-workflows-common"
|
||||
workflow = "security-scan-binaries"
|
||||
config = "security-scan.hcl"
|
||||
}
|
||||
|
||||
notification {
|
||||
on = "fail"
|
||||
}
|
||||
}
|
||||
|
||||
event "security-scan-containers" {
|
||||
depends = ["security-scan-binaries"]
|
||||
action "security-scan-containers" {
|
||||
organization = "hashicorp"
|
||||
repository = "crt-workflows-common"
|
||||
workflow = "security-scan-containers"
|
||||
config = "security-scan.hcl"
|
||||
}
|
||||
|
||||
notification {
|
||||
on = "fail"
|
||||
}
|
||||
}
|
||||
|
||||
event "notarize-darwin-amd64" {
|
||||
depends = ["security-scan-containers"]
|
||||
action "notarize-darwin-amd64" {
|
||||
organization = "hashicorp"
|
||||
repository = "crt-workflows-common"
|
||||
|
|
|
@ -0,0 +1,19 @@
|
|||
container {
|
||||
dependencies = true
|
||||
alpine_secdb = true
|
||||
|
||||
secrets {
|
||||
all = true
|
||||
}
|
||||
}
|
||||
|
||||
binary {
|
||||
go_modules = true
|
||||
osv = true
|
||||
oss_index = true
|
||||
nvd = true
|
||||
|
||||
secrets {
|
||||
all = true
|
||||
}
|
||||
}
|
|
@ -1,5 +1,5 @@
|
|||
# This Dockerfile creates a production release image for the project using crt release flow.
|
||||
FROM alpine:3.13 as default
|
||||
FROM alpine:3 as default
|
||||
|
||||
ARG VERSION
|
||||
ARG BIN_NAME
|
||||
|
|
Loading…
Reference in New Issue