Merge pull request #11956 from hashicorp/enable-security-scan

Enable Security Scan for CRT
This commit is contained in:
claire labry 2022-02-04 13:13:24 -05:00 committed by GitHub
commit dc2a95e465
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 55 additions and 5 deletions

3
.changelog/11956.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:improvement
ci: Enable security scanning for CRT
```

View File

@ -3,9 +3,9 @@ name: build
on:
push:
# Sequence of patterns matched against refs/heads
branches: [
"main"
]
branches:
# Push events on the main branch
- main
env:
PKG_NAME: consul

View File

@ -42,8 +42,36 @@ event "upload-dev" {
}
}
event "notarize-darwin-amd64" {
event "security-scan-binaries" {
depends = ["upload-dev"]
action "security-scan-binaries" {
organization = "hashicorp"
repository = "crt-workflows-common"
workflow = "security-scan-binaries"
config = "security-scan.hcl"
}
notification {
on = "fail"
}
}
event "security-scan-containers" {
depends = ["security-scan-binaries"]
action "security-scan-containers" {
organization = "hashicorp"
repository = "crt-workflows-common"
workflow = "security-scan-containers"
config = "security-scan.hcl"
}
notification {
on = "fail"
}
}
event "notarize-darwin-amd64" {
depends = ["security-scan-containers"]
action "notarize-darwin-amd64" {
organization = "hashicorp"
repository = "crt-workflows-common"

View File

@ -0,0 +1,19 @@
container {
dependencies = true
alpine_secdb = true
secrets {
all = true
}
}
binary {
go_modules = true
osv = true
oss_index = true
nvd = true
secrets {
all = true
}
}

View File

@ -1,5 +1,5 @@
# This Dockerfile creates a production release image for the project using crt release flow.
FROM alpine:3.13 as default
FROM alpine:3 as default
ARG VERSION
ARG BIN_NAME