Merge pull request #9 from mohitpali/main

Add Security scanners
aws · Aug 11, 2023 · 7f973da · 7f973da
2 parents 55fe237 + eccd8fb
commit 7f973da
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 4 deletions.
diff --git a/.github/workflows/license-check.yml b/.github/workflows/license-check.yml
@@ -40,7 +40,7 @@ jobs:
         working-directory: ./scancode-toolkit
         run: ./scancode --help
       - name: Run Scan code on pr ref
-        run: cat targetFiles.txt | while read filename; do echo ./sdkbase/$filename; done | xargs ./scancode-toolkit/scancode -l -n 30 --json-pp - | grep short_name | sort | uniq >> old-licenses.txt
+        run: cat targetFiles.txt | while read filename; do echo ./signermain/$filename; done | xargs ./scancode-toolkit/scancode -l -n 30 --json-pp - | grep short_name | sort | uniq >> old-licenses.txt
       - name: Run Scan code on target
         run: cat refDiffFiles.txt | while read filename; do echo ./new-ref/$filename; done | xargs ./scancode-toolkit/scancode -l -n 30 --json-pp - | grep short_name | sort | uniq >> new-licenses.txt
       # compare

diff --git a/.github/workflows/trufflehog.yml → .github/workflows/securityscan.yml b/.github/workflows/trufflehog.yml → .github/workflows/securityscan.yml
@@ -1,17 +1,24 @@
-name: Leaked Secrets Scan
+name: Security Scan
+
 on: [pull_request]
+
 jobs:
-  TruffleHog:
+  securityscan:
+    name: Security Scan
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
         uses: actions/checkout@v3
         with:
           fetch-depth: 0
-      - name: TruffleHog OSS
+      - name: TruffleHog Secrets Scanner
         uses: trufflesecurity/[email protected]
         with:
           path: ./
           base: ${{ github.event.repository.default_branch }}
           head: HEAD
           extra_args: --debug --only-verified
+      - name: Run Gosec Security Scanner
+        uses: securego/gosec@master
+        with:
+          args: ./...