Skip to content

Commit

Permalink
Add CircleCI workflow for running security scans (#141)
Browse files Browse the repository at this point in the history
  • Loading branch information
mikenachbaur-okta authored Sep 7, 2023
1 parent abcac99 commit 4c3035f
Show file tree
Hide file tree
Showing 3 changed files with 78 additions and 19 deletions.
9 changes: 0 additions & 9 deletions .bacon.yml

This file was deleted.

78 changes: 78 additions & 0 deletions .circleci/config.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,78 @@
version: 2.1

orbs:
general-platform-helpers: okta/[email protected]

executors:
apple-ci-arm-medium:
macos:
xcode: 14.3.1
resource_class: macos.m1.medium.gen1

jobs:
setup:
executor: apple-ci-arm-medium
steps:
- checkout
- persist_to_workspace:
root: ~/project
paths:
- .

snyk-scan:
executor: apple-ci-arm-medium
steps:
- attach_workspace:
at: ~/project
- run:
name: Install rosetta # Needed for snyk to work on M1 machines.
command: softwareupdate --install-rosetta --agree-to-license
- run:
name: run swift package show dependencies
command: swift package show-dependencies
- general-platform-helpers/step-load-dependencies
- general-platform-helpers/step-run-snyk-monitor:
scan-all-projects: true
skip-unresolved: false
os: macos

workflows:
semgrep:
jobs:
- general-platform-helpers/job-semgrep-prepare:
name: semgrep-prepare
filters:
branches:
only:
- master
- general-platform-helpers/job-semgrep-scan:
name: semgrep-scan
filters:
branches:
only:
- master
requires:
- semgrep-prepare
security-scan:
jobs:
- setup:
filters:
branches:
only:
- master
- general-platform-helpers/job-snyk-prepare:
name: prepare-snyk
filters:
branches:
only:
- master
requires:
- setup
- snyk-scan:
name: execute-snyk
filters:
branches:
only:
- master
requires:
- prepare-snyk
10 changes: 0 additions & 10 deletions scripts/sast_scan.sh

This file was deleted.

0 comments on commit 4c3035f

Please sign in to comment.