Skip to content

Created GHA workflow for sca scan #6117

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 19 commits into
base: master
Choose a base branch
from
Open

Created GHA workflow for sca scan #6117

wants to merge 19 commits into from

Conversation

arnaualcazar
Copy link
Collaborator

@arnaualcazar arnaualcazar commented May 23, 2025
edited
Loading

Adding a Github Action to scan for security vulnerabilities using SCA.
security-scan-branch action builds and scans the selected branch. It outputs the list of vulnerabilities and uploads an artifact with the result. If it detects more than 1 critical or high vulnerability, it returns an error.

security-scan-branch-cron workflow triggers security-scan-branch action once per week.
security-scan-branch-cron workflow triggers security-scan-branch action on every merge to master.

@netlify Netlify
Copy link

netlify bot commented May 23, 2025
edited
Loading

Deploy Preview for nextflow-docs-staging ready!

Name Link
🔨 Latest commit e8edd81
🔍 Latest deploy log https://app.netlify.com/projects/nextflow-docs-staging/deploys/683886ba5960b0000a913f7e
😎 Deploy Preview https://deploy-preview-6117--nextflow-docs-staging.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@arnaualcazar arnaualcazar force-pushed the arnau/feat/sca-branch-scan branch from e49ee1e to 8a9c9f3 Compare May 26, 2025 10:01
arnaualcazar added 19 commits May 29, 2025 18:09
@arnaualcazar
Created GHA workflow for sca scan
b434113 
Signed-off-by: Arnau Alcázar Lleopart <arnau.alcazar@seqera.io>
@arnaualcazar
Created correct directory for the workflow
e7020ff 
Signed-off-by: Arnau Alcázar Lleopart <arnau.alcazar@seqera.io>
@arnaualcazar
Added checkout
7b98504 
Signed-off-by: Arnau Alcázar Lleopart <arnau.alcazar@seqera.io>
@arnaualcazar
Added correct permissions
bef9dce 
Signed-off-by: Arnau Alcázar Lleopart <arnau.alcazar@seqera.io>
@arnaualcazar
Compile nextflow
af1504b 
Signed-off-by: Arnau Alcázar Lleopart <arnau.alcazar@seqera.io>
@arnaualcazar
Compile nextflow
500f795 
Signed-off-by: Arnau Alcázar Lleopart <arnau.alcazar@seqera.io>
@arnaualcazar
Update Java version
9a73315 
Signed-off-by: Arnau Alcázar Lleopart <arnau.alcazar@seqera.io>
@arnaualcazar
typo in the workflow
ccd5f92 
Signed-off-by: Arnau Alcázar Lleopart <arnau.alcazar@seqera.io>
@arnaualcazar
Checkout current branch first
0840cd6 
Signed-off-by: Arnau Alcázar Lleopart <arnau.alcazar@seqera.io>
@arnaualcazar
Added target-repo directory
924f44e 
Signed-off-by: Arnau Alcázar Lleopart <arnau.alcazar@seqera.io>
@arnaualcazar
fail on treshold exceeded
8fb0bc9 
Signed-off-by: Arnau Alcázar Lleopart <arnau.alcazar@seqera.io>
@arnaualcazar
Scan multiple tags
e5b3823 
Signed-off-by: Arnau Alcázar Lleopart <arnau.alcazar@seqera.io>
@arnaualcazar
typo
ab8b0e1 
Signed-off-by: Arnau Alcázar Lleopart <arnau.alcazar@seqera.io>
@arnaualcazar
do not fail fast on scan
32d953f 
Signed-off-by: Arnau Alcázar Lleopart <arnau.alcazar@seqera.io>
@arnaualcazar
added a workflow to scan commits to master
629d25c 
Signed-off-by: Arnau Alcázar Lleopart <arnau.alcazar@seqera.io>
@arnaualcazar
add branch to artifact name
832d0ff 
Signed-off-by: Arnau Alcázar Lleopart <arnau.alcazar@seqera.io>
@arnaualcazar
scan correct folder
ff2652d 
Signed-off-by: Arnau Alcázar Lleopart <arnau.alcazar@seqera.io>
@arnaualcazar
remove old workflow
dceee2b 
Signed-off-by: Arnau Alcázar Lleopart <arnau.alcazar@seqera.io>
@arnaualcazar
enable final triggers
e8edd81 
Signed-off-by: Arnau Alcázar Lleopart <arnau.alcazar@seqera.io>
@arnaualcazar arnaualcazar force-pushed the arnau/feat/sca-branch-scan branch from d7e375a to e8edd81 Compare May 29, 2025 16:09
@arnaualcazar arnaualcazar marked this pull request as ready for review May 29, 2025 16:09
@arnaualcazar arnaualcazar requested a review from pditommaso May 29, 2025 16:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pditommaso pditommaso Awaiting requested review from pditommaso

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
security
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@arnaualcazar @bentsherman