Add fossa and semgrep (#95)

aryznar-splunk · web-flow · commit 533f195d5ee3 · 2022-06-29T10:15:27.000+02:00
* Add fossa and semgrep

Add fossa and semgrep

* Create .fossa.yml
diff --git a/.fossa.yml b/.fossa.yml
@@ -0,0 +1,5 @@
+version: 3
+server: https://app.fossa.com
+project:
+  id: "fluent-plugin-kubernetes-objects"
+  team: "TA-Automation"
diff --git a/.github/workflows/ci_build_test.yaml b/.github/workflows/ci_build_test.yaml
@@ -194,3 +194,36 @@ jobs:
           	--splunk-password $CI_SPLUNK_PASSWORD \
             --nodes-count $MINIKUBE_NODE_COUNTS\
           	-p no:warnings -s -n auto
+  fossa-scan:
+    continue-on-error: true
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: run fossa anlyze and create report
+        run: |
+          curl -H 'Cache-Control: no-cache' https://raw.githubusercontent.com/fossas/fossa-cli/master/install-latest.sh | bash
+          fossa analyze  --include-unused-deps --debug
+          fossa report attribution --format text > /tmp/THIRDPARTY
+        env:
+          FOSSA_API_KEY: ${{ secrets.FOSSA_API_KEY }}
+      - name: upload THIRDPARTY file
+        uses: actions/upload-artifact@v2
+        with:
+          name: THIRDPARTY
+          path: /tmp/THIRDPARTY
+      - name: run fossa test
+        run: |
+          fossa test --debug
+        env:
+          FOSSA_API_KEY: ${{ secrets.FOSSA_API_KEY }}
+  semgrep:
+    runs-on: ubuntu-latest
+    name: security-sast-semgrep
+    if: github.actor != 'dependabot[bot]'
+    steps:
+      - uses: actions/checkout@v3
+      - name: Semgrep
+        id: semgrep
+        uses: returntocorp/semgrep-action@v1
+        with:
+          publishToken: ${{ secrets.SEMGREP_PUBLISH_TOKEN }}
