diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 10192fb7f..383039232 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -19,4 +19,4 @@ jobs: uses: ./.github/workflows/lint.yml test: - uses: ./.github/workflows/test.yml + uses: ./.github/workflows/test.yml \ No newline at end of file diff --git a/.pipelines/security-scans.yml b/.pipelines/security-scans.yml new file mode 100644 index 000000000..4895d04cb --- /dev/null +++ b/.pipelines/security-scans.yml @@ -0,0 +1,49 @@ +trigger: + branches: + include: + - main + +pr: none + +resources: + repositories: + - repository: codeql + type: github + name: UiPath/AzurePipelinesTemplates + ref: refs/tags/uipath.security.codeql.1.9.5 + endpoint: UiPath + - repository: fossa + type: github + name: UiPath/AzurePipelinesTemplates + ref: refs/tags/uipath.security.fossa.3.0.13 + endpoint: UiPath + +variables: + - template: ./variables.yml + +stages: + - stage: FOSSA + dependsOn: [] + jobs: + - job: FOSSA + steps: + - template: Security/fossa.steps.yml@fossa + parameters: + OS: linux + azureSubscription: $(azureInternalProductionEaConnectionName) + FOSSAFlags: '--project "Agent Hub" --branch "$(Build.SourceBranch)" --revision "$(Build.SourceVersion)-$(Build.BuildId)"' + FOSSATestFlags: '--project "Agent Hub" --revision "$(Build.SourceVersion)-$(Build.BuildId)"' + ${{ if contains(variables['Build.SourceBranch'], 'main') }}: + publishSecurityReports: true + + + - stage: CODEQL + dependsOn: [] + jobs: + - job: CODEQL + steps: + - template: Security/codeql.interpreted.steps.yml@codeql + parameters: + os: 'linux64' + language: 'python' + azureSubscription: $(azureInternalProductionEaConnectionName) \ No newline at end of file diff --git a/.pipelines/variables.yml b/.pipelines/variables.yml new file mode 100644 index 000000000..203be10e1 --- /dev/null +++ b/.pipelines/variables.yml @@ -0,0 +1,2 @@ +variables: + azureInternalProductionEaConnectionName: Internal-Production-EA \ No newline at end of file