darkhelm/notifications-admin
1
0
Fork 0
mirror of https://github.com/GSA/notifications-admin.git synced 2025-12-11 07:33:36 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
3341c08245f3daa742f753078d1271630938f06b
notifications-admin/.github/workflows/checks.yml
Ryan Ahearn 3341c08245 Add owasp baseline scan with Scanning environment
2022-08-26 17:08:35 -04:00

84 lines
2.2 KiB
YAML
Raw Blame History

name: Run checks
on: [push]
permissions:
contents: read
env:
NOTIFY_ENVIRONMENT: test
FLASK_APP: application.py
FLASK_ENV: development
WERKZEUG_DEBUG_PIN: off
REDIS_URL: redis://adminredis:6379/0
DEV_REDIS_URL: redis://adminredis:6379/0
REDIS_ENABLED: False
ANTIVIRUS_ENABLED: 0
NODE_VERSION: 16.15.1
ADMIN_CLIENT_ID: notify-admin
ADMIN_CLIENT_USERNAME: notify-admin
ADMIN_CLIENT_SECRET: dev-notify-secret-key
GOVUK_ALERTS_CLIENT_ID: govuk-alerts
ADMIN_BASE_URL: http://localhost:6012
API_HOST_NAME: http://localhost:6011
DEV_API_HOST_NAME: http://localhost:6011
AWS_REGION: us-west-2
BASIC_AUTH_USERNAME: curiousabout
BASIC_AUTH_PASSWORD: the10xnotifybeta
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: ./.github/actions/setup-project
- name: Run style checks
run: flake8 .
- name: Check imports alphabetized
run: isort --check-only ./app ./tests
- name: Run js tests
run: npm test
- name: Run py tests
run: pytest -n4 --maxfail=10
dependency-audits:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: ./.github/actions/setup-project
- uses: trailofbits/gh-action-pip-audit@v1.0.0
with:
inputs: requirements.txt requirements_for_test.txt
ignore-vulns: PYSEC-2022-237
- name: Run npm audit
run: make npm-audit
static-scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: ./.github/actions/setup-project
- name: Install bandit
run: pip install bandit
- name: Run scan
run: bandit -r app/ --confidence-level medium
dynamic-scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: ./.github/actions/setup-project
- name: Run server
run: make run-flask &
env:
NOTIFY_ENVIRONMENT: scanning
- name: Run OWASP Baseline Scan
uses: zaproxy/action-baseline@v0.7.0
with:
docker_name: 'owasp/zap2docker-weekly'
target: 'http://localhost:6012'
fail_action: true
allow_issue_writing: false
rules_file_name: 'zap.conf'
cmd_options: '-I'
Reference in New Issue View Git Blame Copy Permalink