From 361dcd49c8f249505356f44eea98d41d1bd41739 Mon Sep 17 00:00:00 2001 From: shafeeqd959 Date: Mon, 29 Jan 2024 16:55:35 +0530 Subject: [PATCH 01/27] readme file update --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 1cea424..10c272d 100644 --- a/README.md +++ b/README.md @@ -23,11 +23,11 @@ and rectify them. ```sh-session $ npm install -g @contentstack/cli -$ csdx plugins:install https://github.com/contentstack/cli-cm-regex-validate/releases/download/v1.1.12/contentstack-cli-cm-regex-validate-1.1.12.tgz +$ csdx plugins:install https://github.com/contentstack/cli-cm-regex-validate/releases/download/v1.13.0/contentstack-cli-cm-regex-validate-1.13.0.tgz $ csdx plugins running command... -@contentstack/cli-cm-regex-validate/1.1.12 darwin-arm64 node-v20.8.0 +@contentstack/cli-cm-regex-validate/1.13.0 darwin-arm64 node-v20.8.0 $ csdx --help [COMMAND] USAGE From 6f077da352811fa4d8befd104a4752bf2a2cab2a Mon Sep 17 00:00:00 2001 From: shafeeqd959 Date: Mon, 29 Jan 2024 17:00:51 +0530 Subject: [PATCH 02/27] fixed version --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 10c272d..3155988 100644 --- a/README.md +++ b/README.md @@ -23,11 +23,11 @@ and rectify them. ```sh-session $ npm install -g @contentstack/cli -$ csdx plugins:install https://github.com/contentstack/cli-cm-regex-validate/releases/download/v1.13.0/contentstack-cli-cm-regex-validate-1.13.0.tgz +$ csdx plugins:install https://github.com/contentstack/cli-cm-regex-validate/releases/download/v1.2.0/contentstack-cli-cm-regex-validate-1.2.0.tgz $ csdx plugins running command... -@contentstack/cli-cm-regex-validate/1.13.0 darwin-arm64 node-v20.8.0 +@contentstack/cli-cm-regex-validate/1.2.0 darwin-arm64 node-v20.8.0 $ csdx --help [COMMAND] USAGE From 42578b5be5926bd95b4cf3ae03572f5e8ac12386 Mon Sep 17 00:00:00 2001 From: Aravind Kumar Date: Mon, 5 Feb 2024 21:32:25 +0530 Subject: [PATCH 03/27] sca-scan.yml --- .github/workflows/sca-scan.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/sca-scan.yml b/.github/workflows/sca-scan.yml index bf9c1eb..f09161f 100644 --- a/.github/workflows/sca-scan.yml +++ b/.github/workflows/sca-scan.yml @@ -3,7 +3,7 @@ on: pull_request: types: [opened, synchronize, reopened] jobs: - security: + security-sca: runs-on: ubuntu-latest steps: - uses: actions/checkout@master From aac5e3272ac279168091ee48503ad519c37a7cca Mon Sep 17 00:00:00 2001 From: Aravind Kumar Date: Mon, 5 Feb 2024 21:32:38 +0530 Subject: [PATCH 04/27] jira.yml --- .github/workflows/jira.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/.github/workflows/jira.yml b/.github/workflows/jira.yml index 5ddf87a..caa4bbd 100644 --- a/.github/workflows/jira.yml +++ b/.github/workflows/jira.yml @@ -3,7 +3,7 @@ on: pull_request: types: [opened] jobs: - security: + security-jira: if: ${{ github.actor == 'dependabot[bot]' || github.actor == 'snyk-bot' || contains(github.event.pull_request.head.ref, 'snyk-fix-') || contains(github.event.pull_request.head.ref, 'snyk-upgrade-')}} runs-on: ubuntu-latest steps: @@ -26,3 +26,8 @@ jobs: PR: ${{ github.event.pull_request.html_url }} fields: "${{ secrets.JIRA_FIELDS }}" + - name: Transition issue + uses: atlassian/gajira-transition@v3 + with: + issue: ${{ steps.create.outputs.issue }} + transition: ${{ secrets.JIRA_TRANSITION }} From b9858263a89157dd1ca2130913c12dc364102d7a Mon Sep 17 00:00:00 2001 From: Aravind Kumar Date: Mon, 5 Feb 2024 21:32:39 +0530 Subject: [PATCH 05/27] sast-scan.yml --- .github/workflows/sast-scan.yml | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 .github/workflows/sast-scan.yml diff --git a/.github/workflows/sast-scan.yml b/.github/workflows/sast-scan.yml new file mode 100644 index 0000000..3b9521a --- /dev/null +++ b/.github/workflows/sast-scan.yml @@ -0,0 +1,11 @@ +name: SAST Scan +on: + pull_request: + types: [opened, synchronize, reopened] +jobs: + security-sast: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - name: Semgrep Scan + run: docker run -v /var/run/docker.sock:/var/run/docker.sock -v "${PWD}:/src" returntocorp/semgrep semgrep scan --config auto \ No newline at end of file From 7a7934f0e5f083a910f7d4df2e948cd814e95266 Mon Sep 17 00:00:00 2001 From: Aravind Kumar Date: Mon, 5 Feb 2024 21:32:40 +0530 Subject: [PATCH 06/27] secrets-scan.yml --- .github/workflows/secrets-scan.yml | 60 ++++++++++++++++++++++++++++++ 1 file changed, 60 insertions(+) create mode 100644 .github/workflows/secrets-scan.yml diff --git a/.github/workflows/secrets-scan.yml b/.github/workflows/secrets-scan.yml new file mode 100644 index 0000000..bceb864 --- /dev/null +++ b/.github/workflows/secrets-scan.yml @@ -0,0 +1,60 @@ +name: Secrets Scan +on: + pull_request: + types: [opened, synchronize, reopened] +jobs: + security-secrets: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + with: + fetch-depth: 0 + + - name: Install Expect, jq and Python + run: sudo apt-get install -y expect jq python3 python3-pip wkhtmltopdf + + - name: Install Python packages + run: pip install pandas json2html tabulate + + - name: Install Talisman + run: | + curl --silent https://thoughtworks.github.io/talisman/scripts/install.bash > install.bash + chmod +x install.bash + expect -c ' + set timeout -1 + spawn ./install.bash --pre-push + expect "PLEASE CHOOSE WHERE YOU WISH TO SET TALISMAN_HOME VARIABLE AND talisman binary PATH (Enter option number): " + send "4\r" + expect "No git template directory is configured. Let'\''s add one." + send "1\r" + interact + ' + + - name: Run Talisman + id: run_talisman + run: ~/.talisman/bin/talisman_linux_amd64 --scan + continue-on-error: true + + - name: Convert JSON to HTML + run: | + python3 -c " + import json + import os + from json2html import * + with open('talisman_report/talisman_reports/data/report.json') as f: + data = json.load(f) + html = json2html.convert(json = data) + os.makedirs('talisman_html_report', exist_ok=True) + with open('talisman_html_report/report.html', 'w') as f: + f.write(html) + " && wkhtmltopdf talisman_html_report/report.html talisman_report.pdf + + - name: Upload Report + uses: actions/upload-artifact@v2 + with: + name: talisman-report-pdf + path: talisman_report.pdf + + - name: Check the status of talisman scan + run: | + if [[ ${{ steps.run_talisman.outcome }} == "success" ]]; then exit 0; else echo "Download the Talisman scan report from Artifact" && exit 1; fi From d7fd3b76074cd43ee95c329c00aa577e493e5325 Mon Sep 17 00:00:00 2001 From: Aravind Kumar Date: Mon, 5 Feb 2024 21:32:41 +0530 Subject: [PATCH 07/27] codeql-analysis.yml From 57b9d66d427424b58813d651f6396c1026539f50 Mon Sep 17 00:00:00 2001 From: Aravind Kumar Date: Mon, 5 Feb 2024 22:57:39 +0530 Subject: [PATCH 08/27] sca-scan.yml From 02c2aa16815c2f8cc9b65d3182170ed278b92d19 Mon Sep 17 00:00:00 2001 From: Aravind Kumar Date: Mon, 5 Feb 2024 22:57:53 +0530 Subject: [PATCH 09/27] jira.yml From dab667279c5f3a14d7c2db3148d4c76b96e4b7d5 Mon Sep 17 00:00:00 2001 From: Aravind Kumar Date: Mon, 5 Feb 2024 22:57:54 +0530 Subject: [PATCH 10/27] sast-scan.yml From 2d2626468df77a75e15bdb064ad02c4f9519bb9a Mon Sep 17 00:00:00 2001 From: Aravind Kumar Date: Mon, 5 Feb 2024 22:57:55 +0530 Subject: [PATCH 11/27] secrets-scan.yml --- .github/workflows/secrets-scan.yml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/.github/workflows/secrets-scan.yml b/.github/workflows/secrets-scan.yml index bceb864..8156b83 100644 --- a/.github/workflows/secrets-scan.yml +++ b/.github/workflows/secrets-scan.yml @@ -34,7 +34,7 @@ jobs: id: run_talisman run: ~/.talisman/bin/talisman_linux_amd64 --scan continue-on-error: true - + - name: Convert JSON to HTML run: | python3 -c " @@ -48,13 +48,14 @@ jobs: with open('talisman_html_report/report.html', 'w') as f: f.write(html) " && wkhtmltopdf talisman_html_report/report.html talisman_report.pdf - + - name: Upload Report - uses: actions/upload-artifact@v2 + id: upload_report + uses: actions/upload-artifact@v4 with: name: talisman-report-pdf path: talisman_report.pdf - name: Check the status of talisman scan run: | - if [[ ${{ steps.run_talisman.outcome }} == "success" ]]; then exit 0; else echo "Download the Talisman scan report from Artifact" && exit 1; fi + if [[ ${{ steps.run_talisman.outcome }} == "success" ]]; then exit 0; else echo "Download the Talisman scan report from Artifact: ${{ steps.upload_report.outputs.artifact-url }}" && exit 1; fi \ No newline at end of file From b09f9ab510bd41c463f898d21b9b912751c8b37a Mon Sep 17 00:00:00 2001 From: Aravind Kumar Date: Mon, 5 Feb 2024 22:57:56 +0530 Subject: [PATCH 12/27] codeql-analysis.yml From 617671078a32e16383ec9c35f4c9f9a8c76ecfdd Mon Sep 17 00:00:00 2001 From: Aravind Kumar Date: Tue, 6 Feb 2024 08:48:07 +0530 Subject: [PATCH 13/27] sca-scan.yml From dec7df8c619d724bec781829247f72e7bb56e19c Mon Sep 17 00:00:00 2001 From: Aravind Kumar Date: Tue, 6 Feb 2024 08:48:19 +0530 Subject: [PATCH 14/27] jira.yml From 49194658af18d9fe6bfbb8ed108671a8b7ea4995 Mon Sep 17 00:00:00 2001 From: Aravind Kumar Date: Tue, 6 Feb 2024 08:48:19 +0530 Subject: [PATCH 15/27] sast-scan.yml From c391b3e022cc9bd95ecbaef5d0c083cf74c0252e Mon Sep 17 00:00:00 2001 From: Aravind Kumar Date: Tue, 6 Feb 2024 08:48:20 +0530 Subject: [PATCH 16/27] secrets-scan.yml --- .github/workflows/secrets-scan.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/secrets-scan.yml b/.github/workflows/secrets-scan.yml index 8156b83..e11741d 100644 --- a/.github/workflows/secrets-scan.yml +++ b/.github/workflows/secrets-scan.yml @@ -58,4 +58,5 @@ jobs: - name: Check the status of talisman scan run: | - if [[ ${{ steps.run_talisman.outcome }} == "success" ]]; then exit 0; else echo "Download the Talisman scan report from Artifact: ${{ steps.upload_report.outputs.artifact-url }}" && exit 1; fi \ No newline at end of file + # if [[ ${{ steps.run_talisman.outcome }} == "success" ]]; then exit 0; else echo "Download the Talisman scan report from Artifact: ${{ steps.upload_report.outputs.artifact-url }}" && exit 1; fi + echo "Download the Talisman scan report from Artifact: ${{ steps.upload_report.outputs.artifact-url }}"; \ No newline at end of file From 994f6cb2c837d31cbccf7b9c9e435b2865295506 Mon Sep 17 00:00:00 2001 From: Aravind Kumar Date: Tue, 6 Feb 2024 08:48:21 +0530 Subject: [PATCH 17/27] codeql-analysis.yml From 062e16038de2bd7797046b07133f272b36a921d7 Mon Sep 17 00:00:00 2001 From: Aravind Kumar Date: Thu, 8 Feb 2024 14:20:22 +0530 Subject: [PATCH 18/27] sca-scan.yml From 23cc4c1e847523688293bcc1cdaf774e8c881c17 Mon Sep 17 00:00:00 2001 From: Aravind Kumar Date: Thu, 8 Feb 2024 14:20:34 +0530 Subject: [PATCH 19/27] jira.yml From 9c5d575320be13cce65f124f77fc00322df0c647 Mon Sep 17 00:00:00 2001 From: Aravind Kumar Date: Thu, 8 Feb 2024 14:20:35 +0530 Subject: [PATCH 20/27] sast-scan.yml From 77d407d4a17929b6889b94a5f752339c1397e67e Mon Sep 17 00:00:00 2001 From: Aravind Kumar Date: Thu, 8 Feb 2024 14:20:36 +0530 Subject: [PATCH 21/27] secrets-scan.yml --- .github/workflows/secrets-scan.yml | 14 +++----------- 1 file changed, 3 insertions(+), 11 deletions(-) diff --git a/.github/workflows/secrets-scan.yml b/.github/workflows/secrets-scan.yml index e11741d..eca3c48 100644 --- a/.github/workflows/secrets-scan.yml +++ b/.github/workflows/secrets-scan.yml @@ -18,21 +18,13 @@ jobs: - name: Install Talisman run: | - curl --silent https://thoughtworks.github.io/talisman/scripts/install.bash > install.bash + curl --silent https://raw.githubusercontent.com/thoughtworks/talisman/v1.32.0/install.sh > install.bash chmod +x install.bash - expect -c ' - set timeout -1 - spawn ./install.bash --pre-push - expect "PLEASE CHOOSE WHERE YOU WISH TO SET TALISMAN_HOME VARIABLE AND talisman binary PATH (Enter option number): " - send "4\r" - expect "No git template directory is configured. Let'\''s add one." - send "1\r" - interact - ' + ./install.bash - name: Run Talisman id: run_talisman - run: ~/.talisman/bin/talisman_linux_amd64 --scan + run: /usr/local/bin/talisman --scan continue-on-error: true - name: Convert JSON to HTML From 4e1cef6b4f1936ce98de556466abaebd3d2c308c Mon Sep 17 00:00:00 2001 From: Aravind Kumar Date: Thu, 8 Feb 2024 14:20:37 +0530 Subject: [PATCH 22/27] codeql-analysis.yml From 65a6b172d0505bb39f280117c1dedaf3d085c0f2 Mon Sep 17 00:00:00 2001 From: Aravind Kumar Date: Fri, 17 May 2024 20:28:36 +0530 Subject: [PATCH 23/27] sca-scan.yml From e3957bd7b01a446a3b51aeff4fabe6eb196a4f04 Mon Sep 17 00:00:00 2001 From: Aravind Kumar Date: Fri, 17 May 2024 20:28:47 +0530 Subject: [PATCH 24/27] jira.yml From e1a90863b973fe10d5fb13bac8d7ab5359092eae Mon Sep 17 00:00:00 2001 From: Aravind Kumar Date: Fri, 17 May 2024 20:28:48 +0530 Subject: [PATCH 25/27] sast-scan.yml From 7af2073801926a3783a4ec51a7e9ec0cc7dd1f28 Mon Sep 17 00:00:00 2001 From: Aravind Kumar Date: Fri, 17 May 2024 20:28:49 +0530 Subject: [PATCH 26/27] Delete secrets-scan.yml --- .github/workflows/secrets-scan.yml | 54 ------------------------------ 1 file changed, 54 deletions(-) delete mode 100644 .github/workflows/secrets-scan.yml diff --git a/.github/workflows/secrets-scan.yml b/.github/workflows/secrets-scan.yml deleted file mode 100644 index eca3c48..0000000 --- a/.github/workflows/secrets-scan.yml +++ /dev/null @@ -1,54 +0,0 @@ -name: Secrets Scan -on: - pull_request: - types: [opened, synchronize, reopened] -jobs: - security-secrets: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - - name: Install Expect, jq and Python - run: sudo apt-get install -y expect jq python3 python3-pip wkhtmltopdf - - - name: Install Python packages - run: pip install pandas json2html tabulate - - - name: Install Talisman - run: | - curl --silent https://raw.githubusercontent.com/thoughtworks/talisman/v1.32.0/install.sh > install.bash - chmod +x install.bash - ./install.bash - - - name: Run Talisman - id: run_talisman - run: /usr/local/bin/talisman --scan - continue-on-error: true - - - name: Convert JSON to HTML - run: | - python3 -c " - import json - import os - from json2html import * - with open('talisman_report/talisman_reports/data/report.json') as f: - data = json.load(f) - html = json2html.convert(json = data) - os.makedirs('talisman_html_report', exist_ok=True) - with open('talisman_html_report/report.html', 'w') as f: - f.write(html) - " && wkhtmltopdf talisman_html_report/report.html talisman_report.pdf - - - name: Upload Report - id: upload_report - uses: actions/upload-artifact@v4 - with: - name: talisman-report-pdf - path: talisman_report.pdf - - - name: Check the status of talisman scan - run: | - # if [[ ${{ steps.run_talisman.outcome }} == "success" ]]; then exit 0; else echo "Download the Talisman scan report from Artifact: ${{ steps.upload_report.outputs.artifact-url }}" && exit 1; fi - echo "Download the Talisman scan report from Artifact: ${{ steps.upload_report.outputs.artifact-url }}"; \ No newline at end of file From edf5aade43c4565a1568ac10e8ffc12faa84f866 Mon Sep 17 00:00:00 2001 From: Aravind Kumar Date: Fri, 17 May 2024 20:28:50 +0530 Subject: [PATCH 27/27] codeql-analysis.yml