Skip to content

🚀 Amazing new feature #16

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
CalinL wants to merge 2 commits into from
Closed

🚀 Amazing new feature #16

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
d686a56
DevOps Shield - DevSecOps Automation - Create devopsshield-msdo-micro…
CalinL Jan 9, 2025
448b564
DevOps Shield - DevSecOps Automation - Create devopsshield-ss-gitleak…
CalinL Jan 9, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
74 changes: 74 additions & 0 deletions .github/workflows/devopsshield-msdo-microsoft-security-devops.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,74 @@
# DevOps Shield - The ultimate DevSecOps platform designed to secure your DevOps.
# https://devopsshield.com
##############################################################
# This is a DevOps Shield - Application Security - Code Security Template.

# This workflow template uses actions that are not certified by DevOps Shield.
# They are provided by a third-party and are governed by separate terms of service, privacy policy, and support documentation.

# Use this workflow template for integrating code security into your pipelines and workflows.

# DevOps Shield Workflow Template Details:
# ------------------------------------------------------------
# Code: GH_MSDO_Microsoft_Security_DevOps
# Name: Microsoft Security DevOps (MSDO) - Defender for DevOps
# DevSecOpsControls: SAST, CIS, IACS
# Provider: Microsoft
# Categories: Code Scanning, Dockerfile, Python, JavaScript, EcmaScript, TypeScript, C#, .NET, ARM Template, Bicep, Kubernetes, JSON, YAML, CloudFormation, HCL, Terraform
# Description:
# Microsoft Security DevOps (MSDO) is a command line application which integrates static analysis tools into the development cycle.
# MSDO installs, configures and runs the latest versions of static analysis tools (including, but not limited to, SDL/security and compliance tools).
# Defender for DevOps helps integrate multiple tools with Advanced Security and sends the results to Defender for Cloud dashboard.
# Please note this workflow do not integrate with Microsoft Defender For DevOps.
# You have to create an integration and provide permission before this can report data back to Azure.
# Read the official documentation to find out more.
# For more information:
# https://github.com/microsoft/security-devops-action
# https://learn.microsoft.com/en-us/azure/defender-for-cloud/github-action
# https://learn.microsoft.com/en-us/azure/defender-for-cloud/quickstart-onboard-github
# ------------------------------------------------------------
# Source repository: https://github.com/microsoft/security-devops-action
##############################################################

name: Microsoft Security DevOps (MSDO) - Defender for DevOps

on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
schedule:
- cron: 0 0 * * 0

jobs:
MSDO:
name: Microsoft Security DevOps (MSDO)

# Windows and Linux agents are supported
runs-on: windows-latest

permissions:
contents: read
# Write access for security-events is only required for customers looking for MSDO results to appear in the codeQL security alerts tab on GitHub (Requires GHAS)
security-events: write

steps:
# Checkout your code repository to scan
- uses: actions/checkout@v4

# Run analyzers
- name: Run Microsoft Security DevOps
uses: microsoft/security-devops-action@v1.6.0
id: msdo
# with:
# config: string. Optional. A file path to an MSDO configuration file ('*.gdnconfig').
# policy: 'GitHub' | 'microsoft' | 'none'. Optional. The name of a well-known Microsoft policy. If no configuration file or list of tools is provided, the policy may instruct MSDO which tools to run. Default: GitHub.
# categories: string. Optional. A comma-separated list of analyzer categories to run. Values: 'code', 'artifacts', 'IaC', 'containers'. Example: 'IaC, containers'. Defaults to all.
# languages: string. Optional. A comma-separated list of languages to analyze. Example: 'javascript,typescript'. Defaults to all.
# tools: string. Optional. A comma-separated list of analyzer tools to run. Values: 'bandit', 'binskim', 'checkov', 'eslint', 'templateanalyzer', 'terrascan', 'trivy'.

# Upload alerts to the Security tab - required for MSDO results to appear in the codeQL security alerts tab on GitHub (Requires GHAS)
- name: Upload results to Security tab
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: ${{ steps.msdo.outputs.sarifFile }}
60 changes: 60 additions & 0 deletions .github/workflows/devopsshield-ss-gitleaks.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,60 @@
# DevOps Shield - The ultimate DevSecOps platform designed to secure your DevOps.
# https://devopsshield.com
##############################################################
# This is a DevOps Shield - Application Security - Code Security Template.

# This workflow template uses actions that are not certified by DevOps Shield.
# They are provided by a third-party and are governed by separate terms of service, privacy policy, and support documentation.

# Use this workflow template for integrating code security into your pipelines and workflows.

# DevOps Shield Workflow Template Details:
# ------------------------------------------------------------
# Code: GH_SS_GITLEAKS
# Name: Gitleaks Secret Scanning
# DevSecOpsControls: SS
# Provider: Gitleaks
# Categories: Code Scanning, Secrets
# Description:
# Gitleaks is a tool for detecting and preventing hardcoded secrets like passwords, API keys, and tokens in git repos.
# Gitleaks is an easy-to-use, all-in-one solution for detecting secrets, past or present, in your code.
# Enable Gitleaks-Action in your GitHub workflows to be alerted when secrets are leaked as soon as they happen.
# A gitleaks-action license can be obtained at gitleaks.io.
# Read the official documentation to find out more.
# For more information:
# https://gitleaks.io/
# https://github.com/gitleaks
# https://blog.gitleaks.io/
# ------------------------------------------------------------
# Source repository: https://github.com/gitleaks/gitleaks-action
##############################################################

name: Gitleaks Secret Scanning

on:
push:
pull_request:
workflow_dispatch:
schedule:
- cron: 0 0 * * *

jobs:
gitleaks:
name: Gitleaks Secret Scanning

runs-on: ubuntu-latest

permissions:
contents: read

steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0

- name: Run Gitleaks
uses: gitleaks/gitleaks-action@v2
id: gitleaks
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE }} # Only required for Organizations, not personal accounts.