Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[ODS-6191] Security Vulnerability Check on Release Tags Added #951

Merged
merged 4 commits into from
Feb 21, 2024
Merged

[ODS-6191] Security Vulnerability Check on Release Tags Added #951

Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
bd8009a
Security Vulnerability Check on Release Tags
semalaiappan Feb 19, 2024
47d64aa
Review Comments CodeFix
semalaiappan Feb 21, 2024
e4541bd
Temparory Change - Removed
semalaiappan Feb 21, 2024
9470cea
pull_request Removed & workflow_dispatch Added
semalaiappan Feb 21, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
53 changes: 53 additions & 0 deletions .github/workflows/Security Vulnerability Check on Release Tags.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
# SPDX-License-Identifier: Apache-2.0
# Licensed to the Ed-Fi Alliance under one or more agreements.
# The Ed-Fi Alliance licenses this file to you under the Apache License, Version 2.0.
# See the LICENSE and NOTICES files in the project root for more information.

name: Security Vulnerability Check on Release Tags

on:
schedule:
- cron: '0 0 * * *'
workflow_dispatch:

jobs:
Security-Vulnerability-Check-Each-Release-Tag:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
tag: ["v5.3-patch5","v6.1-patch3","v7.1-patch1"]
axelmarquezh marked this conversation as resolved.
Show resolved Hide resolved
name: ${{ matrix.tag }} Security-Vulnerabilities Check

steps:
- name: Checkout Ed-Fi-ODS
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4
with:
repository: Ed-Fi-Alliance-OSS/Ed-Fi-ODS
path: Ed-Fi-ODS/
ref: ${{ matrix.tag }}
- name: Execute vulnerability
working-directory: ./Ed-Fi-ODS/
run: |
$slnFiles = Get-ChildItem -Path . -Filter "*.sln" -Recurse | Where-Object { $_.Name -ne "EdFi.ProjectTemplates.sln" }

foreach ($file in $slnFiles) {
dotnet restore $file.FullName | Out-Null
dotnet list $file.FullName package --vulnerable 2>&1 | Tee-Object -FilePath "build.log" -Append | Out-Null
}

# Analyze dotnet list package command log output
$logContent = Get-Content -Path "build.log" -Raw

# Check for vulnerabilities in the log output
if ($logContent -match "critical|high|moderate") {
Write-Error "Security Vulnerabilities found"
exit 1
}
shell: pwsh
- name: Upload vulnerability Artifacts
if: success() || failure()
uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8 # v4.3.0
with:
name: vulnerability-report-${{ matrix.tag }}-Artifacts
path: ${{ github.workspace }}/Ed-Fi-ODS/build.log
Loading