Skip to content

build(deps): bump fortify/gha-export-vulnerabilities from fcb374411cff9809028c911dabb8b57dbdae623b to d2838d7a21c0499504efe8f384573f51bea799e0 #185

build(deps): bump fortify/gha-export-vulnerabilities from fcb374411cff9809028c911dabb8b57dbdae623b to d2838d7a21c0499504efe8f384573f51bea799e0

build(deps): bump fortify/gha-export-vulnerabilities from fcb374411cff9809028c911dabb8b57dbdae623b to d2838d7a21c0499504efe8f384573f51bea799e0 #185

Workflow file for this run

# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
# 🦅 STACKHAWK https://stackhawk.com
# The StackHawk HawkScan action makes it easy to integrate dynamic application security testing (DAST) into your
# CI pipeline. See the Getting Started guide (https://docs.stackhawk.com/hawkscan/) to get up and running with
# StackHawk quickly.
# To use this workflow, you must:
#
# 1. Create an API Key and Application: Sign up for a free StackHawk account to obtain an API Key and
# create your first app and configuration file at https://app.stackhawk.com.
#
# 2. Save your API Key as a Secret: Save your API key as a GitHub Secret named HAWK_API_KEY.
#
# 3. Add your Config File: Add your stackhawk.yml configuration file to the base of your repository directory.
#
# 4. Set the Scan Failure Threshold: Add the hawk.failureThreshold configuration option
# (https://docs.stackhawk.com/hawkscan/configuration/#hawk) to your stackhawk.yml configuration file. If your scan
# produces alerts that meet or exceed the hawk.failureThreshold alert level, the scan will return exit code 42
# and trigger a Code Scanning alert with a link to your scan results.
#
# 5. Update the "Start your service" Step: Update the "Start your service" step in the StackHawk workflow below to
# start your service so that it can be scanned with the "Run HawkScan" step.
name: "StackHawk"
on:
push:
branches: [ "master" ]
pull_request:
branches: [ "master" ]
schedule:
- cron: '45 23 * * 4'
permissions:
contents: read
jobs:
stackhawk:
permissions:
contents: read # for actions/checkout to fetch code
security-events: write # for stackhawk/hawkscan-action to upload code scanning alert info
name: StackHawk
runs-on: ubuntu-20.04
steps:
- name: Harden Runner
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
with:
egress-policy: audit
- name: Checkout code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Start your service
run: ./your-service.sh & # ✏️ Update this to run your own service to be scanned
- name: Run HawkScan
uses: stackhawk/hawkscan-action@c1e45bcbf45150d9bb7b3c173267fb92f0e651e5
continue-on-error: true # ✏️ Set to false to break your build on scan errors
with:
apiKey: ${{ secrets.HAWK_API_KEY }}
codeScanningAlerts: true
githubToken: ${{ github.token }}