Skip to content

Commit

Permalink
Merge pull request #15 from orcasecurity/ossf_alignment
Browse files Browse the repository at this point in the history 
Update test-container-action-sarif.yaml and test-container-action.yaml workflows
  • Loading branch information
@lior-orca
lior-orca authored May 2, 2024
2 parents 2650fa5 + 686562f commit 937ab9e
Show file tree
Hide file tree
Showing 3 changed files with 52 additions and 25 deletions.
30 changes: 17 additions & 13 deletions .github/workflows/test-container-action-sarif.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,35 +3,39 @@ name: Test sarif
on:
workflow_dispatch:

permissions:
contents: read
security-events: write

jobs:
container_scan_job:
runs-on: ubuntu-latest
permissions:
security-events: write
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # ratchet:actions/checkout@v3
- name: Scan Container Image
id: orcasecurity_container_image_scan
uses: ./
with:
api_token:
${{ secrets.ORCA_SECURITY_API_TOKEN }}
project_key:
"default"
image:
"alpine:3"
format:
"json,sarif"
output:
"results/"
api_token: ${{ secrets.ORCA_SECURITY_API_TOKEN }}
project_key: "default"
image: "alpine:3"
format: "json,sarif"
output: "results/"
console_output: "table"
- uses: actions/upload-artifact@v3
- uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # ratchet:actions/upload-artifact@v3
if: always()
with:
name: orca-results
path: results/
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@ceaec5c11a131e0d282ff3b6f095917d234caace # ratchet:github/codeql-action/upload-sarif@v2
if: ${{ always() && steps.orcasecurity_container_image_scan.outputs.exit_code != 1 }}
with:
sarif_file: results/image.sarif





27 changes: 15 additions & 12 deletions .github/workflows/test-container-action.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,27 +3,30 @@ name: Test Orca Container Image action
on:
workflow_dispatch:

permissions:
contents: read

jobs:
container_scan_job:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # ratchet:actions/checkout@v3
- name: Scan Container Image
uses: ./
with:
api_token:
${{ secrets.ORCA_SECURITY_API_TOKEN }}
project_key:
"default"
image:
"alpine:3"
format:
"json"
output:
"results/"
api_token: ${{ secrets.ORCA_SECURITY_API_TOKEN }}
project_key: "default"
image: "alpine:3"
format: "json"
output: "results/"
console_output: "table"
- uses: actions/upload-artifact@v3
- uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # ratchet:actions/upload-artifact@v3
if: always()
with:
name: orca-results
path: results/





20 changes: 20 additions & 0 deletions SECURITY.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@

## Reporting a Vulnerability

At Orca, we take security seriously and appreciate your help in disclosing any vulnerabilities responsibly and privately.

To report a security issue, please email us at address `[email protected]`

---
**Important:**

1. Please **do not** create a Github issue for security vulnerabilities.
2. Please **do not** disclose the vulnerability publicly until we have addressed it and provided guidance on the disclosure.
3. Please include the following details in your report:
- Description of the vulnerability
- Steps to reproduce the vulnerability
- Any additional information or context that might be helpful

---

> Submission of reports by any means is subject to Orca's [Vulnerability Disclosure Policy](https://trustcenter.orca.security/?itemUid=ff1626be-71c0-4468-b93c-82fe08aac01f&source=documents_card). Please make sure to read and accept before submitting your report.

0 comments on commit 937ab9e

Please sign in to comment.