-
Notifications
You must be signed in to change notification settings - Fork 8
48 lines (39 loc) · 1.76 KB
/
report-validate.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
name: Works with latest GitLab version
on:
schedule:
- cron: "0 3 * * *"
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
jobs:
validate:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Install jsonschema validator
run: pip3 install jsonschema
- name: Get schemas
run: |
curl https://gitlab.com/gitlab-org/security-products/security-report-schemas/-/raw/master/dist/sast-report-format.json >> sast_schema.json
curl https://gitlab.com/gitlab-org/security-products/security-report-schemas/-/raw/master/dist/secret-detection-report-format.json >> secrets_schema.json
curl https://gitlab.com/gitlab-org/security-products/security-report-schemas/-/raw/master/dist/container-scanning-report-format.json >> container_scanning_schema.json
- name: Test all SAST reports
run: |
SAST_FILES=$(find "tests/resources/test_sast" -type f -name "*.json")
echo $SAST_FILES
for sast_file in ${SAST_FILES[@]}; do
jsonschema -i $sast_file sast_schema.json
done
- name: Test all Secrets reports
run: |
SECRETS_FILES=$(find "tests/resources/test_secrets" -type f -name "*.json")
echo $SECRETS_FILES
for secrets_file in ${SECRETS_FILES[@]}; do
jsonschema -i $secrets_file secrets_schema.json
done
- name: Test all Container Scanning reports
run: |
CONTAINER_FILES=$(find "tests/resources/test_container_scanning" -type f -name "*.json")
echo $CONTAINER_FILES
for container_file in ${CONTAINER_FILES[@]}; do
jsonschema -i $container_file container_scanning_schema.json
done