Skip to content
Legitify Analyze - eu-digital-identity-wallet GH Organization

Legitify Analyze - eu-digital-identity-wallet GH Organization #18

Sign in to view logs

Legitify Analyze - eu-digital-identity-wallet GH Organization

Legitify Analyze - eu-digital-identity-wallet GH Organization #18

Workflow file for this run

.github/workflows/legitify-eudiw.yml at a5f757d
name: Legitify Analyze - eu-digital-identity-wallet GH Organization
on:
workflow_dispatch:
schedule:
- cron: '0 6 * * 1'
jobs:
analyze:
runs-on: ubuntu-latest
steps:
- uses: actions/cache@v4
with:
path: |
legitify
key: ${{ runner.os }}-legitify-1.0.7
- name: Legitify Scan - CLI
run: |
if [[ -f "legitify" ]]; then
./legitify analyze --token=${{ secrets.LEGITIFY_PAT }} --org eu-digital-identity-wallet --output-format sarif --output-file legitify_eudiw.sarif
else
wget https://legitify.legitsecurity.com/1.0.7/linux/amd64.tar.gz
tar -xzf amd64.tar.gz
./legitify analyze --token=${{ secrets.LEGITIFY_PAT }} --org eu-digital-identity-wallet --output-format sarif --output-file legitify_eudiw.sarif
fi
env:
LEGITIFY_PAT: ${{ secrets.LEGITIFY_PAT }}
- name: Send report to DefectDojo
if: (github.repository_owner == 'eu-digital-identity-wallet' && github.ref_name == 'main' && (github.event_name == 'schedule' || github.event_name == 'workflow_dispatch'))
run: |
export "SCAN_DATE=$(TZ='EET' date '+%Y-%m-%d')"
curl -X POST "$DOJO_URL/api/v2/reimport-scan/" \
-H "Authorization: Token $DOJO_TOKEN" \
-F "active=true" \
-F "scan_type=SARIF" \
-F "minimum_severity=High" \
-F "skip_duplicates=true" \
-F "close_old_findings=true" \
-F "file=@legitify_eudiw.sarif" \
-F "scan_date=$SCAN_DATE" \
-F "auto_create_context=True" \
-F "product_name=eu-digital-identity-wallet/eu-digital-identity-wallet-GitHub Organization" \
-F "engagement_name=GH Organization Security Scanning (Legitify) - eu-digital-identity-wallet/eu-digital-identity-wallet-GitHub Organization"
env:
DOJO_TOKEN: ${{ secrets.DOJO_TOKEN }}
DOJO_URL: ${{ secrets.DOJO_URL }}