diff --git a/.github/workflows/fossa-scan.yaml b/.github/workflows/fossa-scan.yaml deleted file mode 100644 index 4add2cfb6..000000000 --- a/.github/workflows/fossa-scan.yaml +++ /dev/null @@ -1,13 +0,0 @@ -name: Fossa Scan -on: - workflow_dispatch: - schedule: - - cron: "0 20 * * *" -jobs: - fossa-scan: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - uses: fossas/fossa-action@main # Use a specific version if locking is preferred - with: - api-key: ${{secrets.FOSSA_APIKEY}} diff --git a/.github/workflows/frogbot-scan-repository.yml b/.github/workflows/frogbot-scan-repository.yml deleted file mode 100644 index 34626793e..000000000 --- a/.github/workflows/frogbot-scan-repository.yml +++ /dev/null @@ -1,142 +0,0 @@ -name: "Frogbot Scan Repository" -on: - workflow_dispatch: - schedule: - # The repository will be scanned once a day at 00:00 GMT. - - cron: "0 0 * * *" -permissions: - contents: write - pull-requests: write - security-events: write -jobs: - scan-repository: - runs-on: ubuntu-latest - strategy: - matrix: - # The repository scanning will be triggered periodically on the following branches. - branch: ["main"] - steps: - - uses: jfrog/frogbot@v2 - env: - # [Mandatory] - # JFrog platform URL - JF_URL: ${{ secrets.JF_URL }} - - # [Mandatory if JF_USER and JF_PASSWORD are not provided] - # JFrog access token with 'read' permissions on Xray service - JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }} - - # [Mandatory if JF_ACCESS_TOKEN is not provided] - # JFrog username with 'read' permissions for Xray. Must be provided with JF_PASSWORD - # JF_USER: ${{ secrets.JF_USER }} - - # [Mandatory if JF_ACCESS_TOKEN is not provided] - # JFrog password. Must be provided with JF_USER - # JF_PASSWORD: ${{ secrets.JF_PASSWORD }} - - # [Mandatory] - # The GitHub token is automatically generated for the job - JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - # [Mandatory] - # The name of the branch on which Frogbot will perform the scan - JF_GIT_BASE_BRANCH: ${{ matrix.branch }} - - # [Optional, default: https://api.github.com] - # API endpoint to GitHub - # JF_GIT_API_ENDPOINT: https://github.example.com - - # [Optional] - # By default, the Frogbot workflows download the Frogbot executable as well as other tools - # needed from https://releases.jfrog.io - # If the machine that runs Frogbot has no access to the internet, follow these steps to allow the - # executable to be downloaded from an Artifactory instance, which the machine has access to: - # - # 1. Login to the Artifactory UI, with a user who has admin credentials. - # 2. Create a Remote Repository with the following properties set. - # Under the 'Basic' tab: - # Package Type: Generic - # URL: https://releases.jfrog.io - # Under the 'Advanced' tab: - # Uncheck the 'Store Artifacts Locally' option - # 3. Set the value of the 'JF_RELEASES_REPO' variable with the Repository Key you created. - # JF_RELEASES_REPO: "" - - ########################################################################## - ## If your project uses a 'frogbot-config.yml' file, you can define ## - ## the following variables inside the file, instead of here. ## - ########################################################################## - - # [Optional, default: "."] - # Relative path to the root of the project in the Git repository. If left empty (without providing "." yourself as default), a recursive scan is triggered from the root directory of the project. - # JF_WORKING_DIR: path/to/project/dir - - # [Default: "*git*;*node_modules*;*target*;*venv*;*test*"] - # List of exclusion patterns (utilizing wildcards) for excluding paths in the source code of the Git repository during SCA scans. - # JF_PATH_EXCLUSIONS: "*git*;*node_modules*;*target*;*venv*;*test*" - - # [Optional] - # Xray Watches. Learn more about them here: https://www.jfrog.com/confluence/display/JFROG/Configuring+Xray+Watches - # JF_WATCHES: ,... - - # [Optional] - # JFrog project. Learn more about it here: https://www.jfrog.com/confluence/display/JFROG/Projects - # JF_PROJECT: - - # [Optional, default: "TRUE"] - # Fails the Frogbot task if any security issue is found. - # JF_FAIL: "FALSE" - - # [Optional] - # Frogbot will download the project dependencies, if they're not cached locally. To download the - # dependencies from a virtual repository in Artifactory, set the name of the repository. There's no - # need to set this value, if it is set in the frogbot-config.yml file. - # JF_DEPS_REPO: "" - - # [Optional] - # Template for the branch name generated by Frogbot when creating pull requests with fixes. - # The template must include {BRANCH_NAME_HASH}, to ensure that the generated branch name is unique. - # The template can optionally include the {IMPACTED_PACKAGE} and {FIX_VERSION} variables. - # JF_BRANCH_NAME_TEMPLATE: "frogbot-{IMPACTED_PACKAGE}-{BRANCH_NAME_HASH}" - - # [Optional] - # Template for the commit message generated by Frogbot when creating pull requests with fixes - # The template can optionally include the {IMPACTED_PACKAGE} and {FIX_VERSION} variables. - # JF_COMMIT_MESSAGE_TEMPLATE: "Upgrade {IMPACTED_PACKAGE} to {FIX_VERSION}" - - # [Optional] - # Template for the pull request title generated by Frogbot when creating pull requests with fixes. - # The template can optionally include the {IMPACTED_PACKAGE} and {FIX_VERSION} variables. - # JF_PULL_REQUEST_TITLE_TEMPLATE: "[🐸 Frogbot] Upgrade {IMPACTED_PACKAGE} to {FIX_VERSION}" - - # [Optional, Default: "FALSE"] - # If TRUE, Frogbot creates a single pull request with all the fixes. - # If FALSE, Frogbot creates a separate pull request for each fix. - # JF_GIT_AGGREGATE_FIXES: "FALSE" - - # [Optional, Default: "FALSE"] - # Handle vulnerabilities with fix versions only - # JF_FIXABLE_ONLY: "TRUE" - - # [Optional] - # Set the minimum severity for vulnerabilities that should be fixed and commented on in pull requests - # The following values are accepted: Low, Medium, High or Critical - # JF_MIN_SEVERITY: "" - - # [Optional, Default: eco-system+frogbot@jfrog.com] - # Set the email of the commit author - # JF_GIT_EMAIL_AUTHOR: "" - - # [Optional] - # Set the list of allowed licenses - # The full list of licenses can be found in: - # https://github.com/jfrog/frogbot/blob/master/docs/licenses.md - # JF_ALLOWED_LICENSES: "MIT, Apache-2.0" - - # [Optional] - # Avoid adding extra info to pull request comments. that isn't related to the scan findings. - # JF_AVOID_EXTRA_MESSAGES: "TRUE" - - # [Optional] - # Add a title to pull request comments generated by Frogbot. - # JF_PR_COMMENT_TITLE: "" \ No newline at end of file diff --git a/.github/workflows/jfrog-scan-docker-images.yml b/.github/workflows/jfrog-scan-docker-images.yml index 6a6adaeac..b93876202 100644 --- a/.github/workflows/jfrog-scan-docker-images.yml +++ b/.github/workflows/jfrog-scan-docker-images.yml @@ -52,4 +52,9 @@ jobs: run: | docker pull wso2/apk-ratelimiter:latest jf docker scan wso2/apk-ratelimiter:latest + - name: Scan APIM APK Agent + shell: sh + run: | + docker pull wso2/apim-apk-agent:latest + jf docker scan wso2/apim-apk-agent:latest \ No newline at end of file diff --git a/adapter/build.gradle b/adapter/build.gradle index f7ff80936..e3b674c40 100644 --- a/adapter/build.gradle +++ b/adapter/build.gradle @@ -79,12 +79,4 @@ task build{ dependsOn docker_build } -task buildClean(type: Delete) { - delete rootProject.buildDir -} - -tasks.named('clean').configure { - dependsOn buildClean -} - afterReleaseBuild.dependsOn "docker_push"