Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/rmkanda/gh-actions-secure-pipeline-java-demo

Sample Secure Pipeline with GithHub Actions - Ideal for Open Source Projects
https://github.com/rmkanda/gh-actions-secure-pipeline-java-demo

demo devops devsecops devsecops-best-practices devsecops-pipeline github github-actions java pipeline security security-tools

Last synced: 7 days ago
JSON representation

Sample Secure Pipeline with GithHub Actions - Ideal for Open Source Projects

Host: GitHub
URL: https://github.com/rmkanda/gh-actions-secure-pipeline-java-demo
Owner: rmkanda
License: mit
Created: 2021-03-07T11:46:59.000Z (over 3 years ago)
Default Branch: main
Last Pushed: 2023-02-27T03:08:41.000Z (over 1 year ago)
Last Synced: 2023-03-03T07:49:31.914Z (over 1 year ago)
Topics: demo, devops, devsecops, devsecops-best-practices, devsecops-pipeline, github, github-actions, java, pipeline, security, security-tools
Language: Java
Homepage:
Size: 116 KB
Stars: 1
Watchers: 2
Forks: 0
Open Issues: 5
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        # [Java] [GitHub Actions] Secure Pipelines Demo

[![Secure Pipeline Demo - Java](https://github.com/rmkanda/gh-actions-secure-pipeline-java-demo/actions/workflows/build.yaml/badge.svg)](https://github.com/rmkanda/gh-actions-secure-pipeline-java-demo/actions/workflows/build.yaml)

Sample Secure Pipeline with GithHub Actions - Ideal for Open Source Projects

## Setup

- Add Snyk API Token in GitHub Repositority Secrets - SNYK_TOKEN

- Add Git Guardian API Token for in GitHub Repositority Secrets - GITGUARDIAN_API_KEY

## Actions Used

| Step                     | Github Action                                                                            | Comments | Open Source Alternative                             |

| ------------------------ | ---------------------------------------------------------------------------------------- | -------- | --------------------------------------------------- |

| Secrets Scanner          | [GitGuardian](https://github.com/GitGuardian/gg-shield-action)                           |          | [truffleHog](https://github.com/dxa4481/truffleHog) |

| SCA - Dependency Checker | [snyk](https://github.com/marketplace/actions/snyk)                                      |          | OWASP Dependency Check                              |

| Static Code Analysis     | [Spot Bugs](https://github.com/jwgmeligmeyling/spotbugs-github-action)                   |          |                                                     |

| Static Code Analysis     | [CodeQL](https://github.com/github/codeql-action)                                        |          |                                                     |

| Container Scan           | [Anchore](https://github.com/marketplace/actions/anchore-container-scan)                 |          |                                                     |

| Container Lint           | [Dockle](https://github.com/marketplace/actions/runs-dockle)                             |          |                                                     |

| K8s Hardening            | [Dockle](https://github.com/marketplace/actions/controlplane-kubesec)                    |          |                                                     |

| License Checker          | [License finder](https://github.com/pivotal/LicenseFinder)                               |          |                                                     |

| DAST                     | [OWASP ZAP Basline Scan](https://github.com/marketplace/actions/owasp-zap-baseline-scan) |          |                                                     |

|                          |                                                                                          |          |                                                     |

# Pipeline

![GitHub Pipeline](imgs/pipeline_light.png)