Skip to content

Commit

Permalink
Add OWASP scanning to CI
Browse files Browse the repository at this point in the history
  • Loading branch information
mayank1211 committed Jan 18, 2024
1 parent 7a3fe10 commit 1c55908
Show file tree
Hide file tree
Showing 3 changed files with 258 additions and 210 deletions.
20 changes: 20 additions & 0 deletions .github/workflows/pull-request.yml
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,26 @@ jobs:
- name: Install dependencies
run: npm install

- name: Depcheck
uses: dependency-check/Dependency-Check_Action@main
id: Depcheck
with:
project: 'nhsuk-frontend'
path: '.'
format: 'HTML'
out: 'reports'
args: >
--failOnCVSS 7
--nodePackageSkipDevDependencies
--nodeAuditSkipDevDependencies
--suppression owasp-dependency-check-suppressions.xml
- name: Upload OWAPS results
uses: actions/upload-artifact@master
with:
name: Depcheck report
path: ${{github.workspace}}/reports

- name: Sonar analysis
uses: sonarsource/sonarcloud-github-action@master
with:
Expand Down
24 changes: 24 additions & 0 deletions owasp-dependency-check-suppressions.xml
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
<?xml version="1.0" encoding="UTF-8"?>
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
<!-- Ignored Vulnerabilities -->
<suppress>
<notes><![CDATA[file name: angular.min.js]]></notes>
<packageUrl regex="true">^pkg:javascript/angularjs@.*$</packageUrl>
<cve>CVE-2019-10768</cve>
</suppress>
<suppress>
<notes><![CDATA[file name: faye-websocket:0.10.0]]></notes>
<packageUrl regex="true">^pkg:npm/faye\-websocket@.*$</packageUrl>
<cve>CVE-2020-15133</cve>
</suppress>
<suppress>
<notes><![CDATA[file name: glob-parent:3.1.0]]></notes>
<packageUrl regex="true">^pkg:npm/glob\-parent@.*$</packageUrl>
<vulnerabilityName>GHSA-ww39-953v-wcq6</vulnerabilityName>
</suppress>
<suppress>
<notes><![CDATA[file name: glob-parent:3.1.0]]></notes>
<packageUrl regex="true">^pkg:npm/glob\-parent@.*$</packageUrl>
<vulnerabilityName>CVE-2020-28469</vulnerabilityName>
</suppress>
</suppressions>
Loading

0 comments on commit 1c55908

Please sign in to comment.