Update apisec-scan.yml #6
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This workflow uses actions that are not certified by GitHub. | ||
| # They are provided by a third-party and are governed by | ||
| # separate terms of service, privacy policy, and support | ||
| # documentation. | ||
| # APIsec addresses the critical need to secure APIs before they reach production. | ||
| # APIsec provides the industry’s only automated and continuous API testing platform that uncovers security vulnerabilities and logic flaws in APIs. | ||
| # Clients rely on APIsec to evaluate every update and release, ensuring that no APIs go to production with vulnerabilities. | ||
| # How to Get Started with APIsec.ai | ||
| # 1. Schedule a demo at https://www.apisec.ai/request-a-demo . | ||
| # | ||
| # 2. Register your account at https://cloud.apisec.ai/#/signup . | ||
| # | ||
| # 3. Register your API . See the video (https://www.youtube.com/watch?v=MK3Xo9Dbvac) to get up and running with APIsec quickly. | ||
| # | ||
| # 4. Get GitHub Actions scan attributes from APIsec Project -> Configurations -> Integrations -> CI-CD -> GitHub Actions | ||
| # | ||
| # apisec-run-scan | ||
| # | ||
| # This action triggers the on-demand scans for projects registered in APIsec. | ||
| # If your GitHub account allows code scanning alerts, you can then upload the sarif file generated by this action to show the scan findings. | ||
| # Else you can view the scan results from the project home page in APIsec Platform. | ||
| # The link to view the scan results is also displayed on the console on successful completion of action. | ||
| # This is a starter workflow to help you get started with APIsec-Scan Actions | ||
| name: APIsec | ||
| # Controls when the workflow will run | ||
| on: | ||
| # Triggers the workflow on push or pull request events but only for the "Principal" branch | ||
| # Customize trigger events based on your DevSecOps processes. | ||
| push: | ||
| branches: [ "Principal", "Main" ] | ||
| pull_request: | ||
| branches: [ "Principal" ] | ||
| schedule: | ||
| - cron: '21 8 * * 4' | ||
| # Allows you to run this workflow manually from the Actions tab | ||
| workflow_dispatch: | ||
| permissions: | ||
| contents: read | ||
| jobs: | ||
| Trigger_APIsec_scan: | ||
| permissions: | ||
| security-events: write # for github/codeql-action/upload-sarif to upload SARIF results | ||
| actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: APIsec scan | ||
| uses: apisec-inc/apisec-run-scan@025432089674a28ba8fb55f8ab06c10215e772ea | ||
| with: | ||
| # The APIsec username with which the scans will be executed | ||
| apisec-username: ${{ secrets.apisec_username }} | ||
| # The Password of the APIsec user with which the scans will be executed | ||
| apisec-password: ${{ secrets.apisec_password}} | ||
| # The name of the project for security scan | ||
| apisec-project: "VAmPI" | ||
| # The name of the sarif format result file The file is written only if this property is provided. | ||
| sarif-result-file: "apisec-results.sarif" | ||
| - name: Import results | ||
| uses: github/codeql-action/upload-sarif@v2 | ||
| with: | ||
| sarif_file: ./apisec-results.sarif | ||
| [](https://github.com/DawallAZllon91/La-Pingui/actions/workflows/apisec-scan.yml) | ||
| - nombre: Configurar el SDK de .NET Core | ||
| usos: acciones/setup-dotnet@v4.0.0 | ||
| con: | ||
| # Versiones de SDK opcionales a utilizar. Si no se proporciona, instalará la versión global.json cuando esté disponible. Ejemplos: 2.2.104, 3.1, 3.1.x, 3.x, 6.0.2xx | ||
| versión dotnet: # opcional | ||
| # Calidad opcional de la construcción. Los valores posibles son: diario, firmado, validado, vista previa, ga. | ||
| calidad dotnet: # opcional | ||
| # Ubicación opcional de global.json, si su global.json no está ubicado en la raíz del repositorio. | ||
| archivo-json-global: # opcional | ||
| # Fuente de paquete opcional para configurar la autenticación. Consultará cualquier NuGet.config existente en la raíz del repositorio y proporcionará un NuGet.config temporal utilizando la variable de entorno NUGET_AUTH_TOKEN como ClearTextPassword. | ||
| URL de origen: # opcional | ||
| # PROPIETARIO opcional para usar paquetes de organizaciones/usuarios del Registro de paquetes de GitHub que no sean el propietario del repositorio actual. Solo se usa si también se proporciona una URL GPR en la URL de origen | ||
| propietario: # opcional | ||
| # Ubicación opcional de NuGet.config, si su NuGet.config no está ubicado en la raíz del repositorio. | ||
| archivo de configuración: # opcional | ||
| # Entrada opcional para habilitar el almacenamiento en caché de la carpeta de paquetes globales de NuGet | ||
| caché: # opcional | ||
| # Se utiliza para especificar la ruta a un archivo de dependencia: paquetes.lock.json. Admite comodines o una lista de nombres de archivos para almacenar en caché múltiples dependencias. | ||
| ruta-dependencia-caché: # opcional | ||
| on: | ||
| push: | ||
| branches: | ||
| - main | ||
| - release/* | ||
| on: | ||
| pull_request: | ||
| branches: | ||
| - main | ||
| jobs: | ||
| my_job: | ||
| name: deploy to staging | ||
| runs-on: windows-latesto o windows-2019 | ||
| jobs: | ||
| test: | ||
| name: Test on node ${{ matrix.node_version }} and ${{ matrix.os }} | ||
| runs-on: ${{ matrix.os }} | ||
| strategy: | ||
| matrix: | ||
| node_version: ['8', '10', '12'] | ||
| os: [ubuntu-latest, windows-latest, macOS-latest] | ||
| steps: | ||
| - uses: actions/checkout@v1 | ||
| - name: Use Node.js ${{ matrix.node_version }} | ||
| uses: actions/setup-node@v1 | ||
| with: | ||
| node-version: ${{ matrix.node_version }} | ||
| - name: npm install, build and test | ||
| run: | | ||
| npm install | ||
| npm run build --if-present | ||
| npm test | ||
