mirror of
https://github.com/bitwarden/android.git
synced 2024-10-31 07:05:35 +03:00
Additional scanning (#3328)
This commit is contained in:
parent
16fce43739
commit
ae15372d8d
4 changed files with 54 additions and 0 deletions
34
.github/workflows/scan.yml
vendored
34
.github/workflows/scan.yml
vendored
|
@ -40,3 +40,37 @@ jobs:
|
|||
base_uri: https://ast.checkmarx.net/
|
||||
cx_client_id: ${{ secrets.CHECKMARX_CLIENT_ID }}
|
||||
cx_client_secret: ${{ secrets.CHECKMARX_SECRET }}
|
||||
additional_params: |
|
||||
--report-format sarif \
|
||||
--filter "state=TO_VERIFY;PROPOSED_NOT_EXPLOITABLE;CONFIRMED;URGENT" \
|
||||
--output-path . ${{ env.INCREMENTAL }}
|
||||
|
||||
- name: Upload Checkmarx results to GitHub
|
||||
uses: github/codeql-action/upload-sarif@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6
|
||||
with:
|
||||
sarif_file: cx_result.sarif
|
||||
|
||||
quality:
|
||||
name: Quality scan
|
||||
runs-on: ubuntu-22.04
|
||||
needs: check-run
|
||||
permissions:
|
||||
contents: read
|
||||
pull-requests: write
|
||||
|
||||
steps:
|
||||
- name: Check out repo
|
||||
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
|
||||
with:
|
||||
fetch-depth: 0
|
||||
ref: ${{ github.event.pull_request.head.sha }}
|
||||
|
||||
- name: Scan with SonarCloud
|
||||
uses: sonarsource/sonarcloud-github-action@4006f663ecaf1f8093e8e4abb9227f6041f52216 # v2.2.0
|
||||
env:
|
||||
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
with:
|
||||
args: >
|
||||
-Dsonar.organization=${{ github.repository_owner }}
|
||||
-Dsonar.projectKey=${{ github.repository_owner }}_${{ github.event.repository.name }}
|
||||
|
|
|
@ -17,6 +17,7 @@ plugins {
|
|||
alias(libs.plugins.kotlinx.kover)
|
||||
alias(libs.plugins.ksp)
|
||||
alias(libs.plugins.google.services)
|
||||
alias(libs.plugins.sonarqube)
|
||||
}
|
||||
|
||||
android {
|
||||
|
@ -276,3 +277,19 @@ afterEvaluate {
|
|||
.filter { it.name.contains("Fdroid") }
|
||||
.forEach { it.enabled = false }
|
||||
}
|
||||
|
||||
sonar {
|
||||
properties {
|
||||
property("sonar.projectKey", "bitwarden_android")
|
||||
property("sonar.organization", "bitwarden")
|
||||
property("sonar.host.url", "https://sonarcloud.io")
|
||||
property("sonar.sources", "app/src/main/,app/src/standard/,app/src/fdroid/")
|
||||
property("sonar.tests", "app/src/test/")
|
||||
}
|
||||
}
|
||||
|
||||
tasks {
|
||||
getByName("sonar") {
|
||||
dependsOn("check")
|
||||
}
|
||||
}
|
||||
|
|
|
@ -7,4 +7,5 @@ plugins {
|
|||
alias(libs.plugins.kotlinx.kover) apply false
|
||||
alias(libs.plugins.ksp) apply false
|
||||
alias(libs.plugins.google.services) apply false
|
||||
alias(libs.plugins.sonarqube) apply false
|
||||
}
|
||||
|
|
|
@ -44,6 +44,7 @@ mockk = "1.13.11"
|
|||
okhttp = "4.12.0"
|
||||
retrofitBom = "2.11.0"
|
||||
roboelectric = "4.12.2"
|
||||
sonarqube = "5.0.0.4638"
|
||||
turbine = "1.1.0"
|
||||
zxcvbn4j = "1.9.0"
|
||||
zxing = "3.5.3"
|
||||
|
@ -122,3 +123,4 @@ kotlin-parcelize = { id = "org.jetbrains.kotlin.plugin.parcelize", version.ref =
|
|||
kotlin-serialization = { id = "org.jetbrains.kotlin.plugin.serialization", version.ref = "kotlin" }
|
||||
kotlinx-kover = { id = "org.jetbrains.kotlinx.kover", version.ref = "kotlinxKover" }
|
||||
ksp = { id = "com.google.devtools.ksp", version.ref = "ksp" }
|
||||
sonarqube = { id = "org.sonarqube", version.ref = "sonarqube" }
|
||||
|
|
Loading…
Reference in a new issue