Additional scanning (#3328)

This commit is contained in:
Matt Bishop 2024-06-20 16:44:39 -04:00 committed by GitHub
parent 16fce43739
commit ae15372d8d
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 54 additions and 0 deletions

View file

@ -40,3 +40,37 @@ jobs:
base_uri: https://ast.checkmarx.net/ base_uri: https://ast.checkmarx.net/
cx_client_id: ${{ secrets.CHECKMARX_CLIENT_ID }} cx_client_id: ${{ secrets.CHECKMARX_CLIENT_ID }}
cx_client_secret: ${{ secrets.CHECKMARX_SECRET }} cx_client_secret: ${{ secrets.CHECKMARX_SECRET }}
additional_params: |
--report-format sarif \
--filter "state=TO_VERIFY;PROPOSED_NOT_EXPLOITABLE;CONFIRMED;URGENT" \
--output-path . ${{ env.INCREMENTAL }}
- name: Upload Checkmarx results to GitHub
uses: github/codeql-action/upload-sarif@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6
with:
sarif_file: cx_result.sarif
quality:
name: Quality scan
runs-on: ubuntu-22.04
needs: check-run
permissions:
contents: read
pull-requests: write
steps:
- name: Check out repo
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
with:
fetch-depth: 0
ref: ${{ github.event.pull_request.head.sha }}
- name: Scan with SonarCloud
uses: sonarsource/sonarcloud-github-action@4006f663ecaf1f8093e8e4abb9227f6041f52216 # v2.2.0
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
args: >
-Dsonar.organization=${{ github.repository_owner }}
-Dsonar.projectKey=${{ github.repository_owner }}_${{ github.event.repository.name }}

View file

@ -17,6 +17,7 @@ plugins {
alias(libs.plugins.kotlinx.kover) alias(libs.plugins.kotlinx.kover)
alias(libs.plugins.ksp) alias(libs.plugins.ksp)
alias(libs.plugins.google.services) alias(libs.plugins.google.services)
alias(libs.plugins.sonarqube)
} }
android { android {
@ -276,3 +277,19 @@ afterEvaluate {
.filter { it.name.contains("Fdroid") } .filter { it.name.contains("Fdroid") }
.forEach { it.enabled = false } .forEach { it.enabled = false }
} }
sonar {
properties {
property("sonar.projectKey", "bitwarden_android")
property("sonar.organization", "bitwarden")
property("sonar.host.url", "https://sonarcloud.io")
property("sonar.sources", "app/src/main/,app/src/standard/,app/src/fdroid/")
property("sonar.tests", "app/src/test/")
}
}
tasks {
getByName("sonar") {
dependsOn("check")
}
}

View file

@ -7,4 +7,5 @@ plugins {
alias(libs.plugins.kotlinx.kover) apply false alias(libs.plugins.kotlinx.kover) apply false
alias(libs.plugins.ksp) apply false alias(libs.plugins.ksp) apply false
alias(libs.plugins.google.services) apply false alias(libs.plugins.google.services) apply false
alias(libs.plugins.sonarqube) apply false
} }

View file

@ -44,6 +44,7 @@ mockk = "1.13.11"
okhttp = "4.12.0" okhttp = "4.12.0"
retrofitBom = "2.11.0" retrofitBom = "2.11.0"
roboelectric = "4.12.2" roboelectric = "4.12.2"
sonarqube = "5.0.0.4638"
turbine = "1.1.0" turbine = "1.1.0"
zxcvbn4j = "1.9.0" zxcvbn4j = "1.9.0"
zxing = "3.5.3" zxing = "3.5.3"
@ -122,3 +123,4 @@ kotlin-parcelize = { id = "org.jetbrains.kotlin.plugin.parcelize", version.ref =
kotlin-serialization = { id = "org.jetbrains.kotlin.plugin.serialization", version.ref = "kotlin" } kotlin-serialization = { id = "org.jetbrains.kotlin.plugin.serialization", version.ref = "kotlin" }
kotlinx-kover = { id = "org.jetbrains.kotlinx.kover", version.ref = "kotlinxKover" } kotlinx-kover = { id = "org.jetbrains.kotlinx.kover", version.ref = "kotlinxKover" }
ksp = { id = "com.google.devtools.ksp", version.ref = "ksp" } ksp = { id = "com.google.devtools.ksp", version.ref = "ksp" }
sonarqube = { id = "org.sonarqube", version.ref = "sonarqube" }