mirror of
https://github.com/bitwarden/android.git
synced 2024-10-31 07:05:35 +03:00
Additional scanning (#3328)
This commit is contained in:
parent
16fce43739
commit
ae15372d8d
4 changed files with 54 additions and 0 deletions
34
.github/workflows/scan.yml
vendored
34
.github/workflows/scan.yml
vendored
|
@ -40,3 +40,37 @@ jobs:
|
||||||
base_uri: https://ast.checkmarx.net/
|
base_uri: https://ast.checkmarx.net/
|
||||||
cx_client_id: ${{ secrets.CHECKMARX_CLIENT_ID }}
|
cx_client_id: ${{ secrets.CHECKMARX_CLIENT_ID }}
|
||||||
cx_client_secret: ${{ secrets.CHECKMARX_SECRET }}
|
cx_client_secret: ${{ secrets.CHECKMARX_SECRET }}
|
||||||
|
additional_params: |
|
||||||
|
--report-format sarif \
|
||||||
|
--filter "state=TO_VERIFY;PROPOSED_NOT_EXPLOITABLE;CONFIRMED;URGENT" \
|
||||||
|
--output-path . ${{ env.INCREMENTAL }}
|
||||||
|
|
||||||
|
- name: Upload Checkmarx results to GitHub
|
||||||
|
uses: github/codeql-action/upload-sarif@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6
|
||||||
|
with:
|
||||||
|
sarif_file: cx_result.sarif
|
||||||
|
|
||||||
|
quality:
|
||||||
|
name: Quality scan
|
||||||
|
runs-on: ubuntu-22.04
|
||||||
|
needs: check-run
|
||||||
|
permissions:
|
||||||
|
contents: read
|
||||||
|
pull-requests: write
|
||||||
|
|
||||||
|
steps:
|
||||||
|
- name: Check out repo
|
||||||
|
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
|
||||||
|
with:
|
||||||
|
fetch-depth: 0
|
||||||
|
ref: ${{ github.event.pull_request.head.sha }}
|
||||||
|
|
||||||
|
- name: Scan with SonarCloud
|
||||||
|
uses: sonarsource/sonarcloud-github-action@4006f663ecaf1f8093e8e4abb9227f6041f52216 # v2.2.0
|
||||||
|
env:
|
||||||
|
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
|
||||||
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||||
|
with:
|
||||||
|
args: >
|
||||||
|
-Dsonar.organization=${{ github.repository_owner }}
|
||||||
|
-Dsonar.projectKey=${{ github.repository_owner }}_${{ github.event.repository.name }}
|
||||||
|
|
|
@ -17,6 +17,7 @@ plugins {
|
||||||
alias(libs.plugins.kotlinx.kover)
|
alias(libs.plugins.kotlinx.kover)
|
||||||
alias(libs.plugins.ksp)
|
alias(libs.plugins.ksp)
|
||||||
alias(libs.plugins.google.services)
|
alias(libs.plugins.google.services)
|
||||||
|
alias(libs.plugins.sonarqube)
|
||||||
}
|
}
|
||||||
|
|
||||||
android {
|
android {
|
||||||
|
@ -276,3 +277,19 @@ afterEvaluate {
|
||||||
.filter { it.name.contains("Fdroid") }
|
.filter { it.name.contains("Fdroid") }
|
||||||
.forEach { it.enabled = false }
|
.forEach { it.enabled = false }
|
||||||
}
|
}
|
||||||
|
|
||||||
|
sonar {
|
||||||
|
properties {
|
||||||
|
property("sonar.projectKey", "bitwarden_android")
|
||||||
|
property("sonar.organization", "bitwarden")
|
||||||
|
property("sonar.host.url", "https://sonarcloud.io")
|
||||||
|
property("sonar.sources", "app/src/main/,app/src/standard/,app/src/fdroid/")
|
||||||
|
property("sonar.tests", "app/src/test/")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
tasks {
|
||||||
|
getByName("sonar") {
|
||||||
|
dependsOn("check")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
|
@ -7,4 +7,5 @@ plugins {
|
||||||
alias(libs.plugins.kotlinx.kover) apply false
|
alias(libs.plugins.kotlinx.kover) apply false
|
||||||
alias(libs.plugins.ksp) apply false
|
alias(libs.plugins.ksp) apply false
|
||||||
alias(libs.plugins.google.services) apply false
|
alias(libs.plugins.google.services) apply false
|
||||||
|
alias(libs.plugins.sonarqube) apply false
|
||||||
}
|
}
|
||||||
|
|
|
@ -44,6 +44,7 @@ mockk = "1.13.11"
|
||||||
okhttp = "4.12.0"
|
okhttp = "4.12.0"
|
||||||
retrofitBom = "2.11.0"
|
retrofitBom = "2.11.0"
|
||||||
roboelectric = "4.12.2"
|
roboelectric = "4.12.2"
|
||||||
|
sonarqube = "5.0.0.4638"
|
||||||
turbine = "1.1.0"
|
turbine = "1.1.0"
|
||||||
zxcvbn4j = "1.9.0"
|
zxcvbn4j = "1.9.0"
|
||||||
zxing = "3.5.3"
|
zxing = "3.5.3"
|
||||||
|
@ -122,3 +123,4 @@ kotlin-parcelize = { id = "org.jetbrains.kotlin.plugin.parcelize", version.ref =
|
||||||
kotlin-serialization = { id = "org.jetbrains.kotlin.plugin.serialization", version.ref = "kotlin" }
|
kotlin-serialization = { id = "org.jetbrains.kotlin.plugin.serialization", version.ref = "kotlin" }
|
||||||
kotlinx-kover = { id = "org.jetbrains.kotlinx.kover", version.ref = "kotlinxKover" }
|
kotlinx-kover = { id = "org.jetbrains.kotlinx.kover", version.ref = "kotlinxKover" }
|
||||||
ksp = { id = "com.google.devtools.ksp", version.ref = "ksp" }
|
ksp = { id = "com.google.devtools.ksp", version.ref = "ksp" }
|
||||||
|
sonarqube = { id = "org.sonarqube", version.ref = "sonarqube" }
|
||||||
|
|
Loading…
Reference in a new issue