diff --git a/.github/workflow/frogbot-scan-pull-request.yml b/.github/workflow/frogbot-scan-pull-request.yml new file mode 100644 index 00000000..3d48be12 --- /dev/null +++ b/.github/workflow/frogbot-scan-pull-request.yml @@ -0,0 +1,71 @@ +name: "Frogbot Scan Pull Request" +on: + pull_request_target: + types: [opened, synchronize] +permissions: + pull-requests: write + contents: read +jobs: + scan-pull-request: + runs-on: ubuntu-latest + # A pull request needs to be approved, before Frogbot scans it. Any GitHub user who is associated with the + # "frogbot" GitHub environment can approve the pull request to be scanned. + environment: artificatory + steps: + - uses: actions/checkout@v2 + with: + ref: ${{ github.event.pull_request.head.sha }} + + # Install prerequisites + - name: Setup Go + uses: actions/setup-go@v2 + with: + go-version: 1.18.x + + - uses: jfrog/frogbot@v2 + env: + # [Mandatory] + # JFrog platform URL (This functionality requires version 3.29.0 or above of Xray) + JF_URL: ${{ secrets.JF_URL }} + + # [Mandatory if JF_ACCESS_TOKEN is not provided] + # JFrog username with 'read' permissions for Xray. Must be provided with JF_PASSWORD + JF_USER: ${{ secrets.JF_USER }} + + # [Mandatory if JF_ACCESS_TOKEN is not provided] + # JFrog password. Must be provided with JF_USER + JF_PASSWORD: ${{ secrets.JF_PASSWORD }} + + # [Mandatory] + # The GitHub token automatically generated for the job + JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + # Uncomment the below options if you'd like to use them. + + # [Optional, default: https://api.github.com] + # API endpoint to GitHub + # JF_GIT_API_ENDPOINT: https://github.example.com + + # [Mandatory if JF_USER and JF_PASSWORD are not provided] + # JFrog access token with 'read' permissions on Xray service + JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }} + + # [Optional, default: "."] + # Relative path to the project in the git repository + # JF_WORKING_DIR: path/to/go.mod/dir + + # [Optional] + # Xray Watches. Learn more about them here: https://www.jfrog.com/confluence/display/JFROG/Configuring+Xray+Watches + # JF_WATCHES: ,... + + # [Optional] + # JFrog project. Learn more about it here: https://www.jfrog.com/confluence/display/JFROG/Projects + # JF_PROJECT: + + # [Optional, default: "FALSE"] + # Displays all existing vulnerabilities, including the ones that were added by the pull request. + # JF_INCLUDE_ALL_VULNERABILITIES: "TRUE" + + # [Optional, default: "TRUE"] + # Fails the Frogbot task if any security issue is found. + # JF_FAIL: "FALSE" diff --git a/README.md b/README.md index 098c60ad..6831faaf 100644 --- a/README.md +++ b/README.md @@ -1,12 +1,19 @@ Securing DevOps's invoicer ========================== + A simple REST API that manages invoices. This is the code for Chapter 2 of Securing DevOps. It only contains the code and scripts relevant to the basic setup of the invoicer application and infrastructure. +o + +o + +ooooo + The master branch is kept at https://securing-devops.com/invoicer but if you are interested in chapter-specific versions of the invoicer. @@ -184,3 +191,6 @@ $ curl http://172.17.0.2:8080/invoice/1 {"ID":1,"CreatedAt":"2016-05-21T15:33:21.855874Z","UpdatedAt":"2016-05-21T15:33:21.855874Z","DeletedAt":null,"is_paid":false,"amount":1664,"payment_date":"0001-01-01T00:00:00Z","due_date":"2016-05-07T23:00:00Z","charges":[{"ID":1,"CreatedAt":"2016-05-21T15:33:21.8637Z","UpdatedAt":"2016-05-21T15:33:21.8637Z","DeletedAt":null,"invoice_id":1,"type":"blood work","amount":1664,"description":"blood work"}]} ``` + + +Thanks diff --git a/main.go b/main.go index 842e34bc..78955625 100644 --- a/main.go +++ b/main.go @@ -7,6 +7,7 @@ package main //go:generate ./version.sh + import ( "encoding/json" "fmt"