-
Notifications
You must be signed in to change notification settings - Fork 0
feat: add Docker validation step and pre-pull Edgescan image in workflow #151
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
Merged
Changes from all commits
Commits
Show all changes
15 commits
Select commit
Hold shift + click to select a range
ae3584d
feat: add Docker validation step and pre-pull Edgescan image in workflow
nnoce14 cc7e571
feat: update Snyk configuration and add Edgescan run script in packag…
nnoce14 014b6eb
feat: update Snyk expiration date, reorder credential groups, and add…
nnoce14 85ef11d
feat: enhance EdgeScan script to validate both ES_API_TOKEN and ES_AS…
nnoce14 5c9ede5
feat: update EdgeScan integration to use the latest Docker image tag …
nnoce14 b31c002
feat: improve EdgeScan script error handling for ES_API_TOKEN and ES_…
nnoce14 80f103e
chore: temporarily remove build/deploy conditions to test edgescan st…
nnoce14 6ac8880
fix: quote environment variable assignments in EdgeScan script for pr…
nnoce14 fbe0281
fix: improve EdgeScan script error message clarity and ensure Docker …
nnoce14 04f244d
fix: correct syntax error in EdgeScan script condition for ES_API_TOK…
nnoce14 f1dda61
feat: enhance EdgeScan CI/CD integration with caching and improved im…
nnoce14 e1bd717
fix: add --start-scan option to EdgeScan run command for immediate sc…
nnoce14 b47ce2b
fix: update build conditions to exclude Pull Requests for artifact pr…
nnoce14 8e06939
fix: update caching key to include monthly refresh for EdgeScan Docke…
nnoce14 e540ec0
fix: guard docker cache hit with default according to sourcery sugges…
nnoce14 File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,79 @@ | ||
| parameters: | ||
| - name: stageName | ||
| type: string | ||
| default: 'EdgeScan' | ||
| - name: dependsOn | ||
| type: string | ||
| - name: esAssetId | ||
| type: string | ||
| - name: vmImageName | ||
| type: string | ||
| default: 'ubuntu-latest' | ||
|
|
||
| stages: | ||
| - stage: ${{parameters.stageName}} | ||
| displayName: 'EdgeScan Security Scan' | ||
| dependsOn: ${{parameters.dependsOn}} | ||
| condition: and(succeeded(), ne(variables['Build.Reason'], 'PullRequest')) | ||
nnoce14 marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| jobs: | ||
| - job: EdgeScan | ||
| displayName: 'EdgeScan CI/CD Integration' | ||
| variables: | ||
| # Generates a monthly key like "2026-01" to ensure the image is refreshed monthly | ||
| cacheMonth: $[format('{0:yyyy-MM}', pipeline.startTime)] | ||
| pool: | ||
| vmImage: ${{parameters.vmImageName}} | ||
| steps: | ||
| - task: Cache@2 | ||
| displayName: 'Cache EdgeScan Docker Image' | ||
| inputs: | ||
| key: 'docker | edgescan | latest | $(cacheMonth)' | ||
| path: $(Pipeline.Workspace)/docker-cache | ||
| cacheHitVar: DOCKER_CACHE_HIT | ||
|
|
||
| - task: Bash@3 | ||
| displayName: 'Pull or Restore EdgeScan Image' | ||
| inputs: | ||
| targetType: 'inline' | ||
| script: | | ||
| set -euo pipefail | ||
| mkdir -p $(Pipeline.Workspace)/docker-cache | ||
|
|
||
| if [ "${DOCKER_CACHE_HIT:-}" = "true" ] && [ -f "$(Pipeline.Workspace)/docker-cache/edgescan.tar" ]; then | ||
| echo "Restoring EdgeScan image from cache..." | ||
| docker load -i $(Pipeline.Workspace)/docker-cache/edgescan.tar | ||
| else | ||
| echo "Cache miss or missing tarball. Pulling from Docker Hub..." | ||
| docker pull edgescan/cicd-integration:latest | ||
| echo "Saving image to cache for future runs..." | ||
| docker save edgescan/cicd-integration:latest -o $(Pipeline.Workspace)/docker-cache/edgescan.tar | ||
| fi | ||
|
|
||
| - task: Bash@3 | ||
| displayName: 'Run EdgeScan Scan' | ||
| inputs: | ||
| targetType: 'inline' | ||
| script: | | ||
| set -euo pipefail | ||
|
|
||
| if [ -z "$ES_API_TOKEN" ]; then | ||
| echo "Error: ES_API_TOKEN must be set in the variable group." | ||
nnoce14 marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| exit 1 | ||
| fi | ||
|
|
||
| if [ -z "${{ parameters.esAssetId }}" ]; then | ||
| echo "Error: ES_ASSET_ID_DEV must be set in the variable group." | ||
nnoce14 marked this conversation as resolved.
Show resolved
Hide resolved
nnoce14 marked this conversation as resolved.
Show resolved
Hide resolved
nnoce14 marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| exit 1 | ||
| fi | ||
|
|
||
| echo "Triggering EdgeScan for Asset ID: ${{ parameters.esAssetId }}" | ||
|
|
||
sourcery-ai[bot] marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| docker run --tty --rm \ | ||
| edgescan/cicd-integration:latest \ | ||
| --api-token "$ES_API_TOKEN" \ | ||
| --asset-id "${{ parameters.esAssetId }}" \ | ||
| --start-scan \ | ||
| --max-risk-threshold 3 \ | ||
| --wait --color | ||
| env: | ||
| ES_API_TOKEN: $(ES_API_TOKEN) | ||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.