This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package shiftleft | |
default allow = true | |
runtime := opa.runtime() | |
sl_app_name := runtime.env.SHIFTLEFT_APP | |
sl_access_token := runtime.env.SHIFTLEFT_ACCESS_TOKEN | |
payload := io.jwt.decode(sl_access_token) | |
sl_org_id := payload[1].orgID | |
headers := {"Content-Type": "application/json", "Authorization": sprintf("Bearer %s", [sl_access_token])} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package shiftleft | |
default allow = true | |
runtime := opa.runtime() | |
sl_app_name := runtime.env.SHIFTLEFT_APP | |
sl_access_token := runtime.env.SHIFTLEFT_ACCESS_TOKEN | |
payload := io.jwt.decode(sl_access_token) | |
sl_org_id := payload[1].orgID | |
headers := {"Content-Type": "application/json", "Authorization": sprintf("Bearer %s", [sl_access_token])} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function detectBrowser(userAgent, language) { | |
var version, webkitVersion, iOSAgent, iOSDevice, iOSMajorVersion, iOSMinorVersion, browser = {}; | |
userAgent = (userAgent || navigator.userAgent).toLowerCase(); | |
language = language || navigator.language || navigator.browserLanguage; | |
version = browser.version = (userAgent.match(/.*(?:rv|chrome|webkit|opera|ie)[\/: ](.+?)([ \);]|$)/) || [])[1]; | |
webkitVersion = (userAgent.match(/webkit\/(.+?) /) || [])[1]; | |
iOSAgent = (userAgent.match(/\b(iPad|iPhone|iPod)\b.*\bOS (\d)_(\d)/i) || []); | |
iOSDevice = iOSAgent[1]; | |
iOSMajorVersion = iOSAgent[2]; | |
iOSMinorVersion = iOSAgent[3]; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- step: | |
name: ShiftLeft NextGen Analysis | |
script: | |
- curl https://cdn.shiftleft.io/download/sl > $HOME/sl && chmod a+rx $HOME/sl | |
- $HOME/sl analyze --no-diagnostic --force --app ${BITBUCKET_REPO_SLUG} --tag branch=${BITBUCKET_BRANCH} --go --cpg $(pwd) | |
- step: | |
image: python:3.7-slim | |
name: ShiftLeft NG SAST Code Insights | |
script: | |
- pip install requests |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python | |
# pip install requests | |
import os | |
import sys | |
import requests | |
# Collect the required variables | |
APP_ID = os.getenv("BITBUCKET_REPO_SLUG") | |
SHIFTLEFT_ORG_ID = os.getenv("SHIFTLEFT_ORG_ID") |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import requests | |
# Use local bitbucket proxy to avoid the need for app password | |
proxies = { | |
"http": "http://localhost:29418", | |
"https": "http://localhost:29418", | |
} | |
# Use the proxies object in requests for making | |
# authenticated calls without app passwords |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
provider "bitbucket" { | |
version = "~> 1.2" | |
username = var.username | |
password = var.password | |
} | |
resource "bitbucket_repository_variable" "sl_org_id_secret" { | |
for_each = toset(var.repos) | |
key = "SHIFTLEFT_ORG_ID" | |
value = var.sl_org_id |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
resource "bitbucket_branch_restriction" "master" { | |
owner = "myteam" | |
repository = "terraform-shiftleft" | |
# force, restrict_merges, enforce_merge_checks, allow_auto_merge_when_builds_pass, require_passing_builds_to_merge | |
kind = "push" | |
# feature/*, release/* | |
pattern = "master" | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
on: | |
label: | |
types: [created] | |
steps: | |
- name: Analyze with NG SAST | |
if: ${{ contains(github.context.payload.pull_request.labels.*.name, 'Ready for AppSec') }} | |
run: | | |
sl analyze --app ShiftLeftHSLGo14 --tag branch=${GITHUB_REF} --go --cpg $(pwd) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
on: | |
deployment |