This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import requests | |
# Use local bitbucket proxy to avoid the need for app password | |
proxies = { | |
"http": "http://localhost:29418", | |
"https": "http://localhost:29418", | |
} | |
# Use the proxies object in requests for making | |
# authenticated calls without app passwords |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
definitions: | |
steps: | |
- step: &build | |
name: Build microservices jar | |
script: | |
- mvn package | |
artifacts: | |
- target/** | |
- step: &build-react | |
name: Build React app |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
provider "bitbucket" { | |
version = "~> 1.2" | |
username = var.username | |
password = var.password | |
} | |
resource "bitbucket_repository_variable" "sl_org_id_secret" { | |
for_each = toset(var.repos) | |
key = "SHIFTLEFT_ORG_ID" | |
value = var.sl_org_id |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
resource "bitbucket_branch_restriction" "master" { | |
owner = "myteam" | |
repository = "terraform-shiftleft" | |
# force, restrict_merges, enforce_merge_checks, allow_auto_merge_when_builds_pass, require_passing_builds_to_merge | |
kind = "push" | |
# feature/*, release/* | |
pattern = "master" | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
on: | |
label: | |
types: [created] | |
steps: | |
- name: Analyze with NG SAST | |
if: ${{ contains(github.context.payload.pull_request.labels.*.name, 'Ready for AppSec') }} | |
run: | | |
sl analyze --app ShiftLeftHSLGo14 --tag branch=${GITHUB_REF} --go --cpg $(pwd) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
on: | |
deployment |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
data "github_repositories" "java_ms_template" { | |
query = "org:${var.organization} language:java topic:microservice topic:template" | |
} | |
resource "github_repository" "new_ms" { | |
name = "new-java-microservice" | |
description = "New Java Microservice" | |
private = true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
data "github_repository" "poc" { | |
full_name = var.poc_repo | |
} | |
// Create secrets in a single poc repo | |
resource "github_actions_secret" "my_secret" { | |
repository = data.github_repository.poc.name | |
secret_name = "SECRET_KEY" | |
plaintext_value = var.secret_value | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Protect the master branch. Enforce that ci/tests and shiftleft should pass to allow merges | |
# Allow PR to be dismissed by sem-user and managers team | |
resource "github_branch_protection" "protect_master" { | |
repository = "${github_repository_name}" | |
branch = "master" | |
enforce_admins = true | |
require_signed_commits = false | |
required_status_checks { | |
strict = false |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
# Script to clone top repos on github based on language and invoke ShiftLeft Scan against the repos to find vulnerabilities | |
# Use case 1: Scan the top repos on GitHub and write a state of opensource report to criticize opensource! | |
# Use case 2: Scan the top repos on GitHub and sell your magical security product to guard organizations against opensource vulnerabilities! | |
CURR_DIR=$(pwd) | |
mkdir -p reports_dir | |
mkdir -p work_dir && cd work_dir | |
# Get the latest scan image | |
docker pull shiftleft/scan |