Skip to content

Instantly share code, notes, and snippets.

View prabhu's full-sized avatar

prabhu prabhu

97 followers · 1 following
View GitHub Profile
@prabhu
prabhu / bitbucket-proxy-api.py
Created July 26, 2020 14:09
Example for making Bitbucket api calls from pipelines using the local proxy
import requests
# Use local bitbucket proxy to avoid the need for app password
proxies = {
"http": "http://localhost:29418",
"https": "http://localhost:29418",
}
# Use the proxies object in requests for making
# authenticated calls without app passwords
@prabhu
prabhu / bitbucket-reusable-pipelines.yml
Created July 26, 2020 13:56
Reusable Bitbucket pipelines configuration with YAML anchors
definitions:
steps:
- step: &build
name: Build microservices jar
script:
- mvn package
artifacts:
- target/**
- step: &build-react
name: Build React app
@prabhu
prabhu / bitbucket-repo-variable.tf
Created July 26, 2020 13:50
Bitbucket repository variable with Terraform
provider "bitbucket" {
version = "~> 1.2"
username = var.username
password = var.password
}
resource "bitbucket_repository_variable" "sl_org_id_secret" {
for_each = toset(var.repos)
key = "SHIFTLEFT_ORG_ID"
value = var.sl_org_id
@prabhu
prabhu / bitbucket-branch-protect.tf
Created July 26, 2020 13:46
Terraform snippet for Bitbucket branch protection
resource "bitbucket_branch_restriction" "master" {
owner = "myteam"
repository = "terraform-shiftleft"
# force, restrict_merges, enforce_merge_checks, allow_auto_merge_when_builds_pass, require_passing_builds_to_merge
kind = "push"
# feature/*, release/*
pattern = "master"
}
@prabhu
prabhu / github-on-label.yml
Created July 18, 2020 14:05
Snippet to run a command based on the presence of a label
on:
label:
types: [created]
steps:
- name: Analyze with NG SAST
if: ${{ contains(github.context.payload.pull_request.labels.*.name, 'Ready for AppSec') }}
run: |
sl analyze --app ShiftLeftHSLGo14 --tag branch=${GITHUB_REF} --go --cpg $(pwd)
@prabhu
prabhu / github-on-deploy.yml
Created July 18, 2020 14:04
GitHub snippet to perform actions when a deployment is created
on:
deployment
@prabhu
prabhu / github-repo-template.tf
Created July 18, 2020 14:01
Create GitHub repository using template
data "github_repositories" "java_ms_template" {
query = "org:${var.organization} language:java topic:microservice topic:template"
}
resource "github_repository" "new_ms" {
name = "new-java-microservice"
description = "New Java Microservice"
private = true
@prabhu
prabhu / github-actions-secret-tf
Created July 18, 2020 13:53
Create GitHub actions secret with Terraform
data "github_repository" "poc" {
full_name = var.poc_repo
}
// Create secrets in a single poc repo
resource "github_actions_secret" "my_secret" {
repository = data.github_repository.poc.name
secret_name = "SECRET_KEY"
plaintext_value = var.secret_value
}
@prabhu
prabhu / git-protect.tf
Created July 18, 2020 13:52
Protect github branches, mandate status checks with Terraform
# Protect the master branch. Enforce that ci/tests and shiftleft should pass to allow merges
# Allow PR to be dismissed by sem-user and managers team
resource "github_branch_protection" "protect_master" {
repository = "${github_repository_name}"
branch = "master"
enforce_admins = true
require_signed_commits = false
required_status_checks {
strict = false
@prabhu
prabhu / git-scan.sh
Created June 26, 2020 09:31
Script to perform security scan of top repos on GitHub using ShiftLeft Scan. Use it to produce your own state of the opensource security reports.
#!/usr/bin/env bash
# Script to clone top repos on github based on language and invoke ShiftLeft Scan against the repos to find vulnerabilities
# Use case 1: Scan the top repos on GitHub and write a state of opensource report to criticize opensource!
# Use case 2: Scan the top repos on GitHub and sell your magical security product to guard organizations against opensource vulnerabilities!
CURR_DIR=$(pwd)
mkdir -p reports_dir
mkdir -p work_dir && cd work_dir
# Get the latest scan image
docker pull shiftleft/scan