Skip to content

Create bearer.yml #471

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Create bearer.yml #471

wants to merge 1 commit into from

Conversation

@iirvanard
Copy link

@iirvanard iirvanard commented Jan 19, 2025

No description provided.

@dryrunsecurity
Copy link

dryrunsecurity bot commented Jan 19, 2025

DryRun Security Summary

The pull request adds a new GitHub Actions workflow that uses the Bearer security analysis tool to scan the project's codebase on the "rails_5" branch, helping to identify and report potential security vulnerabilities early in the development process.

Expand for full summary

Summary:

The code changes in this pull request introduce a new GitHub Actions workflow named "Bearer" that is designed to scan the project's codebase using the Bearer security analysis tool. This workflow is triggered on push events to the "rails_5" branch, on pull requests targeting the "rails_5" branch, and on a weekly schedule (every Friday at 6:15 PM UTC). The workflow has the necessary permissions to read the contents of the repository, write security events, and read the status of the GitHub Actions run.

The core of the workflow is the "Run Report" step, which uses the "bearer/bearer-action" GitHub Action to scan the codebase using the Bearer security analysis tool. The SARIF file generated by the Bearer scan is then uploaded to GitHub using the "github/codeql-action/upload-sarif" GitHub Action, allowing the security findings to be displayed in the GitHub Security tab. From an application security perspective, this code change is a positive step towards improving the security posture of the project by identifying a wide range of security vulnerabilities and issues early in the development lifecycle.

Files Changed:

  • .github/workflows/bearer.yml: This file introduces a new GitHub Actions workflow named "Bearer" that is designed to scan the project's codebase using the Bearer security analysis tool. The workflow is triggered on push events to the "rails_5" branch, on pull requests targeting the "rails_5" branch, and on a weekly schedule. The workflow has the necessary permissions to read the contents of the repository, write security events, and read the status of the GitHub Actions run. The core of the workflow is the "Run Report" step, which uses the "bearer/bearer-action" GitHub Action to scan the codebase, and the SARIF file generated by the Bearer scan is then uploaded to GitHub using the "github/codeql-action/upload-sarif" GitHub Action.

Code Analysis

We ran 9 analyzers against 1 file and 0 analyzers had findings. 9 analyzers had no findings.

View PR in the DryRun Dashboard.
@iirvanard iirvanard closed this Jan 19, 2025
@iirvanard iirvanard deleted the test-bearer branch January 19, 2025 15:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

1 participant

@iirvanard