administrator/frigate
1
0
Fork 0
mirror of https://github.com/blakeblackshear/frigate.git synced 2026-02-03 01:35:22 +03:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Merge 015a3733a1 into be7b858cbd

Browse Source
This commit is contained in:
bryopsida 2022-09-17 00:11:01 +00:00 committed by GitHub
commit 4beca09687
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 105 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
.github/workflows/codeql.yml vendored Normal file
View File

@ -0,0 +1,30 @@
name: "CodeQL"
on:
push:
branches: [ "master" ]
pull_request:
schedule:
- cron: '24 19 * * 3'
jobs:
analyze:
name: Analyze
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
strategy:
fail-fast: false
matrix:
language: [ 'javascript', 'python' ]
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
languages: ${{ matrix.language }}
- name: Autobuild
uses: github/codeql-action/autobuild@v2
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2

33
.github/workflows/kics.yml vendored Normal file
View File

@ -0,0 +1,33 @@
name: "KICS"
on:
push:
branches: [ "master" ]
pull_request:
schedule:
- cron: '24 19 * * 3'
jobs:
kics-scan:
name: KICS Scan
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Run KICS
continue-on-error: true
run: |
docker pull checkmarx/kics:latest
docker run -v ${{ github.workspace }}:/path checkmarx/kics scan -p "/path" -o "/path/" --report-formats "sarif" --no-progress
- name: actions/upload-artifact
uses: actions/upload-artifact@v3
with:
name: kics-analysis
path: results.sarif
- name: Upload KICS scan results to GitHub Security tab
if: ${{ env.CODEQL_ENABLED }}
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: results.sarif

41
.github/workflows/trivy.yml vendored Normal file
View File

@ -0,0 +1,41 @@
name: "Container Scan"
on:
push:
branches: [ "master" ]
pull_request:
schedule:
- cron: '24 19 * * 3'
jobs:
trivy:
name: Trivy
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Check out code
uses: actions/checkout@v2
- uses: actions/setup-node@master
with:
node-version: 16.x
- run: npm install
working-directory: ./web
- name: Build web
run: npm run build
working-directory: ./web
- name: Set up QEMU
uses: docker/setup-qemu-action@v1
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
- name: Build
run: make
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: 'frigate:latest'
format: 'sarif'
output: 'trivy-results.sarif'
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2
if: always()
with:
sarif_file: 'trivy-results.sarif'

1
.gitignore vendored
View File

@ -15,3 +15,4 @@ web/node_modules
web/coverage web/coverage
core core
!/web/**/*.ts !/web/**/*.ts
.dccache