From 148115f874788f2fcc5e5ee84c1ec6128ee05e23 Mon Sep 17 00:00:00 2001 From: Caroline6312 Date: Tue, 11 Mar 2025 21:19:01 -0700 Subject: [PATCH 1/2] Add vulnerability scan --- .../vulnerability-scan-failure-notify.yaml | 24 +++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 .github/workflows/vulnerability-scan-failure-notify.yaml diff --git a/.github/workflows/vulnerability-scan-failure-notify.yaml b/.github/workflows/vulnerability-scan-failure-notify.yaml new file mode 100644 index 0000000..db9e5c8 --- /dev/null +++ b/.github/workflows/vulnerability-scan-failure-notify.yaml @@ -0,0 +1,24 @@ +name: Vulnerability Scan Failure Slack Notify +on: + push: + workflow_dispatch: + inputs: + vulnerability_severity: + description: The severity to fail the workflow if such vulnerability is detected. DO NOT override it unless a Jira ticket is raised. DO NOT use 'CRITICAL' unless a Jira ticket is raised. + type: choice + options: + - CRITICAL,HIGH + - CRITICAL,HIGH,MEDIUM + - CRITICAL + default: 'CRITICAL,HIGH' + schedule: + - cron: '0 16 * * *' # 9:00 AM GMT -7 + - cron: '0 0 * * *' # 5:00 PM GMT -7 + +jobs: + vulnerability-scan-failure-notify: + uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-vulnerability-scan-failure-notify.yaml@v3 + secrets: + SLACK_WEBHOOK : ${{ secrets.SLACK_WEBHOOK }} + with: + scan_type : fs From 9cfdf9b1106ff193853b2273c1b0c09edd6a75bd Mon Sep 17 00:00:00 2001 From: Caroline6312 Date: Wed, 12 Mar 2025 20:48:04 -0700 Subject: [PATCH 2/2] Remove push --- .github/workflows/vulnerability-scan-failure-notify.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/vulnerability-scan-failure-notify.yaml b/.github/workflows/vulnerability-scan-failure-notify.yaml index db9e5c8..6704b91 100644 --- a/.github/workflows/vulnerability-scan-failure-notify.yaml +++ b/.github/workflows/vulnerability-scan-failure-notify.yaml @@ -1,6 +1,5 @@ name: Vulnerability Scan Failure Slack Notify on: - push: workflow_dispatch: inputs: vulnerability_severity: