Merge pull request #89 from advanced-security/use-secret-scanning-tools-action

aegilops · web-flow · commit b61043ee5221 · 2024-02-01T11:53:27.000Z
Update validation workflows to use Action
diff --git a/.github/workflows/pr-markdown.yml b/.github/workflows/pr-markdown.yml
@@ -2,18 +2,14 @@ name: Markdown Validation
 
 on:
   pull_request:
-    branches: [ main, develop ]
+    branches: [main, develop]
 
 jobs:
   run:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v3
-
-      - uses: actions/setup-python@v4
-        with:
-          python-version: '3.10'
+      - uses: actions/checkout@v4
 
       - name: Get Token
         id: get_workflow_token
@@ -22,17 +18,16 @@ jobs:
           application_id: ${{ secrets.ADVANCED_SECURITY_APP_ID }}
           application_private_key: ${{ secrets.ADVANCED_SECURITY_APP_KEY }}
 
-      - name: Install Deps
-        run: python3 -m pip install pipenv && python3 -m pipenv install
+      - name: Generate Markdown
+        uses: advanced-security/secret-scanning-tools@v1
+        with:
+          mode: markdown
+          token: ${{ steps.get_workflow_token.outputs.token }}
 
-      # Run Validation
-      - name: Run Markdown Validation
+      - name: Check git status
         env:
-          GITHUB_TOKEN: ${{ steps.get_workflow_token.outputs.token }}
+          GH_TOKEN: ${{ steps.get_workflow_token.outputs.token }}
         run: |
-          pipenv run python ./.github/scripts/validate.py \
-            --markdown
-
           if [ -z "$(git status --porcelain)" ]; then
             gh pr comment --edit-last ${{ github.event.number }} \
               --body "## :white_check_mark: Markdown Validation Passed :rocket:!" || true
diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml
@@ -1,10 +1,10 @@
-name: Main
+name: Results Validation
 
 on:
   push:
-    branches: [ main, develop ]
+    branches: [main, develop]
   pull_request:
-    branches: [ main, develop ]
+    branches: [main, develop]
 
   workflow_dispatch:
 
@@ -16,10 +16,7 @@ jobs:
       security-events: write
 
     steps:
-      - uses: actions/checkout@v2
-      - uses: actions/setup-python@v2
-        with:
-          python-version: '3.9'
+      - uses: actions/checkout@v4
 
       - name: Get Token
         id: get_workflow_token
@@ -28,13 +25,8 @@ jobs:
           application_id: ${{ secrets.ADVANCED_SECURITY_APP_ID }}
           application_private_key: ${{ secrets.ADVANCED_SECURITY_APP_KEY }}
 
-      - name: Install Deps
-        run: python3 -m pip install pipenv && python3 -m pipenv install
-
-      # Run Validation
-      - name: Run Validation
-        env:
-          GITHUB_TOKEN: ${{ steps.get_workflow_token.outputs.token }}
-        run: |
-          pipenv run python ./.github/scripts/validate.py \
-            --validate
+      - name: Validate results against snapshot
+        uses: advanced-security/secret-scanning-tools@v1
+        with:
+          mode: validate
+          token: ${{ steps.get_workflow_token.outputs.token }}
diff --git a/common/README.md b/common/README.md
@@ -1,6 +1,8 @@
 <!-- WARNING: This README is generated automatically
 -->
 
+<!-- markdownlint-disable no-inline-html -->
+
 # Commonly Used Secrets / Passwords
 
 ## Common Passwords Shortlist
diff --git a/configs/README.md b/configs/README.md
@@ -1,6 +1,8 @@
 <!-- WARNING: This README is generated automatically
 -->
 
+<!-- markdownlint-disable no-inline-html -->
+
 # Configuration Secrets
 
 ## Hardcoded Database Passwords
diff --git a/database/README.md b/database/README.md
@@ -1,6 +1,8 @@
 <!-- WARNING: This README is generated automatically
 -->
 
+<!-- markdownlint-disable no-inline-html -->
+
 # Database passwords
 
 ## Database Connection String (1)
diff --git a/generic/README.md b/generic/README.md
@@ -1,6 +1,8 @@
 <!-- WARNING: This README is generated automatically
 -->
 
+<!-- markdownlint-disable no-inline-html -->
+
 # Generic Secrets / Passwords
 
 ## Generic Passwords
diff --git a/jwt/README.md b/jwt/README.md
@@ -1,6 +1,8 @@
 <!-- WARNING: This README is generated automatically
 -->
 
+<!-- markdownlint-disable no-inline-html -->
+
 # JWT
 
 ## JWT
diff --git a/password_store/README.md b/password_store/README.md
@@ -1,6 +1,8 @@
 <!-- WARNING: This README is generated automatically
 -->
 
+<!-- markdownlint-disable no-inline-html -->
+
 # Password stores
 
 ## Arc
diff --git a/pii/README.md b/pii/README.md
@@ -1,6 +1,8 @@
 <!-- WARNING: This README is generated automatically
 -->
 
+<!-- markdownlint-disable no-inline-html -->
+
 # Personally identifiable information (PII)
 
 ## Credit Cards
diff --git a/pii/generate_iban/README.md b/pii/generate_iban/README.md
@@ -1,6 +1,8 @@
 <!-- WARNING: This README is generated automatically
 -->
 
+<!-- markdownlint-disable no-inline-html -->
+
 # IBANs
 
 ## IBAN for Albania
diff --git a/rsa/README.md b/rsa/README.md
@@ -1,6 +1,8 @@
 <!-- WARNING: This README is generated automatically
 -->
 
+<!-- markdownlint-disable no-inline-html -->
+
 # RSA Keys
 
 ## Generic RSA keys
diff --git a/uri/README.md b/uri/README.md
@@ -1,6 +1,8 @@
 <!-- WARNING: This README is generated automatically
 -->
 
+<!-- markdownlint-disable no-inline-html -->
+
 # URI / URL Custom Patterns
 
 ## Hardcoded Internal Emails
diff --git a/vendors/README.md b/vendors/README.md
@@ -1,6 +1,8 @@
 <!-- WARNING: This README is generated automatically
 -->
 
+<!-- markdownlint-disable no-inline-html -->
+
 # Vendors
 
 ## Azure SQL Connection String

-Original file line number
+Diff line change
@@ @@ -1,6 +1,8 @@ @@
 <!-- WARNING: This README is generated automatically
 -->
 +<!-- markdownlint-disable no-inline-html -->
++
 # JWT
 ## JWT