🐛 Update Contrast Scan GithubAction (#29)

* 🐛 Update Contrast Scan GithubAction * 🔧 Update action configuration
arthurmfnsc · Apr 12, 2024 · 0cdb875 · 0cdb875
1 parent a04f38d
commit 0cdb875
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 5 deletions.
diff --git a/.github/workflows/contrast-scan.yml b/.github/workflows/contrast-scan.yml
@@ -39,13 +39,23 @@ jobs:
     # -name: Build Project
     # ...
     # Scan Artifact
+    - name: Set up JDK 21
+      uses: actions/setup-java@v4
+      with:
+        java-version: '21'
+        distribution: 'temurin'
+        cache: 'gradle'
+    - name: Build
+      run: ./gradlew build -x test
     - name: Contrast Scan Action
-      uses: Contrast-Security-OSS/contrastscan-action@7352a45d9678ec8a434cf061b07ffb51c1e351a1
+      uses: Contrast-Security-OSS/contrastscan-action@v2.0.3
       with:
-        artifact: mypath/target/myartifact.jar # replace this path with the path to your built artifact
+        artifact: build/libs/api-first-0.0.1-SNAPSHOT.jar # replace this path with the path to your built artifact
         apiKey: ${{ secrets.CONTRAST_API_KEY }}
         orgId: ${{ secrets.CONTRAST_ORGANIZATION_ID }}
         authHeader: ${{ secrets.CONTRAST_AUTH_HEADER }}
+        severity: high
+        fail: true
     #Upload the results to GitHub
     - name: Upload SARIF file
       uses: github/codeql-action/upload-sarif@v2

diff --git a/.github/workflows/pmd.yml b/.github/workflows/pmd.yml
@@ -25,10 +25,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-      - name: Set up JDK 22
+      - name: Set up JDK 21
         uses: actions/setup-java@v4
         with:
-          java-version: '22'
+          java-version: '21'
           distribution: 'temurin'
       - uses: pmd/pmd-github-action@v2
         with:

diff --git a/README.md b/README.md
@@ -91,7 +91,7 @@ El proyecto usa otra [configuración de seguridad de GitHub](https://github.com/
 - [ ] Añadir plugins de Docker después de crear el Dockerfile del proyecto.
   Algunos plugins que serán validados son: [anchore-syft](https://github.com/anchore/syft),
   [snyk containers](https://snyk.io/pt-BR/product/container-vulnerability-management/) y otros
-- [ ] Configurar plugin Cotrast Community: Problema con la ruta serif
+- [x] Configurar plugin Cotrast Community: Problema con la ruta serif
 - [x] Configurar plugin PMD: Problema con propriedad browser_download_url
 - [x] Configurar plugin Snyk Security: Problema con serif
 - [x] Configurar plugin SonarCloud: Añadir variables secreta SONAR_TOKEN