-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'master' of https://github.com/abutahermuhammad/simbio-e…
- Loading branch information
Showing
7 changed files
with
224 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
--- | ||
name: Bug report | ||
about: Create a report to help us improve | ||
title: '' | ||
labels: bug | ||
assignees: '' | ||
|
||
--- | ||
|
||
**Describe the bug** | ||
A clear and concise description of what the bug is. | ||
|
||
**To Reproduce** | ||
Steps to reproduce the behavior: | ||
1. Go to '...' | ||
2. Click on '....' | ||
3. Scroll down to '....' | ||
4. See error | ||
|
||
**Expected behavior** | ||
A clear and concise description of what you expected to happen. | ||
|
||
**Screenshots** | ||
If applicable, add screenshots to help explain your problem. | ||
|
||
**Desktop (please complete the following information):** | ||
- OS: [e.g. iOS] | ||
- Browser [e.g. chrome, safari] | ||
- Version [e.g. 22] | ||
- Network: [e.g. 4g] | ||
- Country: [e.g. US-Florida] | ||
|
||
**Smartphone (please complete the following information):** | ||
- Device: [e.g. iPhone6] | ||
- OS: [e.g. iOS8.1] | ||
- Browser [e.g. stock browser, safari] | ||
- Version [e.g. 22] | ||
- Network: [e.g. 4g] | ||
- Country: [e.g. US-Florida] | ||
|
||
**Additional context** | ||
Add any other context about the problem here. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
--- | ||
name: Feature request | ||
about: Suggest an idea for this project | ||
title: '' | ||
labels: enhancement | ||
assignees: '' | ||
|
||
--- | ||
|
||
**Is your feature request related to a problem? Please describe.** | ||
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] | ||
|
||
**Describe the solution you'd like** | ||
A clear and concise description of what you want to happen. | ||
|
||
**Describe alternatives you've considered** | ||
A clear and concise description of any alternative solutions or features you've considered. | ||
|
||
**Additional context** | ||
Add any other context or screenshots about the feature request here. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
# Dependency Review Action | ||
# | ||
# This Action will scan dependency manifest files that change as part of a Pull Request, surfacing known-vulnerable versions of the packages declared or updated in the PR. Once installed, if the workflow run is marked as required, PRs introducing known-vulnerable packages will be blocked from merging. | ||
# | ||
# Source repository: https://github.com/actions/dependency-review-action | ||
# Public documentation: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement | ||
name: 'Dependency Review' | ||
on: [pull_request] | ||
|
||
permissions: | ||
contents: read | ||
|
||
jobs: | ||
dependency-review: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: 'Checkout Repository' | ||
uses: actions/checkout@v3 | ||
- name: 'Dependency Review' | ||
uses: actions/dependency-review-action@v3 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,69 @@ | ||
# This workflow uses actions that are not certified by GitHub. | ||
# They are provided by a third-party and are governed by | ||
# separate terms of service, privacy policy, and support | ||
# documentation. | ||
|
||
# EthicalCheck addresses the critical need to continuously security test APIs in development and in production. | ||
|
||
# EthicalCheck provides the industry’s only free & automated API security testing service that uncovers security vulnerabilities using OWASP API list. | ||
# Developers relies on EthicalCheck to evaluate every update and release, ensuring that no APIs go to production with exploitable vulnerabilities. | ||
|
||
# You develop the application and API, we bring complete and continuous security testing to you, accelerating development. | ||
|
||
# Know your API and Applications are secure with EthicalCheck – our free & automated API security testing service. | ||
|
||
# How EthicalCheck works? | ||
# EthicalCheck functions in the following simple steps. | ||
# 1. Security Testing. | ||
# Provide your OpenAPI specification or start with a public Postman collection URL. | ||
# EthicalCheck instantly instrospects your API and creates a map of API endpoints for security testing. | ||
# It then automatically creates hundreds of security tests that are non-intrusive to comprehensively and completely test for authentication, authorizations, and OWASP bugs your API. The tests addresses the OWASP API Security categories including OAuth 2.0, JWT, Rate Limit etc. | ||
|
||
# 2. Reporting. | ||
# EthicalCheck generates security test report that includes all the tested endpoints, coverage graph, exceptions, and vulnerabilities. | ||
# Vulnerabilities are fully triaged, it contains CVSS score, severity, endpoint information, and OWASP tagging. | ||
|
||
|
||
# This is a starter workflow to help you get started with EthicalCheck Actions | ||
|
||
name: EthicalCheck-Workflow | ||
|
||
# Controls when the workflow will run | ||
on: | ||
# Triggers the workflow on push or pull request events but only for the "master" branch | ||
# Customize trigger events based on your DevSecOps processes. | ||
push: | ||
branches: [ "master" ] | ||
pull_request: | ||
branches: [ "master" ] | ||
schedule: | ||
- cron: '30 14 * * 5' | ||
|
||
# Allows you to run this workflow manually from the Actions tab | ||
workflow_dispatch: | ||
|
||
permissions: | ||
contents: read | ||
|
||
jobs: | ||
Trigger_EthicalCheck: | ||
permissions: | ||
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results | ||
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status | ||
runs-on: ubuntu-latest | ||
|
||
steps: | ||
- name: EthicalCheck Free & Automated API Security Testing Service | ||
uses: apisec-inc/ethicalcheck-action@005fac321dd843682b1af6b72f30caaf9952c641 | ||
with: | ||
# The OpenAPI Specification URL or Swagger Path or Public Postman collection URL. | ||
oas-url: "http://netbanking.apisec.ai:8080/v2/api-docs" | ||
# The email address to which the penetration test report will be sent. | ||
email: "[email protected]" | ||
sarif-result-file: "ethicalcheck-results.sarif" | ||
|
||
- name: Upload sarif file to repository | ||
uses: github/codeql-action/upload-sarif@v2 | ||
with: | ||
sarif_file: ./ethicalcheck-results.sarif | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
name: Greeting | ||
on: [pull_request, issues] | ||
jobs: | ||
greeting: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Greet on pull request | ||
if: github.event_name == 'pull_request' | ||
uses: actions/github-script@v4 | ||
with: | ||
github-token: ${{secrets.GITHUB_TOKEN}} | ||
script: | | ||
github.rest.issues.createComment({ | ||
issue_number: context.issue.number, | ||
owner: context.repo.owner, | ||
repo: context.repo.repo, | ||
body: 'Hello @${{ github.actor }}, thank you for your pull request! We appreciate your contribution to this project. 🙌' | ||
}) | ||
- name: Greet on issue | ||
if: github.event_name == 'issues' | ||
uses: actions/github-script@v4 | ||
with: | ||
github-token: ${{secrets.GITHUB_TOKEN}} | ||
script: | | ||
github.rest.issues.createComment({ | ||
issue_number: context.issue.number, | ||
owner: context.repo.owner, | ||
repo: context.repo.repo, | ||
body: 'Hello @${{ github.actor }}, thank you for opening an issue! We will try to resolve it as soon as possible. 🙏' | ||
}) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
# This workflow will triage pull requests and apply a label based on the | ||
# paths that are modified in the pull request. | ||
# | ||
# To use this workflow, you will need to set up a .github/labeler.yml | ||
# file with configuration. For more information, see: | ||
# https://github.com/actions/labeler | ||
|
||
name: Labeler | ||
on: [pull_request_target] | ||
|
||
jobs: | ||
label: | ||
|
||
runs-on: ubuntu-latest | ||
permissions: | ||
contents: read | ||
pull-requests: write | ||
|
||
steps: | ||
- uses: actions/labeler@v4 | ||
with: | ||
repo-token: "${{ secrets.GITHUB_TOKEN }}" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
# Security Policy | ||
|
||
## Supported Versions | ||
|
||
Use this section to tell people about which versions of your project are | ||
currently being supported with security updates. | ||
|
||
| Version | Supported | | ||
| ------- | ------------------ | | ||
| 5.1.x | :white_check_mark: | | ||
| 5.0.x | :x: | | ||
| 4.0.x | :white_check_mark: | | ||
| < 4.0 | :x: | | ||
|
||
## Reporting a Vulnerability | ||
|
||
Use this section to tell people how to report a vulnerability. | ||
|
||
Tell them where to go, how often they can expect to get an update on a | ||
reported vulnerability, what to expect if the vulnerability is accepted or | ||
declined, etc. |