From ed8851107fbc3c1e47105b2e9c916266c3999889 Mon Sep 17 00:00:00 2001
From: Poatan <102661806+Prakash-Poatan@users.noreply.github.com>
Date: Sun, 7 Jul 2024 19:53:27 +0530
Subject: [PATCH 01/22] Create dependabot.yml
---
.github/dependabot.yml | 23 +++++++++++++++++++++++
1 file changed, 23 insertions(+)
create mode 100644 .github/dependabot.yml
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000..7299288
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,23 @@
+version: 2
+updates:
+ - package-ecosystem: "maven"
+ directory: "/" # Location of your pom.xml file
+ schedule:
+ interval: "weekly" # Check for updates weekly
+ open-pull-requests-limit: 5
+ commit-message:
+ prefix: "deps"
+ include: "scope"
+ target-branch: "main"
+ rebase-strategy: "auto"
+ pull-request-branch-name: "dependabot/${dependency-name}-${dependency-version}"
+ assignees:
+ - "your-github-username"
+ reviewers:
+ - "your-github-username"
+ labels:
+ - "dependencies"
+ - "automated"
+ ignore:
+ - dependency-name: "some-dependency"
+ versions: ["1.0.0"]
From 1583232a27a93b594d001498f188138e39a46c7e Mon Sep 17 00:00:00 2001
From: Poatan <102661806+Prakash-Poatan@users.noreply.github.com>
Date: Sun, 7 Jul 2024 19:55:39 +0530
Subject: [PATCH 02/22] Update dependabot.yml
---
.github/dependabot.yml | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 7299288..3d42df6 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -10,14 +10,12 @@ updates:
include: "scope"
target-branch: "main"
rebase-strategy: "auto"
- pull-request-branch-name: "dependabot/${dependency-name}-${dependency-version}"
assignees:
- - "your-github-username"
+ - "Prakash-Poatan"
reviewers:
- - "your-github-username"
+ - "Prakash-Poatan"
labels:
- "dependencies"
- "automated"
ignore:
- - dependency-name: "some-dependency"
- versions: ["1.0.0"]
+ - dependency-name: "guava"
From 56dd498ecdd00de49e66a7c27dab3175c0bd1605 Mon Sep 17 00:00:00 2001
From: Poatan <102661806+Prakash-Poatan@users.noreply.github.com>
Date: Sun, 7 Jul 2024 20:01:21 +0530
Subject: [PATCH 03/22] Update pom.xml
---
pom.xml | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/pom.xml b/pom.xml
index 8f31401..0301e06 100644
--- a/pom.xml
+++ b/pom.xml
@@ -35,7 +35,19 @@
spring-boot-starter-test
test
+
+ org.apache.logging.log4j
+ log4j-core
+ 2.14.1
+
+
+
+ org.apache.logging.log4j
+ log4j-api
+ 2.14.1
+
+
From 9e912c986f8367a1ef00110feff839a4d0ffda7b Mon Sep 17 00:00:00 2001
From: Poatan <102661806+Prakash-Poatan@users.noreply.github.com>
Date: Sun, 7 Jul 2024 22:16:13 +0530
Subject: [PATCH 04/22] Update README.md
---
README.md | 16 +---------------
1 file changed, 1 insertion(+), 15 deletions(-)
diff --git a/README.md b/README.md
index 3ce8b7f..bebe648 100644
--- a/README.md
+++ b/README.md
@@ -1,17 +1,3 @@
-# How to build a DevSecOps Pipeline in GitHub
+# evSecOps Pipeline in GitHub
This repository shows you how to build up an enterprise-ready DevSecOps Pipeline with GitHub.
It is part of your video series on how to build a DevSecOps Pipeline with GitHub and GitLab.
-
-Here is the link to the blog-post: https://www.romanoroth.com/post/gitlab-vs-github-devsecops
-
-- GitHub: DevSecOps: Part 1/12: What is GitHub? The fundamental concepts of a DevSecOps pipeline. https://youtu.be/_m5KYEi1ThA
-- GitHub: DevSecOps: Part 2/12: Introduction to GitHub https://youtu.be/6ZdxXDu8ZDA
-- GitHub: DevSecOps: Part 3/12: Learn How to use SCA (Software Composition Analysis) https://youtu.be/xM3elerxjYo
-- GitHub: DevSecOps: Part 4/12: How to ensure License Compliance? https://youtu.be/l7IBh2xkDcQ
-- GitHub: DevSecOps: Part 5/12: Protect your Apps with Static Application Security Testing (SAST) https://youtu.be/p4xS2X5KsNk
-- GitHub: DevSecOps: Part 6/12: How to use Container Scanning https://youtu.be/_ZeKh3GcbgU
-- GitHub: DevSecOps: Part 7/12: How to find secrets in your own code with Secret Scanning https://youtu.be/k-uuPTLNXGM
-- Coming Soon
-
-
-Link to the GitLab repository: https://gitlab.com/romano_roth/gitlabdevsecopspipeline
From e26d30f4ee01fdd3a14db3d12eb2d0f63f6fd739 Mon Sep 17 00:00:00 2001
From: Poatan <102661806+Prakash-Poatan@users.noreply.github.com>
Date: Sun, 7 Jul 2024 22:16:24 +0530
Subject: [PATCH 05/22] Update README.md
---
README.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/README.md b/README.md
index bebe648..8607bd1 100644
--- a/README.md
+++ b/README.md
@@ -1,3 +1,3 @@
-# evSecOps Pipeline in GitHub
+# DevSecOps Pipeline in GitHub
This repository shows you how to build up an enterprise-ready DevSecOps Pipeline with GitHub.
It is part of your video series on how to build a DevSecOps Pipeline with GitHub and GitLab.
From f5544f5bcbc127dbdf1ceb1e66e3bec6a390dba3 Mon Sep 17 00:00:00 2001
From: Poatan <102661806+Prakash-Poatan@users.noreply.github.com>
Date: Sun, 7 Jul 2024 22:18:11 +0530
Subject: [PATCH 06/22] Create depecheck_test.yml
---
.github/workflows/depecheck_test.yml | 28 ++++++++++++++++++++++++++++
1 file changed, 28 insertions(+)
create mode 100644 .github/workflows/depecheck_test.yml
diff --git a/.github/workflows/depecheck_test.yml b/.github/workflows/depecheck_test.yml
new file mode 100644
index 0000000..0efbb8d
--- /dev/null
+++ b/.github/workflows/depecheck_test.yml
@@ -0,0 +1,28 @@
+
+on: [push]
+
+jobs:
+ depchecktest:
+ runs-on: ubuntu-latest
+ name: depecheck_test
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v2
+ - name: Build project with Maven
+ run: mvn clean install
+ - name: Depcheck
+ uses: dependency-check/Dependency-Check_Action@main
+ id: Depcheck
+ with:
+ project: 'test'
+ path: '.'
+ format: 'HTML'
+ out: 'reports' # this is the default, no need to specify unless you wish to override it
+ args: >
+ --failOnCVSS 7
+ --enableRetired
+ - name: Upload Test results
+ uses: actions/upload-artifact@master
+ with:
+ name: Depcheck report
+ path: ${{github.workspace}}/reports
From 0d97e0e6375de1bdad8417d605ec435e7850c364 Mon Sep 17 00:00:00 2001
From: Poatan <102661806+Prakash-Poatan@users.noreply.github.com>
Date: Sun, 7 Jul 2024 22:22:25 +0530
Subject: [PATCH 07/22] Update Controller.java
---
src/main/java/com/example/demo/controller/Controller.java | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/main/java/com/example/demo/controller/Controller.java b/src/main/java/com/example/demo/controller/Controller.java
index 95bb452..33bcfc5 100644
--- a/src/main/java/com/example/demo/controller/Controller.java
+++ b/src/main/java/com/example/demo/controller/Controller.java
@@ -19,7 +19,7 @@ public class Controller {
// these are for secret detection
private final static String username="User1";
private final static String password="password";
- private final static String pwd="password2";
+ private final static String pwd="password@2";
private final static String pwdtest="pwd_Test22";
//use pwd pwd_BlaTest24
@@ -32,7 +32,7 @@ public class Controller {
//use pwd pwd_BlaTest25
private final String idForCloud = "AKIAIOSFODNN7EXAMPLE";
- private final String valueForCloud = "wJalrXUtnFEMI/K7MDENG/bPxRfiCY78ZWn/7";
+ private final String valueForCloud = "wJalrXUtnFEMI/K7MDENG/bPxRfiCY78ZWn/72";
private final static String pwdPropertyName="prop.password";
From aa14104e61cd1c9121b802b3d8ea93e76454b8bf Mon Sep 17 00:00:00 2001
From: Poatan <102661806+Prakash-Poatan@users.noreply.github.com>
Date: Sun, 7 Jul 2024 22:32:46 +0530
Subject: [PATCH 08/22] Update LICENSE
---
LICENSE | 3 ---
1 file changed, 3 deletions(-)
diff --git a/LICENSE b/LICENSE
index 261eeb9..4568c44 100644
--- a/LICENSE
+++ b/LICENSE
@@ -186,13 +186,10 @@
same "printed page" as the copyright notice for easier
identification within third-party archives.
- Copyright [yyyy] [name of copyright owner]
-
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
- http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
From ab4db9110f9bcb6bd87216c3f65454f89f7b6cf0 Mon Sep 17 00:00:00 2001
From: Poatan <102661806+Prakash-Poatan@users.noreply.github.com>
Date: Sun, 7 Jul 2024 22:46:38 +0530
Subject: [PATCH 09/22] Update mvnw
---
mvnw | 1 -
1 file changed, 1 deletion(-)
diff --git a/mvnw b/mvnw
index d420d3c..9631fe6 100644
--- a/mvnw
+++ b/mvnw
@@ -9,7 +9,6 @@
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
-#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
From 363f08fe16d937e82e920965134192ec5083bcd3 Mon Sep 17 00:00:00 2001
From: Poatan <102661806+Prakash-Poatan@users.noreply.github.com>
Date: Sun, 7 Jul 2024 22:49:08 +0530
Subject: [PATCH 10/22] Update README.md
---
README.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/README.md b/README.md
index 8607bd1..4525941 100644
--- a/README.md
+++ b/README.md
@@ -1,3 +1,3 @@
# DevSecOps Pipeline in GitHub
This repository shows you how to build up an enterprise-ready DevSecOps Pipeline with GitHub.
-It is part of your video series on how to build a DevSecOps Pipeline with GitHub and GitLab.
+It utilises the SCA, SAST, DAST scans with different open source tools such as snyk, dependency check, trivy and Github advanced security configurations such as Dependabot with specific and general rules, CodeQL analysis , Secrets scan, secret protection, push protection and othersfor creating a secure CI and CD workflow during build into main branch on every change.
From a9e920d79b2c41dfbf037f3d7412fc274dbe9abb Mon Sep 17 00:00:00 2001
From: Poatan <102661806+Prakash-Poatan@users.noreply.github.com>
Date: Sun, 7 Jul 2024 22:52:53 +0530
Subject: [PATCH 11/22] Update depecheck_test.yml
---
.github/workflows/depecheck_test.yml | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/.github/workflows/depecheck_test.yml b/.github/workflows/depecheck_test.yml
index 0efbb8d..ef00d8c 100644
--- a/.github/workflows/depecheck_test.yml
+++ b/.github/workflows/depecheck_test.yml
@@ -1,4 +1,3 @@
-
on: [push]
jobs:
@@ -7,14 +6,14 @@ jobs:
name: depecheck_test
steps:
- name: Checkout
- uses: actions/checkout@v2
+ uses: actions/checkout@v4
- name: Build project with Maven
run: mvn clean install
- name: Depcheck
uses: dependency-check/Dependency-Check_Action@main
id: Depcheck
with:
- project: 'test'
+ project: 'dependency-check-owasp'
path: '.'
format: 'HTML'
out: 'reports' # this is the default, no need to specify unless you wish to override it
@@ -22,7 +21,7 @@ jobs:
--failOnCVSS 7
--enableRetired
- name: Upload Test results
- uses: actions/upload-artifact@master
+ uses: actions/upload-artifact@v3
with:
name: Depcheck report
path: ${{github.workspace}}/reports
From 26a54b75680f7943ad27750bf93708f2812d8b0d Mon Sep 17 00:00:00 2001
From: Poatan <102661806+Prakash-Poatan@users.noreply.github.com>
Date: Sun, 7 Jul 2024 23:01:29 +0530
Subject: [PATCH 12/22] Update depecheck_test.yml
---
.github/workflows/depecheck_test.yml | 25 +++++++++++++++++--------
1 file changed, 17 insertions(+), 8 deletions(-)
diff --git a/.github/workflows/depecheck_test.yml b/.github/workflows/depecheck_test.yml
index ef00d8c..5780d9c 100644
--- a/.github/workflows/depecheck_test.yml
+++ b/.github/workflows/depecheck_test.yml
@@ -1,27 +1,36 @@
+name: OWASP Dependency Check
+
on: [push]
jobs:
depchecktest:
runs-on: ubuntu-latest
- name: depecheck_test
+ name: Dependency Check Test
steps:
- name: Checkout
uses: actions/checkout@v4
+
+ - name: Set up JDK 11
+ uses: actions/setup-java@v3
+ with:
+ java-version: '11'
+
- name: Build project with Maven
run: mvn clean install
- - name: Depcheck
- uses: dependency-check/Dependency-Check_Action@main
- id: Depcheck
+
+ - name: Run OWASP Dependency Check
+ uses: jorisroovers/depcheck-action@v2
with:
- project: 'dependency-check-owasp'
+ project: 'test'
path: '.'
format: 'HTML'
- out: 'reports' # this is the default, no need to specify unless you wish to override it
+ outputDirectory: 'reports'
args: >
--failOnCVSS 7
--enableRetired
- - name: Upload Test results
+
+ - name: Upload Dependency Check report
uses: actions/upload-artifact@v3
with:
name: Depcheck report
- path: ${{github.workspace}}/reports
+ path: 'reports/dependency-check-report.html'
From fcd018662a9cc802f9d0fbbb16839f32c1fd3a10 Mon Sep 17 00:00:00 2001
From: Poatan <102661806+Prakash-Poatan@users.noreply.github.com>
Date: Sun, 7 Jul 2024 23:08:07 +0530
Subject: [PATCH 13/22] Update depecheck_test.yml
---
.github/workflows/depecheck_test.yml | 13 ++++---------
1 file changed, 4 insertions(+), 9 deletions(-)
diff --git a/.github/workflows/depecheck_test.yml b/.github/workflows/depecheck_test.yml
index 5780d9c..04d61b1 100644
--- a/.github/workflows/depecheck_test.yml
+++ b/.github/workflows/depecheck_test.yml
@@ -19,15 +19,10 @@ jobs:
run: mvn clean install
- name: Run OWASP Dependency Check
- uses: jorisroovers/depcheck-action@v2
- with:
- project: 'test'
- path: '.'
- format: 'HTML'
- outputDirectory: 'reports'
- args: >
- --failOnCVSS 7
- --enableRetired
+ run: |
+ curl -LO https://github.com/jeremylong/DependencyCheck/releases/download/v7.4.4/dependency-check-7.4.4-release.zip
+ unzip dependency-check-7.4.4-release.zip
+ ./dependency-check/bin/dependency-check.sh --project "test" --scan . --format "HTML" --out reports --failOnCVSS 7 --enableRetired
- name: Upload Dependency Check report
uses: actions/upload-artifact@v3
From b92ec4b28abb3f35a58494a95555df9492d0e80b Mon Sep 17 00:00:00 2001
From: Poatan <102661806+Prakash-Poatan@users.noreply.github.com>
Date: Sun, 7 Jul 2024 23:10:39 +0530
Subject: [PATCH 14/22] Update depecheck_test.yml
---
.github/workflows/depecheck_test.yml | 35 +++++++++++++---------------
1 file changed, 16 insertions(+), 19 deletions(-)
diff --git a/.github/workflows/depecheck_test.yml b/.github/workflows/depecheck_test.yml
index 04d61b1..0efbb8d 100644
--- a/.github/workflows/depecheck_test.yml
+++ b/.github/workflows/depecheck_test.yml
@@ -1,31 +1,28 @@
-name: OWASP Dependency Check
on: [push]
jobs:
depchecktest:
runs-on: ubuntu-latest
- name: Dependency Check Test
+ name: depecheck_test
steps:
- name: Checkout
- uses: actions/checkout@v4
-
- - name: Set up JDK 11
- uses: actions/setup-java@v3
- with:
- java-version: '11'
-
+ uses: actions/checkout@v2
- name: Build project with Maven
run: mvn clean install
-
- - name: Run OWASP Dependency Check
- run: |
- curl -LO https://github.com/jeremylong/DependencyCheck/releases/download/v7.4.4/dependency-check-7.4.4-release.zip
- unzip dependency-check-7.4.4-release.zip
- ./dependency-check/bin/dependency-check.sh --project "test" --scan . --format "HTML" --out reports --failOnCVSS 7 --enableRetired
-
- - name: Upload Dependency Check report
- uses: actions/upload-artifact@v3
+ - name: Depcheck
+ uses: dependency-check/Dependency-Check_Action@main
+ id: Depcheck
+ with:
+ project: 'test'
+ path: '.'
+ format: 'HTML'
+ out: 'reports' # this is the default, no need to specify unless you wish to override it
+ args: >
+ --failOnCVSS 7
+ --enableRetired
+ - name: Upload Test results
+ uses: actions/upload-artifact@master
with:
name: Depcheck report
- path: 'reports/dependency-check-report.html'
+ path: ${{github.workspace}}/reports
From 47ecbed13d8c6fe3ec76e1109fafdd875c0a0c94 Mon Sep 17 00:00:00 2001
From: Poatan <102661806+Prakash-Poatan@users.noreply.github.com>
Date: Mon, 8 Jul 2024 07:59:35 +0530
Subject: [PATCH 15/22] Update README.md
---
README.md | 2 ++
1 file changed, 2 insertions(+)
diff --git a/README.md b/README.md
index 4525941..025fbad 100644
--- a/README.md
+++ b/README.md
@@ -1,3 +1,5 @@
# DevSecOps Pipeline in GitHub
This repository shows you how to build up an enterprise-ready DevSecOps Pipeline with GitHub.
It utilises the SCA, SAST, DAST scans with different open source tools such as snyk, dependency check, trivy and Github advanced security configurations such as Dependabot with specific and general rules, CodeQL analysis , Secrets scan, secret protection, push protection and othersfor creating a secure CI and CD workflow during build into main branch on every change.
+
+Thanks for the Base templates @romanoroth.
From 679103211085e55beda5c0e76bba10206eb2ec97 Mon Sep 17 00:00:00 2001
From: Poatan <102661806+Prakash-Poatan@users.noreply.github.com>
Date: Mon, 8 Jul 2024 08:01:15 +0530
Subject: [PATCH 16/22] Update .gitignore
---
.gitignore | 2 ++
1 file changed, 2 insertions(+)
diff --git a/.gitignore b/.gitignore
index d5dba20..adf4a77 100644
--- a/.gitignore
+++ b/.gitignore
@@ -15,6 +15,7 @@
*.iws
*.iml
*.ipr
+*.txt
### NetBeans ###
/nbproject/private/
@@ -23,3 +24,4 @@
/dist/
/nbdist/
/.nb-gradle/
+/assets/
From db53e889199df045d901c7a03cfcbf29ce772cfd Mon Sep 17 00:00:00 2001
From: Poatan <102661806+Prakash-Poatan@users.noreply.github.com>
Date: Mon, 8 Jul 2024 08:02:31 +0530
Subject: [PATCH 17/22] Update Dockerfile
---
Dockerfile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Dockerfile b/Dockerfile
index d090d70..1968eff 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,5 +1,5 @@
FROM openjdk:13-alpine
-
+# do build volumes
VOLUME /tmp
COPY target/*.jar app.jar
From b22acc97f66d99470f87cec9ec551e654df637b0 Mon Sep 17 00:00:00 2001
From: Poatan <102661806+Prakash-Poatan@users.noreply.github.com>
Date: Mon, 8 Jul 2024 08:03:16 +0530
Subject: [PATCH 18/22] Update README.md
---
README.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/README.md b/README.md
index 025fbad..e3cbb31 100644
--- a/README.md
+++ b/README.md
@@ -2,4 +2,4 @@
This repository shows you how to build up an enterprise-ready DevSecOps Pipeline with GitHub.
It utilises the SCA, SAST, DAST scans with different open source tools such as snyk, dependency check, trivy and Github advanced security configurations such as Dependabot with specific and general rules, CodeQL analysis , Secrets scan, secret protection, push protection and othersfor creating a secure CI and CD workflow during build into main branch on every change.
-Thanks for the Base templates @romanoroth.
+Thanks for the Base templates, credits to @romanoroth/GitHubDevSecOps:main.
From ea0970f24c14c7bbaeec0385df2f0690a32fff3f Mon Sep 17 00:00:00 2001
From: Poatan <102661806+Prakash-Poatan@users.noreply.github.com>
Date: Mon, 8 Jul 2024 11:43:57 +0530
Subject: [PATCH 19/22] Update pom.xml
---
pom.xml | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/pom.xml b/pom.xml
index 0301e06..f9722e5 100644
--- a/pom.xml
+++ b/pom.xml
@@ -46,6 +46,11 @@
log4j-api
2.14.1
+
+ org.apache.velocity
+ velocity
+ 1.7
+
From fe235f6780adb20c11ed75da30e9ec92d4b35efc Mon Sep 17 00:00:00 2001
From: Poatan <102661806+Prakash-Poatan@users.noreply.github.com>
Date: Wed, 11 Sep 2024 16:08:43 +0530
Subject: [PATCH 20/22] Update README.md
Main Commit Pushed into remote branch
---
README.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/README.md b/README.md
index e3cbb31..7e471b1 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
-# DevSecOps Pipeline in GitHub
+# DevSecOps Pipeline in GitHub Actions
This repository shows you how to build up an enterprise-ready DevSecOps Pipeline with GitHub.
It utilises the SCA, SAST, DAST scans with different open source tools such as snyk, dependency check, trivy and Github advanced security configurations such as Dependabot with specific and general rules, CodeQL analysis , Secrets scan, secret protection, push protection and othersfor creating a secure CI and CD workflow during build into main branch on every change.
From a3e566c99b53de51f496f4de6ac0974372525cb3 Mon Sep 17 00:00:00 2001
From: Prakash <102661806+Poatan222@users.noreply.github.com>
Date: Tue, 17 Jun 2025 16:37:40 +0530
Subject: [PATCH 21/22] Update README.md
---
README.md | 1 -
1 file changed, 1 deletion(-)
diff --git a/README.md b/README.md
index 7e471b1..729ce8d 100644
--- a/README.md
+++ b/README.md
@@ -2,4 +2,3 @@
This repository shows you how to build up an enterprise-ready DevSecOps Pipeline with GitHub.
It utilises the SCA, SAST, DAST scans with different open source tools such as snyk, dependency check, trivy and Github advanced security configurations such as Dependabot with specific and general rules, CodeQL analysis , Secrets scan, secret protection, push protection and othersfor creating a secure CI and CD workflow during build into main branch on every change.
-Thanks for the Base templates, credits to @romanoroth/GitHubDevSecOps:main.
From 2a250ec389ccec73623af9a6936bee8943e42b6e Mon Sep 17 00:00:00 2001
From: Prakash <102661806+Poatan222@users.noreply.github.com>
Date: Wed, 20 Aug 2025 15:17:56 +0530
Subject: [PATCH 22/22] Create docker-image3.yml
---
.github/workflows/docker-image3.yml | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
create mode 100644 .github/workflows/docker-image3.yml
diff --git a/.github/workflows/docker-image3.yml b/.github/workflows/docker-image3.yml
new file mode 100644
index 0000000..13f4ccb
--- /dev/null
+++ b/.github/workflows/docker-image3.yml
@@ -0,0 +1,18 @@
+name: Docker Image CI 3
+
+on:
+ push:
+ branches: [ "main" ]
+ pull_request:
+ branches: [ "main" ]
+
+jobs:
+
+ build:
+
+ runs-on: ubuntu-latest
+
+ steps:
+ - uses: actions/checkout@v4
+ - name: Build the Docker image
+ run: docker build . --file Dockerfile --tag my-image-name:$(date +%s)