A.M.R.I.T (Accessible Medical Records via Integrated technology) is a digital health platform initially developed by Piramal Swasthya Management Research Institute (PSMRI). This is a forked repo to create AMRIT Website.
MIT License
3
stars
10
forks
source link
[C4GT Community]: Configure GitHub Actions for Checkstyle code formatting and vulnerability scanning in AMRIT API repositories #4
To maintain code quality and security for AMRIT API repositories, we need to set up GitHub Actions workflows that perform code formatting checks using Checkstyle and vulnerability scanning with OWASP Dependency-Check. These workflows should ensure that code formatting issues are detected for changed files in pull requests, and vulnerability scanning is conducted when pom.xml changes. Merging of pull requests should be restricted unless these checks pass.
What You Will Learn:
As an intern, you will:
Gain experience with GitHub Actions and CI/CD pipelines.
Learn how to configure static code analysis and security scanning in Java projects.
Develop skills in enforcing code quality and security practices.
Work collaboratively with developers to ensure high standards in code quality.
Desired Skills:
Basic knowledge of Java and Maven.
Familiarity with GitHub Actions and CI/CD workflows.
Understanding of static code analysis tools.
Eagerness to learn and implement best practices in code quality and security.
Goals
Setup GitHub Actions for Checkstyle:
[ ] Create a GitHub Actions workflow to run Checkstyle on pull requests.
[ ] Configure the workflow to check code formatting for changed files only.
[ ] Ensure that merging is blocked unless Checkstyle checks pass.
Setup GitHub Actions for OWASP Dependency-Check:
Create a GitHub Actions workflow to run OWASP Dependency-Check.
Configure the workflow to trigger only when pom.xml or pom.xml files change.
Ensure that merging is blocked unless the vulnerability scan passes.
Expected Outcome
Fully functional GitHub Actions workflows that automatically check code formatting with Checkstyle and perform vulnerability scanning with OWASP Dependency-Check. These workflows will ensure that pull requests meet coding standards and are free of known vulnerabilities before merging.
Acceptance Criteria
Checkstyle Workflow:
Checkstyle runs on changed files in pull requests.
Merging is blocked unless Checkstyle checks pass without errors.
OWASP Dependency-Check Workflow:
OWASP Dependency-Check runs when pom.xml changes.
Merging is blocked unless no critical vulnerabilities are found.
Ticket Contents
Description
To maintain code quality and security for AMRIT API repositories, we need to set up GitHub Actions workflows that perform code formatting checks using Checkstyle and vulnerability scanning with OWASP Dependency-Check. These workflows should ensure that code formatting issues are detected for changed files in pull requests, and vulnerability scanning is conducted when pom.xml changes. Merging of pull requests should be restricted unless these checks pass.
What You Will Learn:
As an intern, you will:
Desired Skills:
Goals
Setup GitHub Actions for Checkstyle:
Setup GitHub Actions for OWASP Dependency-Check:
Expected Outcome
Fully functional GitHub Actions workflows that automatically check code formatting with Checkstyle and perform vulnerability scanning with OWASP Dependency-Check. These workflows will ensure that pull requests meet coding standards and are free of known vulnerabilities before merging.
Acceptance Criteria
Checkstyle Workflow:
OWASP Dependency-Check Workflow:
Implementation Details
https://github.com/checkstyle/checkstyle https://central.sonatype.com/artifact/org.owasp/dependency-check-maven/8.4.0/overview https://github.com/marketplace/actions/dependency-check https://github.com/marketplace?query=checkstyle
Mockups/Wireframes
NA
Product Name
AMRIT
Organisation Name
Piramal Swasthya Management Research Institute
Domain
Healthcare
Tech Skills Needed
CI/CD, Debugging, DevOps, Java, Security, Spring Boot
Mentor(s)
@drtechie
Complexity
Medium
Category
CI/CD, Documentation, Delpoyment