search

globocom / huskyCI

Performing security tests inside your CI
https://huskyci.opensource.globo.com
BSD 3-Clause "New" or "Revised" License
572 stars 137 forks source link

Implement GitHub Actions for Security Test Tool Version Verification #570

Open fguisso opened 1 year ago

fguisso commented 1 year ago

  1. Problem Description:

    • Currently, we lack an automated process to verify and ensure that the versions of security test tools defined in the config.yml file are up-to-date.

  2. Steps to Reproduce:

    • N/A

  3. Expected Behavior:

    • We need a GitHub Actions workflow that checks the versions of security test tools specified in our config.yml file against the latest available versions.

  4. Current Behavior:

    • The versions of security test tools in our config.yml may become outdated over time, potentially leading to security vulnerabilities or issues in the testing process.

  5. Proposed Changes:

    • Implement a GitHub Actions workflow that runs periodically or on pull requests.
    • The workflow should extract the tool versions from the config.yml file and compare them against the latest versions available.
    • If any tool version is outdated, the workflow should create a new GitHub issue to inform maintainers about the outdated tool and suggest an update.

  6. Dependencies:

    • GitHub Actions must be enabled for the repository.
    • The workflow should include steps to parse the config.yml file and compare versions.

  7. Testing:

    • Test the GitHub Actions workflow on a branch or forked repository to ensure it accurately detects outdated tool versions.

  8. Documentation Updates:

    • Update the project documentation to inform contributors and maintainers about the new GitHub Actions workflow and its purpose.

  9. Expected Impact:

    • The implementation of this workflow ensures that our security test tools are always using the latest versions, enhancing the security posture of the project.

Environment:

Note: Please ensure that the necessary permissions and API tokens are configured for GitHub Actions to access the repository and create issues.

CaiqueCoelho commented 12 months ago

Hey @fguisso could I work on this too? I've a good ideia for this one 😄

CaiqueCoelho commented 12 months ago

Quick question @fguisso, do you want this to run on PRs or push, or would you like it to run, for example, once a scheduled week?