From 1d2efcb8346f563dc96b48dca577cbd203e0662a Mon Sep 17 00:00:00 2001 From: MetaMask Bot <37885440+metamaskbot@users.noreply.github.com> Date: Tue, 27 Feb 2024 13:08:48 -0500 Subject: [PATCH 1/2] Enabling security code scanner --- .github/workflows/security-code-scanner.yml | 43 +++++++++++++++++++++ 1 file changed, 43 insertions(+) create mode 100644 .github/workflows/security-code-scanner.yml diff --git a/.github/workflows/security-code-scanner.yml b/.github/workflows/security-code-scanner.yml new file mode 100644 index 0000000..28c125f --- /dev/null +++ b/.github/workflows/security-code-scanner.yml @@ -0,0 +1,43 @@ +name: 'MetaMask Security Code Scanner' + +on: + push: + branches: ['master'] + pull_request: + branches: ['master'] + +jobs: + run-security-scan: + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + steps: + - name: MetaMask Security Code Scanner + uses: MetaMask/Security-Code-Scanner@main + with: + repo: ${{ github.repository }} + paths_ignored: | + .storybook/ + '**/__snapshots__/' + '**/*.snap' + '**/*.stories.js' + '**/*.stories.tsx' + '**/*.test.browser.ts*' + '**/*.test.js*' + '**/*.test.ts*' + '**/fixtures/' + '**/jest.config.js' + '**/jest.environment.js' + '**/mocks/' + '**/test*/' + docs/ + e2e/ + merged-packages/ + node_modules + storybook/ + test*/ + rules_excluded: example + mixpanel_project_token: ${{ secrets.SECURITY_CODE_SCANNER_MIXPANEL_TOKEN }} + slack_webhook: ${{ secrets.APPSEC_BOT_SLACK_WEBHOOK }} From 1859c8878d8245b45d208408e3e200c87869b0b6 Mon Sep 17 00:00:00 2001 From: MetaMask Bot <37885440+metamaskbot@users.noreply.github.com> Date: Wed, 6 Mar 2024 11:26:40 -0500 Subject: [PATCH 2/2] Update security code scanner file --- .github/workflows/security-code-scanner.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/security-code-scanner.yml b/.github/workflows/security-code-scanner.yml index 28c125f..cbebd08 100644 --- a/.github/workflows/security-code-scanner.yml +++ b/.github/workflows/security-code-scanner.yml @@ -39,5 +39,5 @@ jobs: storybook/ test*/ rules_excluded: example - mixpanel_project_token: ${{ secrets.SECURITY_CODE_SCANNER_MIXPANEL_TOKEN }} + project_metrics_token: ${{ secrets.SECURITY_SCAN_METRICS_TOKEN }} slack_webhook: ${{ secrets.APPSEC_BOT_SLACK_WEBHOOK }}