Skip to content

Commit

Permalink
feat: add support for secret scanning and code scanning alerts
Browse files Browse the repository at this point in the history 
- introduce new command-line options for secret scanning and code scanning alerts
- add new modules for handling secret scanning and code scanning
- refactor alert checking logic to use a hash of alert types and corresponding functions
- update main function to process multiple alert types
  • Loading branch information
@scriptprivate
scriptprivate authored Aug 21, 2024
1 parent e0d6d68 commit c6f650e
Showing 1 changed file with 40 additions and 30 deletions.
70 changes: 40 additions & 30 deletions security-gate.pl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,49 +5,59 @@
use warnings;
use lib "./lib/";
use SecurityGate::Engine::Dependencies qw(@SEVERITIES);
use SecurityGate::Engine::Secrets;
use SecurityGate::Engine::CodeScanning;
use SecurityGate::Utils::Helper;
use Getopt::Long;

sub main {
my ($token, $repository, $dependency_alerts);

my %severity_limits = map { $_ => 0 } @SEVERITIES;

Getopt::Long::GetOptions(
"t|token=s" => \$token,
"r|repo=s" => \$repository,
"c|critical=i" => \$severity_limits{critical},
"h|high=i" => \$severity_limits{high},
"m|medium=i" => \$severity_limits{medium},
"l|low=i" => \$severity_limits{low},
"dependency-alerts" => \$dependency_alerts
my ($token, $repository, $dependency_alerts, $secret_scanning_alerts, $code_scanning_alerts);

my %severity_limits = map {$_ => 0} @SEVERITIES;

Getopt::Long::GetOptions(
"t|token=s" => \$token,
"r|repo=s" => \$repository,
"c|critical=i" => \$severity_limits{critical},
"h|high=i" => \$severity_limits{high},
"m|medium=i" => \$severity_limits{medium},
"l|low=i" => \$severity_limits{low},
"dependency-alerts" => \$dependency_alerts,
"secret-scanning-alerts" => \$secret_scanning_alerts,
"code-scanning-alerts" => \$code_scanning_alerts
);

if ($token && $repository) {
my $result = 0;

my %alert_checks = (
'dependency-alerts' => sub { SecurityGate::Engine::Dependencies->new($token, $repository, \%severity_limits) },
'secret-scanning-alerts' => sub { SecurityGate::Engine::Secrets->new($token, $repository) },
'code-scanning-alerts' => sub { SecurityGate::Engine::CodeScanning->new($token, $repository, \%severity_limits) },
);

if ($token && $repository) {
my $result = 0;
for my $alert_type (keys %alert_checks) {
if ($$alert_type) {
$result += $alert_checks{$alert_type}->();
}
}

if ($dependency_alerts) {
$result = SecurityGate::Engine::Dependencies -> new($token, $repository, \%severity_limits);
}
return $result;
}

else {
print "No alerts type specified. Use --dependency-alerts to check for dependency alerts.\n";
}
else {
print SecurityGate::Utils::Helper->new();

return $result;
}

else {
print SecurityGate::Utils::Helper -> new();
return 1;
}

return 1;
}
return 0;
}

if ($ENV{TEST_MODE}) {
main();
main();
}

else {
exit main();
exit main();
}

0 comments on commit c6f650e

Please sign in to comment.