Skip to content

Commit

Permalink
[feat] add noDocker runners for CodeQL and Semgrep
Browse files Browse the repository at this point in the history
  • Loading branch information
@ocelaiwo
ocelaiwo committed Apr 9, 2024
1 parent 9db458c commit d2e731f
Show file tree
Hide file tree
Showing 2 changed files with 22 additions and 0 deletions.
13 changes: 13 additions & 0 deletions scripts/runCodeQLNoDocker.sh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
#!/usr/bin/env bash

echo "Running CodeQL"

benchmark_version=$(scripts/getBenchmarkVersion.sh)
codeql_version=$($HOME/.local/bin/codeql/codeql --version -q)
result_file="results/Benchmark_$benchmark_version-CodeQL-v$codeql_version.sarif"

$HOME/.local/bin/codeql/codeql database create owasp-benchmark --language=java --threads=0

$HOME/.local/bin/codeql/codeql database analyze owasp-benchmark java-code-scanning.qls --format=sarifv2.1.0 --threads=0 --output=$result_file

rm -rf owasp-benchmark
9 changes: 9 additions & 0 deletions scripts/runSemgrepNoDocker.sh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
#!/usr/bin/env bash

echo "Running Semgrep"

benchmark_version=$(scripts/getBenchmarkVersion.sh)
semgrep_version=$(semgrep --version)
result_file="results/Benchmark_$benchmark_version-Semgrep-v$semgrep_version.json"

semgrep --config p/security-audit -q --json --include="src/main/java/org/owasp/benchmark/testcode/*.java" -o "$result_file" . > /dev/null

0 comments on commit d2e731f

Please sign in to comment.