@@ -27,20 +27,29 @@ jobs:
2727 AQUA_KEY : ${{ secrets.AQUA_KEY }}
2828 AQUA_SECRET : ${{ secrets.AQUA_SECRET }}
2929 run : |
30+ set -euo pipefail
31+
3032 echo "=== Authenticating with AquaSec ==="
3133
32- TIMESTAMP=$(date -u +%s)
33- AUTH_ENDPOINT="https://eu-1.api.cloudsploit.com"
3434 METHOD="POST"
35- POST_BODY='{"validity":240,"allowed_endpoints":["GET","POST"]}'
35+ AUTH_ENDPOINT="https://api.cloudsploit.com/v2/tokens"
36+ TIMESTAMP=$(date -u +%s)
37+ POST_BODY='{
38+ # 1155 for CAO
39+ "group_id": 1228,
40+ "allowed_endpoints": ["GET", "POST"],
41+ "validity": 240,
42+ "csp_roles": ["developer", "devops"]
43+ }'
3644 STRING_TO_SIGN="${TIMESTAMP}${METHOD}/v2/tokens${POST_BODY}"
3745 SIGNATURE=$(echo -n "$STRING_TO_SIGN" | openssl dgst -sha256 -hmac "$AQUA_SECRET" -hex | sed 's/.*= //g')
46+
3847
3948 AUTH_RESPONSE=$(curl -s -X "$METHOD" "$AUTH_ENDPOINT" \
4049 -H "Content-Type: application/json" \
4150 -H "X-API-Key: $AQUA_KEY" \
42- -H "X-Timestamp: $TIMESTAMP" \
4351 -H "X-Signature: $SIGNATURE" \
52+ -H "X-Timestamp: $TIMESTAMP" \
4453 -d "$POST_BODY")
4554
4655 RESPONSE_STATUS=$(echo "$AUTH_RESPONSE" | jq -r '.status')
@@ -54,20 +63,11 @@ jobs:
5463 exit 1
5564 fi
5665
57- echo "=== Getting Repository ID from GitHub ==="
58-
59- REPO_ID=$(curl -s "https://api.github.com/repos/${{ github.repository }}" | jq -r '.id')
60-
61- if [ -z "$REPO_ID" ] || [ "$REPO_ID" = "null" ]; then
62- echo "Failed to get repository ID from GitHub"
63- exit 1
64- fi
65-
6666 echo "=== Receiving AquaSec Scan Results ==="
6767
6868 SCAN_RESULTS_ENDPOINT="https://eu-central-1.edge.cloud.aquasec.com/codesec/api/v1/scans/results"
6969 SCAN_RESULTS=$(curl -s -X GET \
70- "$SCAN_RESULTS_ENDPOINT?repositoryIds=$REPO_ID" \
70+ "$SCAN_RESULTS_ENDPOINT?repositoryIds=${{ github.repository_id }} \
7171 -H "Authorization: Bearer $BEARER_TOKEN" \
7272 -H "Accept: application/json")
7373
0 commit comments