Skip to content

feat(ci): add nightly MSDO toolchain breach monitor #219

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
DimaBir wants to merge 1 commit into
base: main
Choose a base branch
from
+1,178 −0
Open

feat(ci): add nightly MSDO toolchain breach monitor #219

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions .github/aw/actions-lock.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,11 @@
"version": "v8",
"sha": "ed597411d8f924073f98dfc5c65a23a2325f34cd"
},
"github/gh-aw-actions/setup@v0.61.0": {
"repo": "github/gh-aw-actions/setup",
"version": "v0.61.0",
"sha": "df014dd7d03b638e860b2aeca95c833fd97c8cf1"
},
"github/gh-aw/actions/setup@v0.43.23": {
"repo": "github/gh-aw/actions/setup",
"version": "v0.43.23",
Expand Down
52 changes: 52 additions & 0 deletions .github/toolchain-inventory.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
# MSDO Toolchain Inventory
# Source of truth for tools monitored by the breach monitor workflow
# Derived from src/msdo-helpers.ts Tools enum
#
# All versions are noted as "latest (runtime-resolved)" because the MSDO CLI
# resolves tool versions dynamically via NuGet at runtime.

tools:
- name: bandit
description: Python security linter (finds common security issues in Python code)
ecosystem: pypi
version: latest (runtime-resolved)

- name: binskim
description: Binary static analysis tool for Windows/Linux binaries
ecosystem: nuget
version: latest (runtime-resolved)

- name: checkov
description: Infrastructure-as-code security scanner
ecosystem: pypi
version: latest (runtime-resolved)

- name: container-mapping
description: Container image mapping and inventory
ecosystem: nuget
version: latest (runtime-resolved)

- name: eslint
description: JavaScript/TypeScript linter with security rules
ecosystem: npm
version: latest (runtime-resolved)

- name: templateanalyzer
description: ARM/Bicep template security analyzer
ecosystem: nuget
version: latest (runtime-resolved)

- name: terrascan
description: Terraform/IaC security scanner
ecosystem: github
version: latest (runtime-resolved)

- name: trivy
description: Comprehensive vulnerability scanner (containers, filesystems, repos)
ecosystem: github
version: latest (runtime-resolved)

- name: antimalware
description: Windows antimalware scanner (Windows runners only)
platform: windows-only
version: latest (runtime-resolved)
Loading
Loading