add security status badge

cBioPortal · Jan 15, 2025 · 99de943 · 99de943
1 parent 50f78d9
commit 99de943
Show file tree

Hide file tree

Showing 2 changed files with 49 additions and 1 deletion.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -458,11 +458,54 @@ jobs:
                 echo "Individual reports for master and pr have been saved under the Artifacts tab."
                 exit 0
               fi
+        - persist_to_workspace:
+            root: /tmp/repos
+            paths:
+              - master_report.sbom
         - store_artifacts:
             path: /tmp/repos/master_report.sbom
         - store_artifacts:
             path: /tmp/repos/pr_report.sbom
 
+    update_security_status_badge:
+      machine:
+        image: ubuntu-2204:2024.08.1
+      resource_class: medium
+      working_directory: /tmp/repos
+      environment:
+        SUCCESS_MESSAGE: 'passing'
+        SUCCESS_COLOR: 'brightgreen'
+        FAILURE_MESSAGE: 'failing'
+        FAILURE_COLOR: 'FF0A0A'
+        SEVERITY_THRESHOLD: 'CRITICAL'
+      steps:
+        - attach_workspace:
+            at: /tmp/repos
+        - add_ssh_keys:
+            fingerprints:
+              - "SHA256:vtzpWrYBLQAMgZIsEv3Nuc1HeINJXFFtUB+IpSY/AK4"
+        - run:
+            name: Set up Git user
+            command: |
+              git config --global user.name "CircleCI Bot"
+              git config --global user.email "[email protected]"
+        - run:
+            name: Count vulnerabilities and update status badge
+            command: |
+              COUNT=$(jq '[.[] | select(.severity == "$SEVERITY_THRESHOLD")] | length' master_report.sbom)
+              cd cbioportal-test
+              if [ $COUNT -eq 0 ]; then
+                MESSAGE=$SUCCESS_MESSAGE
+                COLOR=$SUCCESS_COLOR
+              else
+                MESSAGE=$FAILURE_MESSAGE
+                COLOR=$FAILURE_COLOR
+              fi
+              jq '.message = $MESSAGE | .color = $COLOR' security-status.json > security-status.json
+              git add -A
+              git commit -m "Update security status"
+              git push
+
 workflows:
     end_to_end_tests:
         jobs:
@@ -501,4 +544,7 @@ workflows:
             context:
               - docker-scout
             requires:
-              - build_image
+              - build_image
+        - update_security_status_badge:
+            requires:
+              - run_security_tests
diff --git a/README.md b/README.md
@@ -1,5 +1,7 @@
 # cBioPortal
 
+[![Endpoint Badge](https://img.shields.io/endpoint?url=https%3A%2F%2Fraw.githubusercontent.com%2Fzainasir%2Fcbioportal-test%2Frefs%2Fheads%2Fmain%2Fsecurity-status.json)](https://docs.cbioportal.org/development/security/)
+
 The cBioPortal for Cancer Genomics provides visualization, analysis, and download of large-scale cancer genomics data sets. For a short intro on cBioPortal, see [these introductory slides](https://docs.google.com/presentation/d/1hm0G77UklZnpQfFvywBfW2ZIsy8deKi5r1RfJarOPLg/edit?usp=sharing).
 
 If you would like to know how to setup a private instance of the portal and/or get set up for developing, see the [documentation](https://docs.cbioportal.org). For details on contributing code changes via pull requests, see our [Contributing document](CONTRIBUTING.md).