diff --git a/.circleci/config.yml b/.circleci/config.yml index 04637a5e1ae..d5c4b1b4763 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -458,11 +458,54 @@ jobs: echo "Individual reports for master and pr have been saved under the Artifacts tab." exit 0 fi + - persist_to_workspace: + root: /tmp/repos + paths: + - master_report.sbom - store_artifacts: path: /tmp/repos/master_report.sbom - store_artifacts: path: /tmp/repos/pr_report.sbom + update_security_status_badge: + machine: + image: ubuntu-2204:2024.08.1 + resource_class: medium + working_directory: /tmp/repos + environment: + SUCCESS_MESSAGE: 'passing' + SUCCESS_COLOR: 'brightgreen' + FAILURE_MESSAGE: 'failing' + FAILURE_COLOR: 'FF0A0A' + SEVERITY_THRESHOLD: 'CRITICAL' + steps: + - attach_workspace: + at: /tmp/repos + - add_ssh_keys: + fingerprints: + - "SHA256:vtzpWrYBLQAMgZIsEv3Nuc1HeINJXFFtUB+IpSY/AK4" + - run: + name: Set up Git user + command: | + git config --global user.name "CircleCI Bot" + git config --global user.email "bot@circleci.com" + - run: + name: Count vulnerabilities and update status badge + command: | + COUNT=$(jq '[.[] | select(.severity == "$SEVERITY_THRESHOLD")] | length' master_report.sbom) + cd cbioportal-test + if [ $COUNT -eq 0 ]; then + MESSAGE=$SUCCESS_MESSAGE + COLOR=$SUCCESS_COLOR + else + MESSAGE=$FAILURE_MESSAGE + COLOR=$FAILURE_COLOR + fi + jq '.message = $MESSAGE | .color = $COLOR' security-status.json > security-status.json + git add -A + git commit -m "Update security status" + git push + workflows: end_to_end_tests: jobs: @@ -501,4 +544,7 @@ workflows: context: - docker-scout requires: - - build_image \ No newline at end of file + - build_image + - update_security_status_badge: + requires: + - run_security_tests \ No newline at end of file diff --git a/README.md b/README.md index 8039031d85f..49042a292cd 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,7 @@ # cBioPortal +[![Endpoint Badge](https://img.shields.io/endpoint?url=https%3A%2F%2Fraw.githubusercontent.com%2Fzainasir%2Fcbioportal-test%2Frefs%2Fheads%2Fmain%2Fsecurity-status.json)](https://docs.cbioportal.org/development/security/) + The cBioPortal for Cancer Genomics provides visualization, analysis, and download of large-scale cancer genomics data sets. For a short intro on cBioPortal, see [these introductory slides](https://docs.google.com/presentation/d/1hm0G77UklZnpQfFvywBfW2ZIsy8deKi5r1RfJarOPLg/edit?usp=sharing). If you would like to know how to setup a private instance of the portal and/or get set up for developing, see the [documentation](https://docs.cbioportal.org). For details on contributing code changes via pull requests, see our [Contributing document](CONTRIBUTING.md).