Sync with plan

eyaliyahu · Dec 31, 2023 · 505ec85 · 505ec85
1 parent e72dcaa
commit 505ec85
Showing 1 changed file with 11 additions and 9 deletions.
diff --git a/.github/workflows/jit-security.yml b/.github/workflows/jit-security.yml
@@ -1,5 +1,6 @@
 name: Workflows generated by the MVS plan
-'on':
+run-name: ${{fromJSON(github.event.inputs.client_payload).payload.job_title}}
+on:
   workflow_dispatch:
     inputs:
        client_payload:
@@ -12,22 +13,23 @@ permissions:
 
 jobs:
   enrich:
-    if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'enrich'
+    if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'enrich' && fromJSON(github.event.inputs.client_payload).payload.workflow_slug == 'workflow-enrichment-code'
     runs-on: ubuntu-20.04
     timeout-minutes: 20
     steps:
     - name: enrichment
       uses: jitsecurity-controls/[email protected]
       with:
-        security_control: registry.jit.io/control-enrichment-slim:latest
-
-  secret-detection:
-    if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'secret-detection'
+        security_control: registry.jit.io/control-enrichment-slim:main
+        
+  software-bill-of-materials:
+    if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'software-bill-of-materials' && fromJSON(github.event.inputs.client_payload).payload.workflow_slug == 'workflow-sbom'
     runs-on: ubuntu-20.04
     timeout-minutes: 20
     steps:
-    - name: gitleaks
+    - name: syft-alpine:not-hardened
       uses: jitsecurity-controls/[email protected]
       with:
-        security_control: registry.jit.io/control-gitleaks-alpine:latest
-        security_control_output_file: /tmp/report.json
+        security_control: registry.jit.io/control-syft-alpine:not-hardened-main
+        fail_if_cannot_checkout: false
+