From cbd082a336799a05b024050df5d5131c179261a3 Mon Sep 17 00:00:00 2001
From: Abhishek Tiwari <68281476+abhi9720@users.noreply.github.com>
Date: Wed, 7 Feb 2024 11:15:47 +0530
Subject: [PATCH 1/4] Update README.md
---
README.md | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/README.md b/README.md
index e224834..039d75b 100644
--- a/README.md
+++ b/README.md
@@ -39,6 +39,15 @@ The Banking Portal API provides a set of endpoints for managing user accounts, f
## Technologies Used
+
+
+
+
+
+
+
+
+
## TODO
- UI Fix for Dashboard Charts
From 647170220bc64b568427941a5dd3b5d87d91a14a Mon Sep 17 00:00:00 2001
From: Abhishek Tiwari <68281476+abhi9720@users.noreply.github.com>
Date: Sun, 11 Feb 2024 13:59:42 +0530
Subject: [PATCH 2/4] Update README.md
---
README.md | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/README.md b/README.md
index 039d75b..a2de36b 100644
--- a/README.md
+++ b/README.md
@@ -72,6 +72,10 @@ The Banking Portal API provides a set of endpoints for managing user accounts, f
4. Build and run the project: `mvn spring-boot:run`
## Screenshots
+
+
+
+
## Error Handling
The API implements global exception handling for common error scenarios, such as account not found, unauthorized access, and insufficient balance.
From 62f9f057e205be96814a10eaa1550828e0ee4021 Mon Sep 17 00:00:00 2001
From: Abhishek Tiwari <68281476+abhi9720@users.noreply.github.com>
Date: Sat, 8 Jun 2024 23:30:55 +0530
Subject: [PATCH 3/4] Create contrast-scan.yml
---
.github/workflows/contrast-scan.yml | 53 +++++++++++++++++++++++++++++
1 file changed, 53 insertions(+)
create mode 100644 .github/workflows/contrast-scan.yml
diff --git a/.github/workflows/contrast-scan.yml b/.github/workflows/contrast-scan.yml
new file mode 100644
index 0000000..99f5003
--- /dev/null
+++ b/.github/workflows/contrast-scan.yml
@@ -0,0 +1,53 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+# This workflow will initiate a Contrast Scan on your built artifact, and subsequently upload the results SARIF to Github.
+# Because Contrast Scan is designed to run against your deployable artifact, you need to build an artifact that will be passed to the Contrast Scan Action.
+# Contrast Scan currently supports Java, JavaScript and .NET artifacts.
+# For more information about the Contrast Scan GitHub Action see here: https://github.com/Contrast-Security-OSS/contrastscan-action
+
+# Pre-requisites:
+# All Contrast related account secrets should be configured as GitHub secrets to be passed as inputs to the Contrast Scan Action.
+# The required secrets are CONTRAST_API_KEY, CONTRAST_ORGANIZATION_ID and CONTRAST_AUTH_HEADER.
+
+on:
+ push:
+ branches: [ "main" ]
+ pull_request:
+ # The branches below must be a subset of the branches above
+ branches: [ "main" ]
+ schedule:
+ - cron: '29 2 * * 1'
+
+permissions:
+ contents: read
+
+name: Scan analyze workflow
+jobs:
+ build-and-scan:
+ permissions:
+ contents: read # for actions/checkout
+ security-events: write # for github/codeql-action/upload-sarif
+ actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
+ runs-on: ubuntu-latest
+ # check out project
+ steps:
+ - uses: actions/checkout@v4
+ # Since Contrast Scan is designed to run against your deployable artifact, the steps to build your artifact should go here.
+ # -name: Build Project
+ # ...
+ # Scan Artifact
+ - name: Contrast Scan Action
+ uses: Contrast-Security-OSS/contrastscan-action@7352a45d9678ec8a434cf061b07ffb51c1e351a1
+ with:
+ artifact: mypath/target/myartifact.jar # replace this path with the path to your built artifact
+ apiKey: ${{ secrets.CONTRAST_API_KEY }}
+ orgId: ${{ secrets.CONTRAST_ORGANIZATION_ID }}
+ authHeader: ${{ secrets.CONTRAST_AUTH_HEADER }}
+ #Upload the results to GitHub
+ - name: Upload SARIF file
+ uses: github/codeql-action/upload-sarif@v2
+ with:
+ sarif_file: results.sarif # The file name must be 'results.sarif', as this is what the Github Action will output
From df8e88ba0f3ba88a164392c91e6b5423441e70a8 Mon Sep 17 00:00:00 2001
From: Abhishek Tiwari <68281476+abhi9720@users.noreply.github.com>
Date: Sat, 8 Jun 2024 23:32:23 +0530
Subject: [PATCH 4/4] Create snyk-security.yml
---
.github/workflows/snyk-security.yml | 79 +++++++++++++++++++++++++++++
1 file changed, 79 insertions(+)
create mode 100644 .github/workflows/snyk-security.yml
diff --git a/.github/workflows/snyk-security.yml b/.github/workflows/snyk-security.yml
new file mode 100644
index 0000000..8a63639
--- /dev/null
+++ b/.github/workflows/snyk-security.yml
@@ -0,0 +1,79 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+# A sample workflow which sets up Snyk to analyze the full Snyk platform (Snyk Open Source, Snyk Code,
+# Snyk Container and Snyk Infrastructure as Code)
+# The setup installs the Snyk CLI - for more details on the possible commands
+# check https://docs.snyk.io/snyk-cli/cli-reference
+# The results of Snyk Code are then uploaded to GitHub Security Code Scanning
+#
+# In order to use the Snyk Action you will need to have a Snyk API token.
+# More details in https://github.com/snyk/actions#getting-your-snyk-token
+# or you can signup for free at https://snyk.io/login
+#
+# For more examples, including how to limit scans to only high-severity issues
+# and fail PR checks, see https://github.com/snyk/actions/
+
+name: Snyk Security
+
+on:
+ push:
+ branches: ["main" ]
+ pull_request:
+ branches: ["main"]
+
+permissions:
+ contents: read
+
+jobs:
+ snyk:
+ permissions:
+ contents: read # for actions/checkout to fetch code
+ security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
+ actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v4
+ - name: Set up Snyk CLI to check for security issues
+ # Snyk can be used to break the build when it detects security issues.
+ # In this case we want to upload the SAST issues to GitHub Code Scanning
+ uses: snyk/actions/setup@806182742461562b67788a64410098c9d9b96adb
+
+ # For Snyk Open Source you must first set up the development environment for your application's dependencies
+ # For example for Node
+ #- uses: actions/setup-node@v3
+ # with:
+ # node-version: 16
+
+ env:
+ # This is where you will need to introduce the Snyk API token created with your Snyk account
+ SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+
+ # Runs Snyk Code (SAST) analysis and uploads result into GitHub.
+ # Use || true to not fail the pipeline
+ - name: Snyk Code test
+ run: snyk code test --sarif > snyk-code.sarif # || true
+
+ # Runs Snyk Open Source (SCA) analysis and uploads result to Snyk.
+ - name: Snyk Open Source monitor
+ run: snyk monitor --all-projects
+
+ # Runs Snyk Infrastructure as Code (IaC) analysis and uploads result to Snyk.
+ # Use || true to not fail the pipeline.
+ - name: Snyk IaC test and report
+ run: snyk iac test --report # || true
+
+ # Build the docker image for testing
+ - name: Build a Docker image
+ run: docker build -t your/image-to-test .
+ # Runs Snyk Container (Container and SCA) analysis and uploads result to Snyk.
+ - name: Snyk Container monitor
+ run: snyk container monitor your/image-to-test --file=Dockerfile
+
+ # Push the Snyk Code results into GitHub Code Scanning tab
+ - name: Upload result to GitHub Code Scanning
+ uses: github/codeql-action/upload-sarif@v2
+ with:
+ sarif_file: snyk-code.sarif