From 8625f9e9b743b9e30aa34c76ebbb17158deff30d Mon Sep 17 00:00:00 2001 From: Appel420 <201665841+Appel420@users.noreply.github.com> Date: Tue, 28 Oct 2025 21:44:54 -0400 Subject: [PATCH 1/3] Add APIsec scan workflow This workflow triggers APIsec scans on push and pull request events for the main branch, and allows manual execution. It includes steps for running the scan and uploading results in SARIF format. --- .github/workflows/apisec-scan.yml | 71 +++++++++++++++++++++++++++++++ 1 file changed, 71 insertions(+) create mode 100644 .github/workflows/apisec-scan.yml diff --git a/.github/workflows/apisec-scan.yml b/.github/workflows/apisec-scan.yml new file mode 100644 index 000000000..eb05e5634 --- /dev/null +++ b/.github/workflows/apisec-scan.yml @@ -0,0 +1,71 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +# APIsec addresses the critical need to secure APIs before they reach production. +# APIsec provides the industry’s only automated and continuous API testing platform that uncovers security vulnerabilities and logic flaws in APIs. +# Clients rely on APIsec to evaluate every update and release, ensuring that no APIs go to production with vulnerabilities. + +# How to Get Started with APIsec.ai +# 1. Schedule a demo at https://www.apisec.ai/request-a-demo . +# +# 2. Register your account at https://cloud.apisec.ai/#/signup . +# +# 3. Register your API . See the video (https://www.youtube.com/watch?v=MK3Xo9Dbvac) to get up and running with APIsec quickly. +# +# 4. Get GitHub Actions scan attributes from APIsec Project -> Configurations -> Integrations -> CI-CD -> GitHub Actions +# +# apisec-run-scan +# +# This action triggers the on-demand scans for projects registered in APIsec. +# If your GitHub account allows code scanning alerts, you can then upload the sarif file generated by this action to show the scan findings. +# Else you can view the scan results from the project home page in APIsec Platform. +# The link to view the scan results is also displayed on the console on successful completion of action. + +# This is a starter workflow to help you get started with APIsec-Scan Actions + +name: APIsec + +# Controls when the workflow will run +on: + # Triggers the workflow on push or pull request events but only for the "main" branch + # Customize trigger events based on your DevSecOps processes. + push: + branches: [ "main" ] + pull_request: + branches: [ "main" ] + schedule: + - cron: '29 1 * * 2' + + # Allows you to run this workflow manually from the Actions tab + workflow_dispatch: + + +permissions: + contents: read + +jobs: + + Trigger_APIsec_scan: + permissions: + security-events: write # for github/codeql-action/upload-sarif to upload SARIF results + actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status + runs-on: ubuntu-latest + + steps: + - name: APIsec scan + uses: apisec-inc/apisec-run-scan@025432089674a28ba8fb55f8ab06c10215e772ea + with: + # The APIsec username with which the scans will be executed + apisec-username: ${{ secrets.apisec_username }} + # The Password of the APIsec user with which the scans will be executed + apisec-password: ${{ secrets.apisec_password}} + # The name of the project for security scan + apisec-project: "VAmPI" + # The name of the sarif format result file The file is written only if this property is provided. + sarif-result-file: "apisec-results.sarif" + - name: Import results + uses: github/codeql-action/upload-sarif@v3 + with: + sarif_file: ./apisec-results.sarif From 03a48365ad5013103a58177091cb005718278127 Mon Sep 17 00:00:00 2001 From: Appel420 Date: Wed, 29 Oct 2025 01:45:24 +0000 Subject: [PATCH 2/3] NPM package version bump --- package-lock.json | 4 ++-- package.json | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/package-lock.json b/package-lock.json index 3266e78c0..b8ba73e76 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "@ghostery/trackerdb", - "version": "1.0.667", + "version": "1.0.668", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "@ghostery/trackerdb", - "version": "1.0.667", + "version": "1.0.668", "license": "CC-BY-NC-SA-4.0", "dependencies": { "@ghostery/adblocker": "^2.12.2", diff --git a/package.json b/package.json index 0c97c988d..8c9bc6fb0 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@ghostery/trackerdb", - "version": "1.0.667", + "version": "1.0.668", "description": "Ghostery Tracker Database", "type": "module", "scripts": { From 2dbf639eef0655f0e5dcf9a9f629c48e6f279983 Mon Sep 17 00:00:00 2001 From: Appel420 <201665841+Appel420@users.noreply.github.com> Date: Tue, 28 Oct 2025 21:58:13 -0400 Subject: [PATCH 3/3] Add GitHub Actions workflow for labeling PRs This workflow triages pull requests and applies labels based on modified paths. Requires a .github/labeler.yml configuration file. --- .github/workflows/label.yml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 .github/workflows/label.yml diff --git a/.github/workflows/label.yml b/.github/workflows/label.yml new file mode 100644 index 000000000..461356907 --- /dev/null +++ b/.github/workflows/label.yml @@ -0,0 +1,22 @@ +# This workflow will triage pull requests and apply a label based on the +# paths that are modified in the pull request. +# +# To use this workflow, you will need to set up a .github/labeler.yml +# file with configuration. For more information, see: +# https://github.com/actions/labeler + +name: Labeler +on: [pull_request_target] + +jobs: + label: + + runs-on: ubuntu-latest + permissions: + contents: read + pull-requests: write + + steps: + - uses: actions/labeler@v4 + with: + repo-token: "${{ secrets.GITHUB_TOKEN }}"