Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

With actions - Action run #18

Open
wants to merge 46 commits into
base: brokencrystals
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
46 commits
Select commit Hold shift + click to select a range
d6dfa8e
Update README.md
more-alas Feb 26, 2022
9a5bf26
Update README.md
more-alas Feb 28, 2022
1b5f2ce
Update run-ci.yml
more-alas Jul 18, 2023
1a66208
Update run-ci.yml
more-alas Jul 18, 2023
fffb40a
Update README.md
more-alas Jul 18, 2023
b90a282
Update run-ci.yml
more-alas Jul 18, 2023
f3769e0
Update run-ci.yml
more-alas Jul 18, 2023
d4c954c
Update run-ci.yml
more-alas Jul 18, 2023
3390e14
Update run-ci.yml
more-alas Jul 18, 2023
d8c5aa6
Update run-ci.yml
more-alas Jul 18, 2023
12c2a3e
Update run-ci.yml
more-alas Jul 18, 2023
bc3dd76
Update run-ci.yml
more-alas Jul 18, 2023
471b378
Update run-ci.yml
more-alas Jul 18, 2023
4d0b987
Update run-ci.yml
more-alas Jul 18, 2023
4be183a
Update run-ci.yml
more-alas Jul 18, 2023
bfa505a
Update run-ci.yml
more-alas Jul 18, 2023
29fa42c
Update run-ci.yml
more-alas Jul 18, 2023
a29e4d5
Update run-ci.yml
more-alas Jul 18, 2023
12cfd69
Update run-ci.yml
more-alas Jul 18, 2023
c3077a7
Update run-ci.yml
more-alas Jul 19, 2023
cdc0387
Update run-ci.yml
more-alas Jul 19, 2023
a188fe2
Update run-ci.yml
more-alas Jul 19, 2023
d3a4bfc
Update run-ci.yml
more-alas Jul 19, 2023
8b51564
Update run-ci.yml
more-alas Jul 19, 2023
4f016ff
Update run-ci.yml
more-alas Jul 19, 2023
28c14d6
Update run-ci.yml
more-alas Jul 19, 2023
ee08695
Update run-ci.yml
more-alas Jul 19, 2023
4905709
Update run-ci.yml
more-alas Jul 19, 2023
9a8b0d8
Update run-ci.yml
more-alas Jul 19, 2023
2e9b9e9
Update run-ci.yml
more-alas Jul 19, 2023
09faacd
Update run-ci.yml
more-alas Jul 19, 2023
ce4091b
Update run-ci.yml
more-alas Jul 20, 2023
f077c83
Update run-ci.yml
more-alas Jul 20, 2023
89cc29d
Update run-ci.yml
more-alas Jul 20, 2023
0a99e7e
Update run-ci.yml
more-alas Jul 20, 2023
d700470
Update run-ci.yml
more-alas Jul 20, 2023
fe8c939
Update run-ci.yml
more-alas Jul 20, 2023
62b7c09
Update run-ci.yml - convert to Action
more-alas May 6, 2024
d520f92
Update run-ci.yml
more-alas May 6, 2024
357436d
Update README.md
more-alas May 6, 2024
d097633
Update run-ci.yml
more-alas May 6, 2024
aa61ef5
Update run-ci.yml
more-alas May 6, 2024
59d85e3
Update run-ci.yml
more-alas May 6, 2024
f863cd7
Update run-ci.yml
more-alas May 7, 2024
4e855b2
Update run-ci.yml
more-alas May 8, 2024
1925d60
Update run-ci.yml
more-alas May 8, 2024
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
75 changes: 29 additions & 46 deletions .github/workflows/run-ci.yml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
name: CI
name: CICD

on:
push:
Expand All @@ -7,55 +7,38 @@ on:
- har-file
- swagger
- brokencrystals
- With-Actions
pull_request:
branches: [main]
branches: [With-Actions]
schedule:
- cron: "0 0 * * THU"

jobs:
start_and_wait_scan:
runs-on: ubuntu-18.04
name: A job to run a Nexploit scan
run_dast:
name: Run super basic scan Action
runs-on: ubuntu-20.04
container: node:16
steps:
- uses: actions/checkout@v2
- run: |
sudo apt update
sudo curl -L "https://github.com/docker/compose/releases/download/1.26.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose
sudo apt-get install nodejs-dev node-gyp libssl1.0-dev
sudo apt-get install nodejs npm
sudo npm install -g @neuralegion/nexploit-cli --unsafe-perm=true
- name: Save environment variables
run: |
printf "NEXPLOIT_TOKEN=${{ secrets.NEXPLOIT_TOKEN }}\nREPEATER=${{ secrets.REPEATER }}\n" > .env
cat .env
- name: Docker-Compose
run: |
sudo docker-compose --env-file=.env up -d
sudo docker-compose config
- run: sleep 30s
- run: sudo docker-compose logs
- name: Start Nexploit Scan 🏁
- name: Scan Start
id: start
run: |
SCAN_ID=$(nexploit-cli scan:run \
--test csrf dom_xss header_security secret_tokens open_buckets \
--name "💎 BrokenCrystals for a '${GITHUB_REF##*/}' branch #${GITHUB_RUN_NUMBER}" \
--crawler https://brokencrystals.com/api/config https://brokencrystals.com/ \
--repeater ${{ secrets.REPEATER }} \
--token ${{ secrets.NEXPLOIT_TOKEN }})
echo "SCAN_ID=$SCAN_ID" >> $GITHUB_ENV
- name: Get the output scan url 🔗
run: |
printf "Scan was started with ID https://nexploit.app/scans/$SCAN_ID"
- name: Wait for issues ⏳
run: |
nexploit-cli scan:polling \
--interval 30s \
--timeout 10m \
--token ${{ secrets.NEXPLOIT_TOKEN }} \
--breakpoint high_issue $SCAN_ID
- name: Stop Scan 🛑
continue-on-error: true
if: ${{ always() }}
run: nexploit-cli scan:stop --token ${{ secrets.NEXPLOIT_TOKEN }} $SCAN_ID
uses: NeuraLegion/run-scan@release
with:
api_token: ${{ secrets.BRIGHT_TOKEN}}
hostname: app.brightsec.com
name: Project 32 Bright Actions Scan With Pipeline Wait1 - ${{ github.sha }}
discovery_types: |
[ "crawler" ]
crawler_urls: |
[ "https://brokencrystals.com" ]
project_id: "ePB48tZH3KeGRHE6N2skAb"
- name: Wait for breakpoint
id: wait
uses: NeuraLegion/wait-for@release
with:
api_token: ${{ secrets.BRIGHT_TOKEN }}
hostname: app.brightsec.com
scan: ${{ steps.start.outputs.id }}
wait_for: critical
code_scanning_alerts: true
github_token: ${{ secrets.ACTION_GITHUB_TOKEN }}
timeout: 60000 # time in seconds
4 changes: 4 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,3 +4,7 @@
2. Set `NEXPLOIT_TOKEN` and `REPEATER` secrets in your repo settings.
3. Run a CI job in Actions.
4. Go to Nexploit app and check if a scan started.
Bob? bob.


More Bob? Yet more.