forked from skavngr/rapidscan
-
Notifications
You must be signed in to change notification settings - Fork 0
36 lines (30 loc) · 1.17 KB
/
vulnerability-scan.yml
File metadata and controls
36 lines (30 loc) · 1.17 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
name: Vulnerability Scan
on:
workflow_dispatch:
inputs:
rapidscan:
description: "Arguments passed to run Scan"
required: false
target:
description: "Target for the scan"
required: false
env:
BUILD_ARGS: ${{ secrets.RAPIDSCAN }} # Using secrets to avoid exposing sensitive data
WORKING_DIRECTORY: ${{ github.event.inputs.target }}
ACTIONS_ALLOW_UNSECURE_COMMANDS: true # Temporary; ensure to remove this in production once GitHub Actions support fully secure commands
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3 # Ensure code is checked out if needed
- name: Set target environment variable
run: echo "TARGET=${{ github.event.inputs.target }}" >> $GITHUB_ENV
- name: Pull and run Docker container
run: |
docker build -t rapidscan .
docker run -t rapidscan python3 /usr/local/bin/rapidscan.py ${{ github.event.inputs.rapidscan }} ${{ env.TARGET }}
- name: Vulnerability Scan
uses: ghcr.io/threatcode/rapidscan@master
with:
args: "${{ github.event.inputs.rapidscan }} ${{ env.TARGET }}"