-
Notifications
You must be signed in to change notification settings - Fork 42
88 lines (68 loc) · 3.07 KB
/
scan-application-with-stackhawk.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
# Define the name of the workflow.
name: Scan Application with StackHawk
# Define when the workflow should be triggered.
on:
# Trigger the workflow on the following events:
# Scan changed files in Pull Requests (diff-aware scanning).
pull_request: {}
# Trigger the workflow on-demand through the GitHub Actions interface.
workflow_dispatch: {}
# Scan mainline branches (main and development) and report all findings.
push:
branches: ["development"]
# Define the jobs that should be executed in this workflow.
jobs:
# Job to run StackHawk HawkScan as a GitHub Action.
hawkscan-job:
name: StackHawk HawkScan Github Action
# Specify the runner environment. Use the latest version of Ubuntu.
runs-on: ubuntu-latest
# Define permissions for specific GitHub Actions.
permissions:
actions: read # Permission to read GitHub Actions.
contents: read # Permission to read repository contents.
security-events: write # Permission to write security events.
# Define the steps that should be executed in this job.
steps:
# Step 1: Checkout code from the repository.
- name: Checkout code
uses: actions/checkout@main
# Step 2: Install LDAP Utilities
- name: Install LDAP Utilities
run: |
# Install LDAP Utilities including ldapadd
sudo apt-get update
sudo apt-get install -y ldap-utils
# Step 3: Build and Start Containers
- name: Build and Start Containers
run: |
# Starting containers using Docker Compose.
docker compose -f .build/docker-compose.yml up --build --detach
# Step 4: Load Users into LDAP Directory
- name: Load Users into LDAP Directory
run: |
# Uploading Mutillidae LDIF file to LDAP directory server.
# ldapadd will exit with non-zero exit code if user already exists in the directory
# Use || true to force zero exit code
CURRENT_DIRECTORY=$(pwd);
ldapadd -c -x -D "cn=admin,dc=mutillidae,dc=localhost" -w mutillidae -H ldap:// -f $CURRENT_DIRECTORY/.build/ldap/configuration/ldif/mutillidae.ldif || true;
# Step 5: Run Database Build Script
- name: Run Database Build Script
run: |
# Wait for the database to start.
sleep 30;
# Requesting Mutillidae database be built.
curl http://127.0.0.1/set-up-database.php;
# Step 6: Check if web application up
- name: Check Web Application
run: |
# This should return the index.php home page content
curl http://127.0.0.1:8888/;
# Step 7: Run StackHawk Scan
- name: Run StackHawk Scan
uses: stackhawk/hawkscan-action@main
with:
apiKey: ${{ secrets.HAWK_API_KEY }} # Secret key for authentication.
configurationFiles: .github/workflows/config/stackhawk.yml # Path to configuration file.
codeScanningAlerts: true # Enable code scanning alerts.
githubToken: ${{ github.token }} # GitHub token for authentication to Code Scanning Alerts