action.yml

name: 'SecureStack Web Vulnerability Analysis'
description: 'Scans public URL for issues like vulnerable & old web components, cloud misconfigurations, missing security controls, & more'
branding:
  icon: 'shield'  
  color: 'green'
inputs:
  securestack_api_key:
    description: 'SecureStack API key - generate an API key at https://app.securestack.com'
    required: true
  securestack_app_id:
    description: 'SecureStack Application ID - can be retrieved by accessing required application at https://app.securestack.com'
    required: true
  severity:
    description: 'Severities lower than this value will be reported in the workflow console but will not cause an error for the action; value should be one of: critical | high | medium | low'
    required: true
  flags:
    description: 'Optional flags for the bloodhound-cli recon command.  Run bloodhound-cli recon --help for more details.'
    required: false
    default: ''
runs:
  using: 'composite'
  steps:
    - name: Pull bloodhound-cli image
      shell: bash
      run: docker pull securestackau/bloodhound-cli
    - name: Run bloodhound-cli
      shell: bash
      env:
        BH_API_KEY: ${{ inputs.securestack_api_key }}
        BH_APP_ID: ${{ inputs.securestack_app_id }}
        BH_SEVERITY: ${{ inputs.severity }}
      run: docker run -e BH_API_KEY -e BH_APP_ID -e BH_SEVERITY securestackau/bloodhound-cli recon -a $BH_APP_ID ${{ inputs.flags }}; echo $?