-
Notifications
You must be signed in to change notification settings - Fork 24
Home
Kunal Nagar edited this page Aug 6, 2024
·
16 revisions
A GitHub action that sends Dependabot Vulnerability Alerts to multiple sources:
- Slack
- Microsoft Teams
- PagerDuty
- Zenduty
name: 'Check for Vulnerabilities'
on:
schedule:
- cron: '0 */6 * * *' # every 6 hours
jobs:
main:
runs-on: ubuntu-latest
steps:
# X.X.X - Latest version available at: https://github.com/kunalnagarco/action-cve/releases
- uses: kunalnagarco/action-cve@vX.X.X
with:
token: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
org: ${{ secrets.ORG_NAME }}
enterprise: ${{ secrets.ENTERPRISE_NAME }}
slack_webhook: ${{ secrets.SLACK_WEBHOOK }}
pager_duty_integration_key: ${{ secrets.PAGER_DUTY_INTEGRATION_KEY }}
zenduty_api_key: ${{ secrets.ZENDUTY_API_KEY }}
zenduty_service_id: ${{ secrets.ZENDUTY_SERVICE_ID }}
zenduty_escalation_policy_id: ${{ secrets.ZENDUTY_ESCALATION_POLICY_ID }}
microsoft_teams_webhook: ${{ secrets.MICROSOFT_TEAMS_WEBHOOK }}
email_from: from@email.com
email_list: channelOne@email.com,channelTwo@email.com
email_subject: My Custom Email Subject
email_transport_smtp_port: 1003
email_transport_smtp_user: smtpUser@email.com
email_transport_smtp_password: smtpPassword
count: 10
severity: low,medium
Input | Description |
---|---|
token |
[Required] GitHub Personal Access Token. Create one here |
org |
Org name to support Org level alerts. More info here |
enterprise |
Enterprise name to support Enterprise level alerts. More info here |
slack_webhook |
Slack Incoming Webhook URL. More info here |
pager_duty_integration_key |
Pager Duty Service Integration Key. Also known as Routing key. More info here |
zenduty_api_key |
Create a Zenduty API Key by visiting Account Settings > API Keys |
zenduty_service_id |
Zenduty Service ID. More info here |
zenduty_escalation_policy_id |
Zenduty Escalation Policy ID. More info here |
count |
Number of alerts to send. Defaults to 20
|
severity |
Comma separated list of severities. E.g. low,medium,high,critical (NO SPACES BETWEEN COMMA AND SEVERITY) |
email_from |
Email from address |
email_list |
Comma-separated list of emails to send the notification to as bcc |
email_subject |
Custom email subject (not required, default is provided) |
email_transport_smtp_port |
Custom SMTP port (not required, default is 587 for TLS, send 465 for STARTTLS or any custom port) |
email_transport_smtp_user |
SMTP Username |
email_transport_smtp_password |
SMTP Password |
microsoft_teams_webhook |
Create an incoming webhook here |
If you're using this action in an org where people are always joining/leaving, you can use a GitHub action to generate the token that requires you to set up a GitHub application. Here's one way to set this up:
- name: Get Token
id: get_workflow_token
uses: peter-murray/workflow-application-token-action@v1
with:
application_id: ${{ secrets.YOUR_APP_ID }}
application_private_key: ${{ secrets.YOUR_APP_PRIVATE_KEY }}
- uses: kunalnagarco/action-cve@v1.7.13
with:
token: ${{ steps.get_workflow_token.outputs.token }}
- Bug icon: Made by Freepik from https://www.flaticon.com/