DashLord scans #221

Workflow file for this run

	name: DashLord scans

	on:
	workflow_dispatch:
	inputs:
	url:
	description: "Single url to scan or scan all urls"
	required: false
	default: ""
	schedule:
	- cron: "0 0 * * 0"

	jobs:
	init:
	runs-on: ubuntu-latest
	name: Prepare
	outputs:
	sites: ${{ steps.init.outputs.sites }}
	config: ${{ steps.init.outputs.config }}
	steps:
	- uses: actions/checkout@v2
	- id: init
	uses: "SocialGouv/dashlord-actions/init@v1"
	with:
	url: ${{ github.event.inputs.url }}

	scans:
	runs-on: ubuntu-latest
	name: Scan
	needs: init
	continue-on-error: true
	strategy:
	fail-fast: false
	max-parallel: 3
	matrix:
	sites: ${{ fromJson(needs.init.outputs.sites) }}
	steps:
	- uses: actions/checkout@v2

	- run: \|
	mkdir scans

	- uses: actions/cache@v2
	with:
	path: "**/node_modules"
	key: ${{ runner.os }}-modules-${{ hashFiles('**/yarn.lock') }}

	# - name: Detect 404s
	# continue-on-error: true
	# uses: "socialgouv/detect-404-action@master"
	# if: ${{ matrix.sites.tools['404'] }}
	# with:
	# url: ${{ matrix.sites.url }}
	# output: scans/404.json

	- name: Déclaration a11y
	continue-on-error: true
	uses: "socialgouv/dashlord-actions/declaration-a11y@v1"
	if: ${{ matrix.sites.tools['declaration-a11y'] }}
	with:
	url: ${{ matrix.sites.url }}
	output: scans/declaration-a11y.json

	- name: Screenshot Website
	continue-on-error: true
	if: ${{ matrix.sites.tools.screenshot }}
	uses: swinton/screenshot-website@v1.x
	timeout-minutes: 10
	with:
	source: "${{ matrix.sites.url }}"
	type: jpeg
	destination: screenshot.jpeg
	width: 1280
	scaleFactor: 0.5

	- name: Wappalyzer scan
	if: ${{ matrix.sites.tools.wappalyzer }}
	uses: "socialgouv/wappalyzer-action@master"
	timeout-minutes: 10
	continue-on-error: true
	with:
	url: "${{ matrix.sites.url }}"
	output: scans/wappalyzer.json

	- name: ZAP Scan
	if: ${{ matrix.sites.tools.zap }}
	timeout-minutes: 10
	uses: zaproxy/action-baseline@v0.4.0
	continue-on-error: true
	with:
	token: "" # disable issue creation
	rules_file_name: "zap-rules.tsv"
	docker_name: "owasp/zap2docker-stable"
	target: "${{ matrix.sites.url }}"
	cmd_options: "-a"

	- name: Lighthouse scan
	if: ${{ matrix.sites.tools.lighthouse }}
	timeout-minutes: 10
	continue-on-error: true
	uses: treosh/lighthouse-ci-action@v7
	with:
	urls: "${{ matrix.sites.url }}"
	uploadArtifacts: false
	temporaryPublicStorage: false
	configPath: "./lighthouserc.json"

	- name: Mozilla HTTP Observatory
	if: ${{ matrix.sites.tools.http }}
	continue-on-error: true
	timeout-minutes: 10
	uses: SocialGouv/httpobs-action@master
	with:
	url: "${{ matrix.sites.url }}"
	output: "scans/http.json"

	- name: Third-party scripts scan
	if: ${{ matrix.sites.tools.thirdparties }}
	timeout-minutes: 10
	continue-on-error: true
	uses: SocialGouv/thirdparties-action@master
	with:
	url: "${{ matrix.sites.url }}"
	output: "scans/thirdparties.json"

	# testssl.sh action needs an hostname to save its output so we build it here
	- name: Extract hostname
	id: hostname
	run: \|
	HOSTNAME=$(echo "${{ matrix.sites.url }}" \| sed -e 's/[^/]\/\/$[^@]@$\?$[^:/]$./\2/')
	echo "::set-output name=value::$HOSTNAME"

	- name: testssl.sh scan
	if: ${{ matrix.sites.tools.testssl }}
	timeout-minutes: 10
	continue-on-error: true
	uses: "mbogh/test-ssl-action@v1.1"
	with:
	host: ${{ steps.hostname.outputs.value }}
	output: scans
	grade: "F"
	options: "--fast"

	- name: nmap vulnerabilities scan
	if: ${{ matrix.sites.tools.nmap }}
	timeout-minutes: 10
	continue-on-error: true
	uses: "MTES-MCT/nmap-action@main"
	with:
	host: ${{ steps.hostname.outputs.value }}
	outputDir: "scans"
	outputFile: "nmapvuln.json"
	withVulnerabilities: true
	raw: false

	- name: Nuclei scan
	if: ${{ matrix.sites.tools.nuclei }}
	timeout-minutes: 10
	continue-on-error: true
	uses: "SocialGouv/dashlord-nuclei-action@master"
	with:
	url: ${{ matrix.sites.url }}
	output: "scans/nuclei.log"

	- name: Updown.io checks
	if: ${{ matrix.sites.tools.updownio }}
	timeout-minutes: 10
	continue-on-error: true
	uses: "MTES-MCT/updownio-action@main"
	with:
	apiKey: ${{ secrets.UPDOWNIO_API_KEY }}
	url: ${{ matrix.sites.url }}
	output: scans/updownio.json

	- name: Dependabot vulnerabilities alerts
	continue-on-error: true
	timeout-minutes: 10
	if: ${{ matrix.sites.tools.dependabot && matrix.sites.repositories }}
	uses: "MTES-MCT/dependabotalerts-action@main"
	with:
	token: ${{ secrets.DEPENDABOTALERTS_TOKEN }}
	repositories: ${{ join(matrix.sites.repositories) }}
	output: scans/dependabotalerts.json

	- name: Code quality alerts
	if: ${{ matrix.sites.tools.codescan && matrix.sites.repositories }}
	timeout-minutes: 10
	continue-on-error: true
	uses: "MTES-MCT/codescanalerts-action@main"
	with:
	token: ${{ secrets.CODESCANALERTS_TOKEN }}
	repositories: ${{ join(matrix.sites.repositories) }}
	output: scans/codescanalerts.json

	- uses: SocialGouv/dashlord-actions/save@v1
	with:
	url: ${{ matrix.sites.url }}

	- uses: EndBug/add-and-commit@v7
	with:
	add: '["results"]'
	author_name: ${{ secrets.SOCIALGROOVYBOT_NAME }}
	author_email: ${{ secrets.SOCIALGROOVYBOT_EMAIL }}
	message: "update: ${{ matrix.sites.url }}"

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

DashLord scans #221

Workflow file

DashLord scans #221

Jobs

Run details

Workflow file for this run