This is a neat Github action that keeps you informed about updates to chosen CVEs. Use it for monitoring unfixed CVEs or ones that you want to stay informed about.
The action takes a list of CVEs and a date of the last review from a text file (see details below), and finds which of these CVEs have had modifications after the last review was done. Then, it can be chained with an action that creates Github issues for the found CVEs.
Required The path to a file with CVEs to watch. The file must start with a date of review. Each CVE id has to be on a separate line.
Default path "./cvelist.txt"
Example of cvelist.txt:
07-07-2021
CVE-2021-3612
CVE-2010-3333
A number of modified CVEs after the date as per cvelist.txt
A list of modified CVEs, comma-and-space-separated (i.e. "CVE-A, CVE-B")
The recommended way is to set up this action together with another action that takes an action upon a discovery of modified CVEs. In the example below, we use the action that creates a new issue based on the environment variable set from the output of Modified CVE checker.
on:
push:
branches:
- main
schedule:
- cron: '0 1 * * *'
jobs:
check_cves_for_mods:
runs-on: ubuntu-latest
name: Find modified CVEs since the date
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Modified CVEs checker
uses: doshyt/cve-monitor@v1.24
id: check
with:
cve-list-path: './cvelist.txt'
- name: Create issue
uses: JasonEtco/create-an-issue@v2
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
CVEs: ${{ steps.check.outputs.cves }}
with:
update_existing: true
if: ${{ steps.check.outputs.modified_cves_number != '0' }}
Content of .github/ISSUE_TEMPLATE.md
required by JasonEtco/create-an-issue@v2
:
---
title: "Review modified {{ env.CVEs }}"
---
These CVEs have been modified since the last review: {{ env.CVEs }}.
Review them for new information regarding the fix version, added details or severity score.