Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/advanced-security/teams-secret-scanning-notifier-azure-function

Microsoft Teams notifier for Secret Scanning alerts from GitHub Advanced Security, using a GitHub App and Azure Function
https://github.com/advanced-security/teams-secret-scanning-notifier-azure-function

azure-function github-advanced-security github-app microsoft-teams-bot secret-scanning security-team

Last synced: 3 months ago
JSON representation

Microsoft Teams notifier for Secret Scanning alerts from GitHub Advanced Security, using a GitHub App and Azure Function

Host: GitHub
URL: https://github.com/advanced-security/teams-secret-scanning-notifier-azure-function
Owner: advanced-security
License: mit
Created: 2024-03-08T16:21:47.000Z (12 months ago)
Default Branch: main
Last Pushed: 2024-10-16T09:27:11.000Z (4 months ago)
Last Synced: 2024-10-18T02:31:17.112Z (4 months ago)
Topics: azure-function, github-advanced-security, github-app, microsoft-teams-bot, secret-scanning, security-team
Language: TypeScript
Homepage:
Size: 373 KB
Stars: 5
Watchers: 2
Forks: 1
Open Issues: 1
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md
- Codeowners: CODEOWNERS
- Security: SECURITY.md
- Support: SUPPORT.md

Awesome Lists containing this project

README

# Teams Secret Scanning notifier (Azure Function/GitHub App)

> [!WARNING]
> This is an _unofficial_ tool created by Field Security Specialists, and is not officially supported by GitHub.

This project sends notifications to a **Microsoft Teams** channel when a secret scanning event happens in [GitHub Advanced Security](https://docs.github.com/en/enterprise-cloud@latest/get-started/learning-about-github/about-github-advanced-security).

It is implemented as an [Azure Function](https://learn.microsoft.com/en-us/azure/azure-functions/), and installed as a [GitHub App](https://docs.github.com/en/apps). It uses a Teams incoming webhook.

It needs you to deploy the function on Azure, and to create a GitHub App and install it on an org or repo.

> [!WARNING]
> This is an _unofficial_ tool created by Field Security Specialists, and is not officially supported by GitHub.

## How it works

The Azure Function is triggered by a GitHub webhook event, via the GitHub App.

The Function notifies a Teams channel via a Teams incoming webhook.

```mermaid
sequenceDiagram
participant GR as GitHub repo
participant GA as GitHub App
participant AF as Azure Function
participant TC as Teams channel
GR->>GA: GitHub event
GA->>AF: Triggers Azure Function
AF->>TC: Sends message to Teams channel
```

## Requirements

- an Azure account on an Azure subscription
- a GitHub account
- a Teams subscription
- an incoming webhook on a Teams channel

## Settings

You will need to set the Teams webhook URL in the Azure Function's application settings. This is covered in the `INSTALL.md` file.

Before you deploy, you can choose to set a declarative filter to apply to GitHub events you receive in the Azure Functions App. This is in addition to selecting the secret scanning events in the GitHub App.

This is done in the `filter.yml` file, with the format shown in `filter.yml.example` and below:

```yaml
# Path: filter.yml

# filter webhook events by type and payload, declaratively

include:
secret_scanning_alert:
action: [created, dismissed, resolved, reopened]

exclude:
secret_scanning_alert:
action: reopened
secret_scanning_alert_location:

```

The corresponding exclude filter for an event name is applied after the include filter.

This example will include any event named `secret_scanning_alert` with an action of `created`, `dismissed`, or `resolved`, `reopened` and will exclude any event named `secret_scanning_alert` with an action of `reopened`. It will also exclude any event named `secret_scanning_alert_location`.

The presence of an include filter here means that excluding `secret_scanning_alert_location` is redundant, as it will never be included in the first place, but it is included to show the syntax.

If you do not want to use a filter, you can delete the `filter.yml` file, or leave it empty.

You do not need to provide both an `include` and `exclude` key.

## Installing

See [INSTALL.md](INSTALL.md) for details.

## License

This project is licensed under the terms of the MIT open source license. Please refer to the [LICENSE](LICENSE) for the full terms.

## Maintainers

See [CODEOWNERS](CODEOWNERS) for the list of maintainers.

## Support

> [!WARNING]
> This is an _unofficial_ tool created by Field Security Specialists, and is not officially supported by GitHub.

See the [SUPPORT](SUPPORT.md) file.

## Security Considerations

Secret scanning events contain sensitive data that is usually only available to users with privileged access on a repository.

If you use this notifier, then anyone with access to the Azure Function's subscription may be able to get access to this data.

Anyone with access to the Teams channel may be able to get access to this data.

## Background

See the [CHANGELOG](CHANGELOG.md), [CONTRIBUTING](CONTRIBUTING.md), [SECURITY](SECURITY.md), [SUPPORT](SUPPORT.md), [CODE OF CONDUCT](CODE_OF_CONDUCT.md) and [PRIVACY](PRIVACY.md) files for more information.