Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/guillaumefalourd/stackspot-ai-security-action-poc
StackSpot AI Security Action POC
https://github.com/guillaumefalourd/stackspot-ai-security-action-poc
ai all-os-supported github-actions sast stackspot
Last synced: 2 months ago
JSON representation
StackSpot AI Security Action POC
- Host: GitHub
- URL: https://github.com/guillaumefalourd/stackspot-ai-security-action-poc
- Owner: GuillaumeFalourd
- Created: 2024-04-22T19:42:31.000Z (8 months ago)
- Default Branch: main
- Last Pushed: 2024-10-18T02:46:19.000Z (3 months ago)
- Last Synced: 2024-10-19T05:07:25.660Z (3 months ago)
- Topics: ai, all-os-supported, github-actions, sast, stackspot
- Language: Python
- Homepage: https://ai.stackspot.com/
- Size: 72.3 KB
- Stars: 3
- Watchers: 2
- Forks: 2
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# stackspot-ai-security-action-poc
[](https://github.com/GuillaumeFalourd/stackspot-ai-security-action-poc/actions/workflows/action-test-ubuntu.yaml) [](https://github.com/GuillaumeFalourd/stackspot-ai-security-action-poc/actions/workflows/daily-action-test.yaml)
StackSpot AI Security Action POC
This action identify vulnerabilities (SAST check) using StackSpot AI Remote Quick Command concept.
It returns a list of vulnerabilities for each file, following the structure below:
```
[
{
"title": "",
"severiity": "",
"correction": "",
"lines": ""
}
]
```
_Note: This action solely identifies files that have changed for events such as pull_request*, push, merge_group, release, etc (potentially the same events referred [here](https://github.com/tj-actions/changed-files?tab=readme-ov-file#examples-)). However, it doesn't detect pending uncommitted changes created during the workflow execution._
## Usage
```yaml
on:
pull_request:
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
permissions: # mandatory to add comment on PR
issues: write
pull-requests: write
jobs:
security:
runs-on: ubuntu-latest
steps:
- uses: GuillaumeFalourd/stackspot-ai-security-action-poc@main
id: run
with:
CLIENT_ID: ${{ secrets.CLIENT_ID }}
CLIENT_KEY: ${{ secrets.CLIENT_KEY }}
CLIENT_REALM: stackspot
QC_SLUG: sast-rqc
```
## ▶️ Action Inputs
Field | Mandatory | Default Value | Observation
------------ | ------------ | ------------- | -------------
**CLIENT_ID** | YES | N/A | [StackSpot](https://stackspot.com/en/settings/access-token) Client ID.
**CLIENT_KEY** | YES | N/A |[StackSpot](https://stackspot.com/en/settings/access-token) Client KEY.
**CLIENT_REALM** | YES | N/A |[StackSpot](https://stackspot.com/en/settings/access-token) Client Realm.
**QC_SLUG** | YES | N/A | [StackSpot Remote Quick Command reference](https://ai.stackspot.com/docs/pt-br/quick-commands/create-remote-qc)
## Remote Quick Commands available
### SAST
#### Output
Pipeline
### DAST
TODO
## Roadmap tasks
- [ ] DAST RQC.
- [x] Add comment on PR.
- [x] Generate vulnerability report ([example](https://github.com/GuillaumeFalourd/stackspot-ai-security-action-poc/pull/1#issuecomment-2208860075))
- [ ] Add an action configuration file.
## Observations
To run any StackSpot AI remote quick command, please check [https://github.com/GuillaumeFalourd/stackspot-ai-rqc](https://github.com/GuillaumeFalourd/stackspot-ai-rqc).