https://github.com/yetanalytics/workflow-nvd

Workflows to use for NVD scanning
https://github.com/yetanalytics/workflow-nvd

Last synced: 8 days ago
JSON representation

Workflows to use for NVD scanning

• Host: GitHub
• URL: https://github.com/yetanalytics/workflow-nvd
• Owner: yetanalytics
• License: apache-2.0
• Created: 2023-02-28T16:41:08.000Z (almost 2 years ago)
• Default Branch: main
• Last Pushed: 2024-08-29T20:11:01.000Z (4 months ago)
• Last Synced: 2024-08-30T16:12:15.970Z (4 months ago)
• Language: Clojure
• Size: 38.1 KB
• Stars: 0
• Watchers: 4
• Forks: 0
• Open Issues: 2
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

        
# workflow-nvd

Reusable workflow to use for NVD scanning.

The following are the inputs to the `nvd-scan` workflow, which is used to perform scans for CVEs against the National Vulnerability Database by calling out to the [nvd-clojure](https://github.com/rm-hull/nvd-clojure) app.

| Input                  | Description                                      | Default

| ---                    | ---                                              | ---

| `classpath-command`    | nvd-clojure classpath command                    | `clojure -Spath`

| `nvd-clojure-version`  | nvd-clojure version                              | `3.2.0`

| `nvd-config-filename`  | nvd-clojure configuration file                   | None

| `notify-slack`         | Whether or not to report scan failures to Slack  | `false`

| `notify-link-var-name` | Slack workflow variable name for the CI run link | `run_link`

If `notify-slack` is true, then an NVD scan failure will result in a notification being posted to Slack, with the link to the failed CI run. To use:

1. [Create a Slack workflow](https://slack.com/help/articles/360053571454-Set-up-a-workflow-in-Slack) (not to be confused with a GitHub workflow). The workflow should include a variable named `run_link` (or whatever name `notify-link-var-name` is set to) in the JSON payload, whose value will be set to the CI run link.

2. Create a GitHub repository secret `SLACK_WEBHOOK_URL` using the generated webhook URL.

3. Activate Slack notifications and pass the secret as follows:

```yaml

  notify_slack:

    uses: yetanalytics/workflow-nvd/.github/workflows/nvd-scan.yml@[current-version]

    with:

      notify-slack: true

    secrets:

      SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}

```

Alternatively you can pass the secret as `secrets: inherit`.