DashLord scans #131

Workflow file for this run

	name: DashLord scans

	on:
	workflow_dispatch:
	inputs:
	url:
	description: "Single url to scan or scan all urls"
	required: false
	default: ""
	schedule:
	- cron: "0 0 * * 0" # see https://crontab.guru
	push:
	branches:
	- master
	- main
	paths:
	- 'dashlord.yaml'
	- 'dashlord.yml'
	- 'urls.txt'

	# allow only one concurrent scan action
	concurrency:
	cancel-in-progress: true
	group: scans

	jobs:
	init:
	runs-on: ubuntu-latest
	name: Prepare
	outputs:
	sites: ${{ steps.init.outputs.sites }}
	config: ${{ steps.init.outputs.config }}
	steps:
	- uses: actions/checkout@v3
	- id: init
	uses: "SocialGouv/dashlord-actions/init@main"
	with:
	url: ${{ github.event.inputs.url }}

	scans:
	runs-on: ubuntu-latest
	name: Scan
	needs: init
	continue-on-error: true
	strategy:
	fail-fast: false
	max-parallel: 3
	matrix:
	sites: ${{ fromJson(needs.init.outputs.sites) }}
	steps:
	- uses: actions/checkout@v3

	- run: \|
	mkdir scans

	- uses: actions/cache@v4
	with:
	path: "**/node_modules"
	key: ${{ runner.os }}-modules-${{ hashFiles('**/yarn.lock') }}

	- name: Déclaration a11y
	continue-on-error: true
	uses: "socialgouv/dashlord-actions/declaration-a11y@v1"
	if: ${{ matrix.sites.tools['declaration-a11y'] }}
	with:
	url: ${{ matrix.sites.url }}
	output: scans/declaration-a11y.json

	- name: Detect 404s
	continue-on-error: true
	uses: "socialgouv/detect-404-action@master"
	if: ${{ matrix.sites.tools['404'] }}
	with:
	url: ${{ matrix.sites.url }}
	output: scans/404.json

	- name: Screenshot Website
	uses: swinton/[email protected]
	if: ${{ matrix.sites.tools.screenshot }}
	timeout-minutes: 10
	with:
	source: "${{ matrix.sites.url }}"
	destination: screenshot.jpeg

	- name: Trivy
	continue-on-error: true
	if: ${{ matrix.sites.tools.trivy && matrix.sites.docker }}
	uses: "socialgouv/dashlord-actions/trivy@v1"
	with:
	images: ${{ join(matrix.sites.docker) }}
	output: scans/trivy.json

	- name: Stats page
	continue-on-error: true
	uses: "MTES-MCT/stats-action@main"
	if: ${{ matrix.sites.tools.stats }}
	with:
	url: ${{ matrix.sites.url }}
	uri: 'stats'
	output: scans/stats.json

	- name: Wappalyzer scan
	uses: "socialgouv/wappalyzer-action@master"
	timeout-minutes: 10
	if: ${{ matrix.sites.tools.wappalyzer }}
	continue-on-error: true
	with:
	url: "${{ matrix.sites.url }}"
	output: scans/wappalyzer.json

	- name: ZAP Scan
	uses: zaproxy/[email protected]
	timeout-minutes: 10
	if: ${{ matrix.sites.tools.zap }}
	continue-on-error: true
	with:
	token: "" # disable issue creation
	rules_file_name: "zap-rules.tsv"
	docker_name: "owasp/zap2docker-stable"
	target: "${{ matrix.sites.url }}"
	cmd_options: "-a"

	- name: Lighthouse scan
	continue-on-error: true
	timeout-minutes: 10
	uses: treosh/lighthouse-ci-action@v10
	if: ${{ matrix.sites.tools.lighthouse }}
	with:
	urls: "${{ matrix.sites.url }}"
	uploadArtifacts: false
	temporaryPublicStorage: false
	configPath: "./lighthouserc.json"

	- name: Mozilla HTTP Observatory
	timeout-minutes: 10
	if: ${{ matrix.sites.tools.http }}
	continue-on-error: true
	uses: SocialGouv/httpobs-action@master
	with:
	url: "${{ matrix.sites.url }}"
	output: "scans/http.json"

	- name: Third-party scripts scan
	timeout-minutes: 10
	if: ${{ matrix.sites.tools.thirdparties }}
	continue-on-error: true
	uses: SocialGouv/thirdparties-action@master
	with:
	url: "${{ matrix.sites.url }}"
	output: "scans/thirdparties.json"

	# testssl.sh action needs an hostname to save its output so we build it here
	- name: Extract hostname
	id: hostname
	run: \|
	HOSTNAME=$(echo "${{ matrix.sites.url }}" \| sed -e 's/[^/]\/\/$[^@]@$\?$[^:/]$./\2/')
	echo "::set-output name=value::$HOSTNAME"

	- name: testssl.sh scan
	timeout-minutes: 10
	continue-on-error: true
	uses: "mbogh/[email protected]"
	if: ${{ matrix.sites.tools.testssl }}
	with:
	host: ${{ steps.hostname.outputs.value }}
	output: scans
	grade: "F"
	options: "--fast"

	- name: nmap vulnerabilities scan
	if: ${{ matrix.sites.tools.nmap }}
	continue-on-error: true
	timeout-minutes: 10
	uses: "MTES-MCT/nmap-action@main"
	with:
	host: ${{ steps.hostname.outputs.value }}
	outputDir: "scans"
	outputFile: "nmapvuln.json"
	withVulnerabilities: true
	raw: false

	- name: Nuclei scan
	timeout-minutes: 10
	continue-on-error: true
	uses: "SocialGouv/dashlord-nuclei-action@master"
	if: ${{ matrix.sites.tools.nuclei }}
	with:
	url: ${{ matrix.sites.url }}
	output: "scans/nuclei.log"

	- name: Updown.io checks
	continue-on-error: true
	timeout-minutes: 10
	uses: "MTES-MCT/updownio-action@main"
	if: ${{ matrix.sites.tools.updownio }}
	with:
	apiKey: ${{ secrets.UPDOWNIO_API_KEY }}
	url: ${{ matrix.sites.url }}
	output: scans/updownio.json

	- name: Dependabot vulnerabilities alerts
	continue-on-error: true
	timeout-minutes: 10
	uses: "MTES-MCT/dependabotalerts-action@main"
	if: ${{ matrix.sites.tools.dependabot && matrix.sites.repositories }}
	with:
	token: ${{ secrets.DEPENDABOTALERTS_TOKEN }}
	repositories: ${{ join(matrix.sites.repositories) }}
	output: scans/dependabotalerts.json

	- name: Code quality alerts
	continue-on-error: true
	timeout-minutes: 10
	uses: "MTES-MCT/codescanalerts-action@main"
	if: ${{ matrix.sites.tools.codescan && matrix.sites.repositories }}
	with:
	token: ${{ secrets.CODESCANALERTS_TOKEN }}
	repositories: ${{ join(matrix.sites.repositories) }}
	output: scans/codescanalerts.json

	- uses: SocialGouv/dashlord-actions/save@main
	with:
	url: ${{ matrix.sites.url }}

	- uses: EndBug/add-and-commit@v9
	with:
	add: '["results"]'
	default_author: github_actions
	message: "update: ${{ matrix.sites.url }}"

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

DashLord scans #131

Workflow file

DashLord scans #131

Jobs

Run details

Workflow file for this run