paradoxlabs/github-actions-magento2
3
0
Fork 0
mirror of https://github.com/graycoreio/github-actions-magento2.git synced 2026-06-08 19:46:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(sansec-ecomscan): add sansec ecomscan feature (#235)

Browse Source
This commit is contained in:
Damien Retzinger
2026-05-05 11:56:14 -04:00
committed by GitHub
parent c115395583
commit 3c0a90f92b
3 changed files with 154 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.github/workflows/_internal-sansec-ecomscan.yaml
+73
View File
@@ -0,0 +1,73 @@
name: Sansec eComscan Security Scan
on:
push:
branches:
- main
paths:
- ".github/workflows/_internal-sansec-ecomscan.yaml"
- "sansec-ecomscan/**"
- "!(**/*.md)"
pull_request:
branches:
- main
paths:
- ".github/workflows/_internal-sansec-ecomscan.yaml"
- "sansec-ecomscan/**"
- "!(**/*.md)"
workflow_dispatch:
env:
MAGENTO_COMPOSER_REPO: "https://mirror.mage-os.org/"
jobs:
compute_matrix:
if: "!startsWith(github.head_ref, 'release-please')"
runs-on: ubuntu-latest
outputs:
matrix: ${{ steps.supported-version.outputs.matrix }}
steps:
- uses: actions/checkout@v6
- uses: ./supported-version
with:
kind: currently-supported
id: supported-version
run-ecomscan:
needs: compute_matrix
strategy:
matrix: ${{ fromJSON(needs.compute_matrix.outputs.matrix) }}
fail-fast: false
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: read
steps:
- uses: actions/checkout@v6
- uses: ./setup-magento
id: setup-magento
with:
php-version: ${{ matrix.php }}
tools: composer:v${{ matrix.composer }}
mode: extension
magento_repository: ${{ env.MAGENTO_COMPOSER_REPO }}
magento_version: ${{ matrix.magento }}
composer_auth: ${{ secrets.COMPOSER_AUTH }}
- uses: ./cache-magento
with:
composer_cache_key: ${{ matrix.magento }}
- name: Composer install
shell: bash
run: composer install
working-directory: ${{ steps.setup-magento.outputs.path }}
env:
COMPOSER_AUTH: ${{ secrets.COMPOSER_AUTH }}
- uses: ./sansec-ecomscan
with:
license: ${{ secrets.SANSEC_LICENSE_KEY }}
path: ${{ steps.setup-magento.outputs.path }}
sansec-ecomscan/README.md
+34
View File
@@ -0,0 +1,34 @@
# Sansec eComscan Security Scan Action
A Github Action that runs the [Sansec eComscan](https://sansec.io/ecomscan) security scanner.
## Inputs
See the [action.yml](./action.yml)
## Usage
The caller is responsible for checking out the repository before calling this action. A valid Sansec license key must be passed via the `ecomscan_key` input.
The `path` input should point to the root of the Magento installation — the directory that contains `app/`, `vendor/`, etc. It defaults to `.` (the current working directory).
```yml
name: Sansec eComscan Security Scan
on:
push:
pull_request_target:
workflow_dispatch:
jobs:
run-ecomscan:
# Skip if it's a push event on a PR (it can't access secrets)
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- uses: graycoreio/github-actions-magento2/sansec-ecomscan@7.1.0
with:
license: ${{ secrets.SANSEC_LICENSE_KEY }}
```
sansec-ecomscan/action.yml
+47
View File
@@ -0,0 +1,47 @@
name: "Sansec eComscan Security Scan"
author: "Graycore"
description: "A Github Action that runs the Sansec eComscan security scanner."
inputs:
license:
required: true
description: "Sansec license key (ECOMSCAN_KEY)"
path:
required: true
default: '.'
description: "The directory to scan."
skip_database:
required: false
default: 'true'
description: "Skip the database scan (--skip-database). Defaults to true."
runs:
using: composite
steps:
- name: Download eComscan
shell: bash
run: wget https://ecomscan.com/downloads/linux-amd64/ecomscan
- name: Fix permissions
shell: bash
run: chmod +x ecomscan
- name: Run eComscan
shell: bash
env:
ECOMSCAN_KEY: ${{ inputs.license }}
run: |
FLAGS=(--no-auto-update --deep --format=csv)
[ "${{ inputs.skip_database }}" = "true" ] && FLAGS+=(--skip-database)
output=$(./ecomscan "${FLAGS[@]}" "${{ inputs.path }}")
if [ -n "$output" ]; then
echo "Security issues found:"
echo "$output"
exit 1
fi
branding:
icon: "shield"
color: "red"