mirror of
https://github.com/graycoreio/github-actions-magento2.git
synced 2026-06-08 19:46:41 +00:00
Damien Retzinger
54 lines
1.4 KiB
YAML
54 lines
1.4 KiB
YAML
name: "Sansec eComscan Security Scan"
|
|
author: "Graycore"
|
|
description: "A Github Action that runs the Sansec eComscan security scanner."
|
|
|
|
inputs:
|
|
license:
|
|
required: true
|
|
description: "Sansec license key (ECOMSCAN_KEY)"
|
|
|
|
path:
|
|
required: true
|
|
default: '.'
|
|
description: "The directory to scan."
|
|
|
|
skip_database:
|
|
required: false
|
|
default: 'true'
|
|
description: "Skip the database scan (--skip-database). Defaults to true."
|
|
|
|
skip-server-checks:
|
|
required: false
|
|
default: 'true'
|
|
description: "Skip server / os level checks like copy-fail"
|
|
|
|
runs:
|
|
using: composite
|
|
steps:
|
|
- name: Download eComscan
|
|
shell: bash
|
|
run: wget https://ecomscan.com/downloads/linux-amd64/ecomscan
|
|
|
|
- name: Fix permissions
|
|
shell: bash
|
|
run: chmod +x ecomscan
|
|
|
|
- name: Run eComscan
|
|
shell: bash
|
|
env:
|
|
ECOMSCAN_KEY: ${{ inputs.license }}
|
|
run: |
|
|
[ "${{ inputs.skip-server-checks }}" = "true" ] && export ECOMSCAN_SKIP_SERVER_CHECKS=true
|
|
FLAGS=(--no-auto-update --deep --format=csv)
|
|
[ "${{ inputs.skip_database }}" = "true" ] && FLAGS+=(--skip-database)
|
|
output=$(./ecomscan "${FLAGS[@]}" "${{ inputs.path }}")
|
|
if [ -n "$output" ]; then
|
|
echo "Security issues found:"
|
|
echo "$output"
|
|
exit 1
|
|
fi
|
|
|
|
branding:
|
|
icon: "shield"
|
|
color: "red"
|