generated from SocialGouv/dashlord
-
Notifications
You must be signed in to change notification settings - Fork 79
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
0 parents
commit 73ff95b
Showing
4,225 changed files
with
4,019,771 additions
and
0 deletions.
The diff you're trying to view is too large. We only load the first 3000 changed files.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,49 @@ | ||
name: DashLord report | ||
|
||
on: | ||
workflow_dispatch: | ||
workflow_run: | ||
workflows: ["DashLord scans"] | ||
branches: [main] | ||
types: | ||
- completed | ||
|
||
jobs: | ||
website: | ||
runs-on: ubuntu-latest | ||
name: Website | ||
steps: | ||
- uses: actions/checkout@v2 | ||
with: | ||
fetch-depth: 0 | ||
|
||
- uses: actions/cache@v2 | ||
with: | ||
path: '**/node_modules' | ||
key: ${{ runner.os }}-modules-${{ hashFiles('**/yarn.lock') }} | ||
|
||
# build the report | ||
- id: dashlord-report | ||
uses: SocialGouv/dashlord-actions/report@v1 | ||
|
||
# to save the generated report.json as artifact | ||
- uses: actions/upload-artifact@v2 | ||
with: | ||
path: report.json | ||
name: report | ||
if-no-files-found: error | ||
|
||
# save full report for history | ||
- uses: EndBug/add-and-commit@v7 | ||
with: | ||
add: '["report.json"]' | ||
author_name: "DashlordBetaGouvBot " | ||
author_email: "[email protected]" | ||
message: "chore: report update" | ||
|
||
# deploy build to gh-pages | ||
- name: Deploy 🚀 | ||
uses: JamesIves/[email protected] | ||
with: | ||
branch: gh-pages | ||
folder: build |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,290 @@ | ||
name: DashLord scans | ||
|
||
on: | ||
workflow_dispatch: | ||
inputs: | ||
url: | ||
description: "Single url to scan or scan all urls" | ||
required: false | ||
default: "" | ||
tool: | ||
description: "Single tool to run or use all tools" | ||
type: choice | ||
default: all | ||
options: | ||
- all | ||
- codescan | ||
- dependabot | ||
- ecoindex | ||
- lighthouse | ||
- sonarcloud | ||
- trivy | ||
- zap | ||
- ecoindex | ||
- dsfr | ||
schedule: | ||
- cron: "0 0 * * 0" # At 00:00 on Sunday | ||
|
||
jobs: | ||
init: | ||
runs-on: ubuntu-latest | ||
name: Prepare | ||
outputs: | ||
sites: ${{ steps.init.outputs.sites }} | ||
config: ${{ steps.init.outputs.config }} | ||
steps: | ||
- uses: actions/checkout@v2 | ||
- id: init | ||
uses: "SocialGouv/dashlord-actions/init@v1" | ||
with: | ||
url: ${{ github.event.inputs.url }} | ||
tool: ${{ github.event.inputs.tool }} | ||
env: | ||
UPDOWNIO_API_KEY: ${{ secrets.UPDOWNIO_API_KEY }} | ||
scans: | ||
runs-on: ubuntu-latest | ||
name: Scan | ||
needs: init | ||
continue-on-error: true | ||
strategy: | ||
fail-fast: false | ||
max-parallel: 3 | ||
matrix: | ||
sites: ${{ fromJson(needs.init.outputs.sites) }} | ||
steps: | ||
- uses: actions/checkout@v2 | ||
|
||
- run: | | ||
mkdir scans | ||
- uses: actions/cache@v2 | ||
with: | ||
path: "**/node_modules" | ||
key: ${{ runner.os }}-modules-${{ hashFiles('**/yarn.lock') }} | ||
|
||
- name: dsfr | ||
continue-on-error: true | ||
timeout-minutes: 10 | ||
uses: "socialgouv/dashlord-actions/dsfr@v1" | ||
if: ${{ matrix.sites.tools.dsfr }} | ||
with: | ||
url: ${{ matrix.sites.url }} | ||
output: scans/dsfr.json | ||
|
||
- name: eco-index | ||
continue-on-error: true | ||
timeout-minutes: 10 | ||
uses: "socialgouv/dashlord-actions/ecoindex@v1" | ||
if: ${{ matrix.sites.tools.ecoindex }} | ||
with: | ||
url: ${{ matrix.sites.url }} | ||
output: scans/ecoindex.json | ||
|
||
- name: Screenshot Website | ||
if: ${{ matrix.sites.tools.screenshot }} | ||
uses: swinton/[email protected] | ||
continue-on-error: true | ||
timeout-minutes: 10 | ||
with: | ||
source: "${{ matrix.sites.url }}" | ||
type: jpeg | ||
destination: screenshot.jpeg | ||
width: 1280 | ||
scaleFactor: 0.5 | ||
|
||
- name: Déclaration a11y | ||
continue-on-error: true | ||
timeout-minutes: 10 | ||
uses: "socialgouv/dashlord-actions/declaration-a11y@v1" | ||
if: ${{ matrix.sites.tools['declaration-a11y'] }} | ||
with: | ||
url: ${{ matrix.sites.url }} | ||
output: scans/declaration-a11y.json | ||
|
||
- name: Wappalyzer scan | ||
if: ${{ matrix.sites.tools.wappalyzer }} | ||
uses: "socialgouv/wappalyzer-action@master" | ||
continue-on-error: true | ||
timeout-minutes: 10 | ||
with: | ||
url: "${{ matrix.sites.url }}" | ||
output: scans/wappalyzer.json | ||
|
||
- name: ZAP Scan | ||
if: ${{ matrix.sites.tools.zap }} | ||
uses: zaproxy/[email protected] | ||
continue-on-error: true | ||
timeout-minutes: 10 | ||
with: | ||
token: "" # disable issue creation | ||
rules_file_name: "zap-rules.tsv" | ||
docker_name: "owasp/zap2docker-stable" | ||
target: "${{ matrix.sites.url }}" | ||
cmd_options: "-a" | ||
|
||
- name: Lighthouse scan | ||
if: ${{ matrix.sites.tools.lighthouse }} | ||
continue-on-error: true | ||
timeout-minutes: 20 | ||
uses: SocialGouv/dashlord-actions/lhci@v1 | ||
with: | ||
url: "${{ join(matrix.sites.subpages, ',') }}" | ||
|
||
- name: Mozilla HTTP Observatory | ||
if: ${{ matrix.sites.tools.http }} | ||
continue-on-error: true | ||
id: http | ||
timeout-minutes: 10 | ||
uses: SocialGouv/httpobs-action@master | ||
with: | ||
url: "${{ matrix.sites.url }}" | ||
output: "scans/http.json" | ||
|
||
- name: Mozilla HTTP Observatory retry | ||
if: steps.http.outcome=='failure' | ||
continue-on-error: true | ||
timeout-minutes: 10 | ||
uses: SocialGouv/httpobs-action@master | ||
with: | ||
url: "${{ matrix.sites.url }}" | ||
output: "scans/http.json" | ||
|
||
- name: Third-party scripts scan | ||
if: ${{ matrix.sites.tools.thirdparties }} | ||
continue-on-error: true | ||
timeout-minutes: 10 | ||
uses: SocialGouv/thirdparties-action@master | ||
id: thirdparties | ||
with: | ||
url: "${{ matrix.sites.url }}" | ||
output: "scans/thirdparties.json" | ||
|
||
- name: Déclaration RGPD | ||
continue-on-error: true | ||
uses: SocialGouv/dashlord-actions/declaration-rgpd@v1 | ||
if: ${{ matrix.sites.tools['declaration-rgpd'] }} | ||
with: | ||
thirdparties: ${{ steps.thirdparties.outputs.json }} | ||
url: ${{ matrix.sites.url }} | ||
output: scans/declaration-rgpd.json | ||
|
||
# testssl.sh action needs an hostname to save its output so we build it here | ||
- name: Extract hostname | ||
id: hostname | ||
run: | | ||
HOSTNAME=$(echo "${{ matrix.sites.url }}" | sed -e 's/[^/]*\/\/\([^@]*@\)\?\([^:/]*\).*/\2/') | ||
echo "::set-output name=value::$HOSTNAME" | ||
- name: testssl.sh scan | ||
if: ${{ matrix.sites.tools.testssl }} | ||
continue-on-error: true | ||
timeout-minutes: 10 | ||
uses: "mbogh/[email protected]" | ||
with: | ||
host: ${{ steps.hostname.outputs.value }} | ||
output: scans | ||
grade: "F" | ||
options: "--fast" | ||
|
||
- name: nmap vulnerabilities scan | ||
if: ${{ matrix.sites.tools.nmap }} | ||
continue-on-error: true | ||
timeout-minutes: 10 | ||
uses: "MTES-MCT/nmap-action@main" | ||
with: | ||
host: ${{ steps.hostname.outputs.value }} | ||
outputDir: "scans" | ||
outputFile: "nmapvuln.json" | ||
withVulnerabilities: true | ||
raw: false | ||
|
||
- name: Nuclei scan | ||
if: ${{ matrix.sites.tools.nuclei }} | ||
continue-on-error: true | ||
timeout-minutes: 10 | ||
uses: "SocialGouv/dashlord-nuclei-action@master" | ||
with: | ||
url: ${{ matrix.sites.url }} | ||
output: "scans/nuclei.log" | ||
|
||
- name: Updown.io checks | ||
if: ${{ matrix.sites.tools.updownio }} | ||
continue-on-error: true | ||
timeout-minutes: 10 | ||
uses: "MTES-MCT/updownio-action@main" | ||
with: | ||
apiKey: ${{ secrets.UPDOWNIO_API_KEY }} | ||
url: ${{ matrix.sites.url }} | ||
output: scans/updownio.json | ||
|
||
- name: Betagouv API scan | ||
if: ${{ matrix.sites.tools.betagouv }} | ||
continue-on-error: true | ||
timeout-minutes: 10 | ||
id: betagouv | ||
uses: betagouv/dashlord-startup-action@main | ||
with: | ||
id: "${{ matrix.sites.betaId }}" | ||
output: "scans/betagouv.json" | ||
|
||
- name: Stats page | ||
continue-on-error: true | ||
timeout-minutes: 10 | ||
uses: "betagouv/check-url-action@main" | ||
if: ${{ matrix.sites.tools.stats }} | ||
with: | ||
url: ${{ steps.betagouv.outputs.stats_url }} | ||
output: scans/stats.json | ||
minExpectedRegex: ^stat | ||
exactExpectedRegex: ^stats$ | ||
|
||
- name: Budget page | ||
continue-on-error: true | ||
timeout-minutes: 10 | ||
uses: "betagouv/check-url-action@main" | ||
if: ${{ matrix.sites.tools.budget_page }} | ||
with: | ||
url: ${{ steps.betagouv.outputs.budget_url }} | ||
output: scans/budget_page.json | ||
|
||
- name: Open Github repository | ||
continue-on-error: true | ||
timeout-minutes: 10 | ||
uses: "betagouv/check-url-action@main" | ||
if: ${{ matrix.sites.tools.betagouv }} | ||
with: | ||
url: ${{ steps.betagouv.outputs.github_repository }} | ||
output: scans/github_repository.json | ||
|
||
- name: Dependabot vulnerabilities alerts | ||
continue-on-error: true | ||
timeout-minutes: 10 | ||
if: ${{ matrix.sites.tools.dependabot && matrix.sites.repositories }} | ||
uses: "MTES-MCT/dependabotalerts-action@main" | ||
with: | ||
token: ${{ secrets.DEPENDABOTALERTS_TOKEN }} | ||
repositories: ${{ join(matrix.sites.repositories) }} | ||
output: scans/dependabotalerts.json | ||
|
||
- name: Code quality alerts | ||
if: ${{ matrix.sites.tools.codescan && matrix.sites.repositories }} | ||
continue-on-error: true | ||
timeout-minutes: 10 | ||
uses: "MTES-MCT/codescanalerts-action@main" | ||
with: | ||
token: ${{ secrets.CODESCANALERTS_TOKEN }} | ||
repositories: ${{ join(matrix.sites.repositories) }} | ||
output: scans/codescanalerts.json | ||
|
||
- uses: SocialGouv/dashlord-actions/save@v1 | ||
with: | ||
url: ${{ matrix.sites.url }} | ||
# only clean up previous stats when all tools runned | ||
cleanup: ${{ github.event.inputs.tool == 'all' && true || false }} | ||
|
||
- uses: EndBug/add-and-commit@v7 | ||
with: | ||
add: '["results"]' | ||
author_name: "DashlordBetaGouvBot " | ||
author_email: "[email protected]" | ||
message: "update: ${{ matrix.sites.url }}" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
# DashLord | ||
|
||
Tableau de bord des bonnes pratiques techniques : https://dashlord.incubateur.net | ||
|
||
## Usage | ||
|
||
### Ajouter une URL dans le dashlord | ||
|
||
Vous devez éditer le fichier [./dashlord.yml](./dashlord.yaml) et ajouter une entrée pour votre URL. | ||
|
||
💡 Bonne pratique : enlever les slashs à la fin des urls | ||
|
||
Exemple d'entrée pour une URL : | ||
|
||
```yml | ||
- url: https://www.free.fr | ||
title: Homepage free.fr | ||
betaId: free # optionnel, id de la startup sur beta.gouv.fr | ||
tags: # optionnel | ||
- telecom | ||
- provider | ||
repositories: # optionnel, pour récupérer les alertes de sécu de ces repos | ||
- free/free-ui | ||
- free/free-css | ||
docker: # optionnel, pour scanner les images avec trivy | ||
- ghcr.io/socialgouv/fabrique/frontend | ||
- ghcr.io/socialgouv/fabrique/backend | ||
tools: # optionnel, pour desactiver certains outils | ||
nmap: false | ||
pages: # optionnel, pour lancer lighthouse sur des pages supplémentaires | ||
- /profil | ||
- /mentions | ||
``` | ||
Pour la documentation de DashLord lui-même : https://github.com/SocialGouv/dashlord |
Oops, something went wrong.