-
Notifications
You must be signed in to change notification settings - Fork 0
57 lines (45 loc) · 1.62 KB
/
sftp-scanner.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
name: SFTP Server Scan
on:
schedule:
- cron: '0 13 * * 1' #every Monday 9 EST
workflow_dispatch:
jobs:
scan-sftp:
runs-on: ubuntu-22.04
permissions:
id-token: write
contents: read
steps:
- uses: actions/checkout@v4
- name: Configure AWS credentials
id: creds
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::098444936620:role/GitHubRole
aws-region: us-east-1
role-session-name: actions-sftp-scan
- name: Install deps
run: |
sudo apt update && sudo apt install nmap wget -y
wget https://github.com/aquasecurity/trivy/releases/download/v0.18.3/trivy_0.18.3_Linux-64bit.deb
sudo dpkg -i trivy_0.18.3_Linux-64bit.deb
- name: Setup python
uses: actions/setup-python@v5
with:
python-version: 3.10.15
- name: Install utils
run: |
python -m pip install semgrep
python -m pip install python_graphql_client
- uses: webfactory/[email protected]
with:
ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }}
- name: Run scan
env:
HBH_SCAN_SECRET: ${{ secrets.HBH_SCAN_SECRET }}
run: |
python ./scripts/scan.py
date=$(date '+%Y-%m-%d')
aws s3 cp scripts/nmapoutput.txt s3://prod-us-east-1-sftp/server-scans/${date}-sftpscan.txt
aws s3 cp scripts/trivyoutput.txt s3://prod-us-east-1-sftp/server-scans/${date}-trivyscan.txt
aws s3 cp scripts/sgoutput.txt s3://prod-us-east-1-sftp/server-scans/${date}-semgrepscan.txt