-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathaction.yml
68 lines (64 loc) · 2.57 KB
/
action.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
name: Ostorlab Security Scanner
description: Scan mobile apps for outdated dependencies, hardcoded secrets, privacy leakages, and insecure code (Signup at ostorlab.co).
inputs:
scan_profile:
description: Specifies your scan profile ( free "fast_scan" for community scans and "full_scan" for full analysis)
required: true
default: fast_scan
asset_type:
description: Type of asset to scan. (['android-apk', 'android-aab', 'ios-ipa'])
required: true
target:
description: Path to file .apk|.ios file.
required: true
scan_title:
description: Title for your scan.
required: false
ostorlab_api_key:
description: Api key from ostorlab.
required: true
break_on_risk_rating:
description: Wait for the scan results and force the action to fail if the scan risk rating is equal or higher this value. (['HIGH', 'MEDIUM', 'LOW','POTENTIALLY])
required: false
max_wait_minutes:
description: Specifies the maximum number of minutes to wait for scan results.
required: false
default: 20
extra:
description: Extra args to be passed to Ostorlab CLI to create a scan, common case is setting test credentials.
required: false
outputs:
scan_id:
description: id of the created scan.
status:
description: status of scan.
runs:
using: "composite"
steps:
- name: Set up Python3.11
uses: actions/[email protected]
with:
python-version: 3.11
- name: Install Ostorlab
run: |
python -m pip install --upgrade pip
python -m pip install ostorlab
shell: bash
- name: Run Scan
run: |
ostorlab --api-key="$INPUT_OSTORLAB_API_KEY" ci-scan run --log-flavor=github --title="$INPUT_SCAN_TITLE" --scan-profile="$INPUT_SCAN_PROFILE" --break-on-risk-rating="$INPUT_BREAK_ON_RISK_RATING" --max-wait-minutes="$INPUT_MAX_WAIT_MINUTES" --source="github" --repository="$GITHUB_REPOSITORY" --pr-number="$GITHUB_PR_NUMBER" $INPUT_EXTRA $INPUT_ASSET_TYPE $INPUT_TARGET
shell: bash
env:
INPUT_OSTORLAB_API_KEY: ${{ inputs.ostorlab_api_key }}
INPUT_SCAN_TITLE: ${{ inputs.scan_title }}
INPUT_SCAN_PROFILE: ${{ inputs.scan_profile }}
INPUT_BREAK_ON_RISK_RATING: ${{ inputs.break_on_risk_rating }}
INPUT_MAX_WAIT_MINUTES: ${{ inputs.max_wait_minutes }}
INPUT_EXTRA: ${{ inputs.extra }}
INPUT_ASSET_TYPE: ${{ inputs.asset_type }}
INPUT_TARGET: ${{ inputs.target }}
GITHUB_REPOSITORY: ${{ github.repository }}
GITHUB_PR_NUMBER: ${{ github.event.pull_request.number }}
branding:
icon: "shield"
color: "blue"