added cloudmapper integration #1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: duo-labs/cloudmapper | |
| on: | |
| push: | |
| branches: | |
| - main # Change to your default branch if not main | |
| - cloudmapper-integration | |
| pull_request: | |
| types: [opened, synchronize, reopened] | |
| permissions: | |
| contents: read | |
| packages: write | |
| security-events: write | |
| env: | |
| PYTHON_VERSION: "3.13" | |
| RELEASE_VERSION: "2.10.0" | |
| jobs: | |
| build-and-push: | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| matrix: | |
| os: [ubuntu-latest] | |
| steps: | |
| - name: Checkout cloudmapper Repository | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: duo-labs/cloudmapper | |
| path: cloudmapper # Optional: Clone into a specific directory | |
| ref: ${{ env.RELEASE_VERSION }} | |
| - uses: snyk/actions/setup@master | |
| - name: Log in to GitHub Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Cache Docker layers | |
| uses: actions/cache@v3 | |
| with: | |
| path: ${{ github.workspace }}/.buildx-cache | |
| key: ${{ runner.os }}-buildx-${{ github.sha }} | |
| restore-keys: | | |
| ${{ runner.os }}-buildx- | |
| - name: Install libpcap | |
| run: sudo apt update && sudo apt install -y libpcap-dev | |
| # Set up Python 3.13 | |
| - name: Set up Python | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: ${{ env.PYTHON_VERSION }} | |
| - name: Build and push Docker image | |
| run: | | |
| docker buildx build --push \ | |
| --tag ghcr.io/${{ github.repository_owner }}/metasploit-framework:${{ env.RELEASE_VERSION }} \ | |
| --tag ghcr.io/${{ github.repository_owner }}/metasploit-framework:latest \ | |
| --platform linux/amd64,linux/arm64 ./metasploit-framework | |
| - name: Logout from Docker Hub | |
| run: docker logout | |
| - name: Check ghcr.io/${{ github.repository_owner }}/cloudmapper:${{ env.RELEASE_VERSION }} image | |
| uses: snyk/actions/docker@master | |
| continue-on-error: true | |
| env: | |
| SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | |
| with: | |
| image: ghcr.io/${{ github.repository_owner }}/cloudmapper:${{ env.RELEASE_VERSION }} | |
| args: --file=./cloudmapper/Dockerfile | |
| json: true | |
| - uses: garethr/snyk-to-sarif@master | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: SARIF | |
| path: snyk.sarif | |
| - name: Upload SARIF Report to GitHub Code Scanning | |
| uses: github/codeql-action/upload-sarif@v3 | |
| with: | |
| sarif_file: snyk.sarif | |
| # SonarCloud Scan for Metasploit Framework | |
| - name: SonarCloud Scan | |
| uses: sonarsource/sonarqube-scan-action@v4 | |
| continue-on-error: true | |
| env: | |
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
| with: | |
| args: > | |
| -Dsonar.organization=matusso | |
| -Dsonar.projectKey=docker-builds:cloudmapper | |
| -Dsonar.verbose=true | |
| -Dsonar.projectName=cloudmapper | |
| -Dsonar.python.version=${{ env.PYTHON_VERSION }} | |
| -Dsonar.sources=cloudmapper | |
| -Dsonar.exclusions=**/*.java,**/*.c,**/*.cpp,**/*.h,**/*.mm,**/*.m | |
| -Dsonar.c.file.suffixes=- | |
| -Dsonar.cpp.file.suffixes=- | |
| -Dsonar.objc.file.suffixes=- |