Skip to content

Home

Jump to bottom
Kunal Nagar edited this page Dec 25, 2023 · 16 revisions

marketing

@kunalnagarco/action-cve

A GitHub action that sends Dependabot Vulnerability Alerts to multiple sources:

  • Slack
  • PagerDuty
  • Zenduty
  • Email

Usage

name: 'Check for Vulnerabilities'

on:
  schedule:
    - cron: '0 */6 * * *' # every 6 hours

jobs:
  main:
    runs-on: ubuntu-latest
    steps:
      # X.X.X - Latest version available at: https://github.com/kunalnagarco/action-cve/releases
      - uses: kunalnagarco/action-cve@vX.X.X
        with:
          token: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
          slack_webhook: ${{ secrets.SLACK_WEBHOOK }}
          pager_duty_integration_key: ${{ secrets.PAGER_DUTY_INTEGRATION_KEY }}
          zenduty_api_key: ${{ secrets.ZENDUTY_API_KEY }}
          zenduty_service_id: ${{ secrets.ZENDUTY_SERVICE_ID }}
          zenduty_escalation_policy_id: ${{ secrets.ZENDUTY_ESCALATION_POLICY_ID }}
          microsoft_teams_webhook: ${{ secrets.MICROSOFT_TEAMS_WEBHOOK }}
          email_from: from@email.com
          email_list: channelOne@email.com,channelTwo@email.com
          email_subject: My Custom Email Subject
          email_transport_smtp_port: 1003
          email_transport_smtp_user: smtpUser@email.com
          email_transport_smtp_password: smtpPassword
          count: 10

Action Inputs

Input Description
token [Required] GitHub Personal Access Token. Create one here
slack_webhook Slack Incoming Webhook URL. More info here
pager_duty_integration_key Pager Duty Service Integration Key. Also known as Routing key. More info here
zenduty_api_key Create a Zenduty API Key by visiting Account Settings > API Keys
zenduty_service_id Zenduty Service ID. More info here
zenduty_escalation_policy_id Zenduty Escalation Policy ID. More info here
count Number of alerts to send. Defaults to 20
email_from Email from address
email_list Comma-separated list of emails to send the notification to as bcc
email_subject Custom email subject (not required, default is provided)
email_transport_smtp_port Custom SMTP port (not required, default is 587 for TLS, send 465 for STARTTLS or any custom port)
email_transport_smtp_user SMTP Username
email_transport_smtp_password SMTP Password
microsoft_teams_webhook Create an incoming webhook here

Generating a GitHub Personal Access Token in an org

If you're using this action in an org where people are always joining/leaving, you can use a GitHub action to generate the token that requires you to set up a GitHub application. Here's one way to set this up:

- name: Get Token
  id: get_workflow_token
  uses: peter-murray/workflow-application-token-action@v1
  with:
    application_id: ${{ secrets.YOUR_APP_ID }}
    application_private_key: ${{ secrets.YOUR_APP_PRIVATE_KEY }}

- uses: kunalnagarco/action-cve@v1.7.13
  with:
    token: ${{ steps.get_workflow_token.outputs.token }}

Attributions

Clone this wiki locally