From d6dfa8e6314ddcaeffb9dac0829e02d67f18097a Mon Sep 17 00:00:00 2001 From: more-alas <99993346+more-alas@users.noreply.github.com> Date: Fri, 25 Feb 2022 17:38:21 -0800 Subject: [PATCH 01/46] Update README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 645cf37..8534bbf 100644 --- a/README.md +++ b/README.md @@ -4,3 +4,4 @@ 2. Set `NEXPLOIT_TOKEN` and `REPEATER` secrets in your repo settings. 3. Run a CI job in Actions. 4. Go to Nexploit app and check if a scan started. +Bob? From 9a5bf26def3018e9cb6b565f604e861d9eff956f Mon Sep 17 00:00:00 2001 From: more-alas <99993346+more-alas@users.noreply.github.com> Date: Mon, 28 Feb 2022 15:23:56 -0800 Subject: [PATCH 02/46] Update README.md --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index 8534bbf..2c62752 100644 --- a/README.md +++ b/README.md @@ -5,3 +5,6 @@ 3. Run a CI job in Actions. 4. Go to Nexploit app and check if a scan started. Bob? + + +More Bob? From 1b5f2ce35141825906446b85d0a8fdcdf5769474 Mon Sep 17 00:00:00 2001 From: more-alas <99993346+more-alas@users.noreply.github.com> Date: Tue, 18 Jul 2023 12:36:33 -0700 Subject: [PATCH 03/46] Update run-ci.yml --- .github/workflows/run-ci.yml | 29 ++++++++++++++++------------- 1 file changed, 16 insertions(+), 13 deletions(-) diff --git a/.github/workflows/run-ci.yml b/.github/workflows/run-ci.yml index baa9559..5a9b278 100644 --- a/.github/workflows/run-ci.yml +++ b/.github/workflows/run-ci.yml @@ -24,10 +24,10 @@ jobs: sudo chmod +x /usr/local/bin/docker-compose sudo apt-get install nodejs-dev node-gyp libssl1.0-dev sudo apt-get install nodejs npm - sudo npm install -g @neuralegion/nexploit-cli --unsafe-perm=true + sudo npm install -g @brightsec/cli --unsafe-perm=true - name: Save environment variables run: | - printf "NEXPLOIT_TOKEN=${{ secrets.NEXPLOIT_TOKEN }}\nREPEATER=${{ secrets.REPEATER }}\n" > .env + printf "BRIGHT_TOKEN=${{ secrets.BRIGHT_TOKEN }}\nREPEATER=${{ secrets.REPEATER5 }}\n" > .env cat .env - name: Docker-Compose run: | @@ -35,27 +35,30 @@ jobs: sudo docker-compose config - run: sleep 30s - run: sudo docker-compose logs - - name: Start Nexploit Scan 🏁 + - name: Start Brightsec Scan 🏁 id: start run: | - SCAN_ID=$(nexploit-cli scan:run \ - --test csrf dom_xss header_security secret_tokens open_buckets \ - --name "💎 BrokenCrystals for a '${GITHUB_REF##*/}' branch #${GITHUB_RUN_NUMBER}" \ - --crawler https://brokencrystals.com/api/config https://brokencrystals.com/ \ - --repeater ${{ secrets.REPEATER }} \ - --token ${{ secrets.NEXPLOIT_TOKEN }}) + SCAN_ID=$(bright-cli scan:run \ + --test csrf dom_xss header_security secret_tokens open_buckets excess_data_exposure \ \ + --name "💎 Local GH BrokenCrystals for a '${GITHUB_REF##*/}' branch #${GITHUB_RUN_NUMBER}" \ + --crawler http://10.0.0.170:8090/api/config http://10.0.0.170:8090/ \ + --host-filter 10.0.0.170:8090 \ + --repeater ${{ secrets.REPEATER5 }} \ + --auth ${{ secrets.BC_LESSB_AUTH5 }} \ + --project ${{ secrets.PROJECT5 }} \ + --token ${{ secrets.NEXPLOIT_TOKEN }}) echo "SCAN_ID=$SCAN_ID" >> $GITHUB_ENV - name: Get the output scan url 🔗 run: | - printf "Scan was started with ID https://nexploit.app/scans/$SCAN_ID" + printf "Scan was started with ID https://app.brightsec.com/scans/$SCAN_ID" - name: Wait for issues ⏳ run: | - nexploit-cli scan:polling \ + bright-cli scan:polling \ --interval 30s \ --timeout 10m \ - --token ${{ secrets.NEXPLOIT_TOKEN }} \ + --token ${{ secrets.BRIGHT_TOKEN5 }} \ --breakpoint high_issue $SCAN_ID - name: Stop Scan 🛑 continue-on-error: true if: ${{ always() }} - run: nexploit-cli scan:stop --token ${{ secrets.NEXPLOIT_TOKEN }} $SCAN_ID + run: bright-cli scan:stop --token ${{ secrets.BRIGHT_TOKEN5 }} $SCAN_ID From 1a66208b38754d1822db0f442d949a48f7c01b5f Mon Sep 17 00:00:00 2001 From: more-alas <99993346+more-alas@users.noreply.github.com> Date: Tue, 18 Jul 2023 12:42:33 -0700 Subject: [PATCH 04/46] Update run-ci.yml configured for demo --- .github/workflows/run-ci.yml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/.github/workflows/run-ci.yml b/.github/workflows/run-ci.yml index 5a9b278..3847b7d 100644 --- a/.github/workflows/run-ci.yml +++ b/.github/workflows/run-ci.yml @@ -46,7 +46,8 @@ jobs: --repeater ${{ secrets.REPEATER5 }} \ --auth ${{ secrets.BC_LESSB_AUTH5 }} \ --project ${{ secrets.PROJECT5 }} \ - --token ${{ secrets.NEXPLOIT_TOKEN }}) + --token ${{ secrets.BRIGHT_TOKEN }} \ + --cluster demo.brightsec.com) echo "SCAN_ID=$SCAN_ID" >> $GITHUB_ENV - name: Get the output scan url 🔗 run: | @@ -57,8 +58,9 @@ jobs: --interval 30s \ --timeout 10m \ --token ${{ secrets.BRIGHT_TOKEN5 }} \ - --breakpoint high_issue $SCAN_ID + --breakpoint high_issue $SCAN_ID \ + --cluster demo.brightsec.com - name: Stop Scan 🛑 continue-on-error: true if: ${{ always() }} - run: bright-cli scan:stop --token ${{ secrets.BRIGHT_TOKEN5 }} $SCAN_ID + run: bright-cli scan:stop --token ${{ secrets.BRIGHT_TOKEN5 }} $SCAN_ID --cluster demo.brightsec.com From fffb40ab73b8438c8b8e4217190edb6c7589b9c8 Mon Sep 17 00:00:00 2001 From: more-alas <99993346+more-alas@users.noreply.github.com> Date: Tue, 18 Jul 2023 12:56:09 -0700 Subject: [PATCH 05/46] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 2c62752..5beeccd 100644 --- a/README.md +++ b/README.md @@ -7,4 +7,4 @@ Bob? -More Bob? +More Bob? Yet more. From b90a282bfb2497c95ac48b125e2898b53413eab3 Mon Sep 17 00:00:00 2001 From: more-alas <99993346+more-alas@users.noreply.github.com> Date: Tue, 18 Jul 2023 13:11:11 -0700 Subject: [PATCH 06/46] Update run-ci.yml Updated to run on ubuntu 20.04, because 18.04 is apparently deprecated... --- .github/workflows/run-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/run-ci.yml b/.github/workflows/run-ci.yml index 3847b7d..fb4c164 100644 --- a/.github/workflows/run-ci.yml +++ b/.github/workflows/run-ci.yml @@ -14,7 +14,7 @@ on: jobs: start_and_wait_scan: - runs-on: ubuntu-18.04 + runs-on: ubuntu-20.04 name: A job to run a Nexploit scan steps: - uses: actions/checkout@v2 From f3769e0098cb6182f865118d8dcc8016029495f4 Mon Sep 17 00:00:00 2001 From: more-alas <99993346+more-alas@users.noreply.github.com> Date: Tue, 18 Jul 2023 13:30:00 -0700 Subject: [PATCH 07/46] Update run-ci.yml edited dependencies, for ubuntu 20.04 .. I hope. --- .github/workflows/run-ci.yml | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/.github/workflows/run-ci.yml b/.github/workflows/run-ci.yml index fb4c164..56b92b6 100644 --- a/.github/workflows/run-ci.yml +++ b/.github/workflows/run-ci.yml @@ -15,19 +15,22 @@ on: jobs: start_and_wait_scan: runs-on: ubuntu-20.04 - name: A job to run a Nexploit scan + container: node:16 + name: A job to run a BrightSec scan steps: - uses: actions/checkout@v2 - run: | sudo apt update sudo curl -L "https://github.com/docker/compose/releases/download/1.26.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose sudo chmod +x /usr/local/bin/docker-compose - sudo apt-get install nodejs-dev node-gyp libssl1.0-dev sudo apt-get install nodejs npm sudo npm install -g @brightsec/cli --unsafe-perm=true + sudo apt-get install jq -y + sudo apt-get install curl -y + - name: Save environment variables run: | - printf "BRIGHT_TOKEN=${{ secrets.BRIGHT_TOKEN }}\nREPEATER=${{ secrets.REPEATER5 }}\n" > .env + printf "BRIGHT_TOKEN=${{ secrets.BRIGHT_TOKEN }}\nREPEATER5=${{ secrets.REPEATER5 }}\nPROJECT5=${{ secrets.PROJECT5 }}\nBC_LESSB_AUTH5=${{ secrets.BC_LESSB_AUTH5 }}" > .env cat .env - name: Docker-Compose run: | @@ -51,7 +54,7 @@ jobs: echo "SCAN_ID=$SCAN_ID" >> $GITHUB_ENV - name: Get the output scan url 🔗 run: | - printf "Scan was started with ID https://app.brightsec.com/scans/$SCAN_ID" + printf "Scan was started, check details at https://app.brightsec.com/scans/$SCAN_ID" - name: Wait for issues ⏳ run: | bright-cli scan:polling \ From d4c954ce3dd437fc2a31ad59de18c88569091425 Mon Sep 17 00:00:00 2001 From: more-alas <99993346+more-alas@users.noreply.github.com> Date: Tue, 18 Jul 2023 13:32:01 -0700 Subject: [PATCH 08/46] Update run-ci.yml sudo apt -> sudo apt-get ?? --- .github/workflows/run-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/run-ci.yml b/.github/workflows/run-ci.yml index 56b92b6..a2c0f6d 100644 --- a/.github/workflows/run-ci.yml +++ b/.github/workflows/run-ci.yml @@ -20,7 +20,7 @@ jobs: steps: - uses: actions/checkout@v2 - run: | - sudo apt update + sudo apt-get update sudo curl -L "https://github.com/docker/compose/releases/download/1.26.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose sudo chmod +x /usr/local/bin/docker-compose sudo apt-get install nodejs npm From 3390e145164b19a36e43f90a99120567e4dc9cb8 Mon Sep 17 00:00:00 2001 From: more-alas <99993346+more-alas@users.noreply.github.com> Date: Tue, 18 Jul 2023 13:37:04 -0700 Subject: [PATCH 09/46] Update run-ci.yml lose sudo, lose docker compose, see what happens. --- .github/workflows/run-ci.yml | 17 +++++------------ 1 file changed, 5 insertions(+), 12 deletions(-) diff --git a/.github/workflows/run-ci.yml b/.github/workflows/run-ci.yml index a2c0f6d..f38d935 100644 --- a/.github/workflows/run-ci.yml +++ b/.github/workflows/run-ci.yml @@ -20,24 +20,17 @@ jobs: steps: - uses: actions/checkout@v2 - run: | - sudo apt-get update - sudo curl -L "https://github.com/docker/compose/releases/download/1.26.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose - sudo chmod +x /usr/local/bin/docker-compose - sudo apt-get install nodejs npm - sudo npm install -g @brightsec/cli --unsafe-perm=true - sudo apt-get install jq -y - sudo apt-get install curl -y + apt-get update + apt-get install nodejs npm + npm install -g @brightsec/cli --unsafe-perm=true + apt-get install jq -y + apt-get install curl -y - name: Save environment variables run: | printf "BRIGHT_TOKEN=${{ secrets.BRIGHT_TOKEN }}\nREPEATER5=${{ secrets.REPEATER5 }}\nPROJECT5=${{ secrets.PROJECT5 }}\nBC_LESSB_AUTH5=${{ secrets.BC_LESSB_AUTH5 }}" > .env cat .env - - name: Docker-Compose - run: | - sudo docker-compose --env-file=.env up -d - sudo docker-compose config - run: sleep 30s - - run: sudo docker-compose logs - name: Start Brightsec Scan 🏁 id: start run: | From d8c5aa605d38cb1d8b93cd183fa9df2a94a48c75 Mon Sep 17 00:00:00 2001 From: more-alas <99993346+more-alas@users.noreply.github.com> Date: Tue, 18 Jul 2023 13:39:38 -0700 Subject: [PATCH 10/46] Update run-ci.yml apt-get update - > apt update ... hope for the best --- .github/workflows/run-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/run-ci.yml b/.github/workflows/run-ci.yml index f38d935..516fe12 100644 --- a/.github/workflows/run-ci.yml +++ b/.github/workflows/run-ci.yml @@ -20,7 +20,7 @@ jobs: steps: - uses: actions/checkout@v2 - run: | - apt-get update + apt update apt-get install nodejs npm npm install -g @brightsec/cli --unsafe-perm=true apt-get install jq -y From 12c2a3e940b32058598a12a9effb159c04ed5d52 Mon Sep 17 00:00:00 2001 From: more-alas <99993346+more-alas@users.noreply.github.com> Date: Tue, 18 Jul 2023 13:45:16 -0700 Subject: [PATCH 11/46] Update run-ci.yml Steal updates from GitLab 20.04 ubuntu --- .github/workflows/run-ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/run-ci.yml b/.github/workflows/run-ci.yml index 516fe12..b22728f 100644 --- a/.github/workflows/run-ci.yml +++ b/.github/workflows/run-ci.yml @@ -20,8 +20,8 @@ jobs: steps: - uses: actions/checkout@v2 - run: | - apt update - apt-get install nodejs npm + apt update -qq --fix-missing + apt install -y --no-install-recommends nodejs npm make g++ npm install -g @brightsec/cli --unsafe-perm=true apt-get install jq -y apt-get install curl -y From bc3dd76165823da12dcff59f54bfd6218416ad29 Mon Sep 17 00:00:00 2001 From: more-alas <99993346+more-alas@users.noreply.github.com> Date: Tue, 18 Jul 2023 13:49:48 -0700 Subject: [PATCH 12/46] Update run-ci.yml delete extra backslash? --- .github/workflows/run-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/run-ci.yml b/.github/workflows/run-ci.yml index b22728f..707cef3 100644 --- a/.github/workflows/run-ci.yml +++ b/.github/workflows/run-ci.yml @@ -35,7 +35,7 @@ jobs: id: start run: | SCAN_ID=$(bright-cli scan:run \ - --test csrf dom_xss header_security secret_tokens open_buckets excess_data_exposure \ \ + --test csrf dom_xss header_security secret_tokens open_buckets excess_data_exposure \ --name "💎 Local GH BrokenCrystals for a '${GITHUB_REF##*/}' branch #${GITHUB_RUN_NUMBER}" \ --crawler http://10.0.0.170:8090/api/config http://10.0.0.170:8090/ \ --host-filter 10.0.0.170:8090 \ From 471b378a230a0b570207cd7110a7cc04ba01680d Mon Sep 17 00:00:00 2001 From: more-alas <99993346+more-alas@users.noreply.github.com> Date: Tue, 18 Jul 2023 13:54:31 -0700 Subject: [PATCH 13/46] Update run-ci.yml one line to rule them all? --- .github/workflows/run-ci.yml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/.github/workflows/run-ci.yml b/.github/workflows/run-ci.yml index 707cef3..914e237 100644 --- a/.github/workflows/run-ci.yml +++ b/.github/workflows/run-ci.yml @@ -34,15 +34,13 @@ jobs: - name: Start Brightsec Scan 🏁 id: start run: | - SCAN_ID=$(bright-cli scan:run \ - --test csrf dom_xss header_security secret_tokens open_buckets excess_data_exposure \ - --name "💎 Local GH BrokenCrystals for a '${GITHUB_REF##*/}' branch #${GITHUB_RUN_NUMBER}" \ + SCAN_ID=$(bright-cli scan:run --token ${{ secrets.BRIGHT_TOKEN }} --name "💎 Local GH BrokenCrystals for a '${GITHUB_REF##*/}' branch #${GITHUB_RUN_NUMBER}" \ + --test csrf dom_xss header_security secret_tokens open_buckets excess_data_exposure \ --crawler http://10.0.0.170:8090/api/config http://10.0.0.170:8090/ \ --host-filter 10.0.0.170:8090 \ --repeater ${{ secrets.REPEATER5 }} \ --auth ${{ secrets.BC_LESSB_AUTH5 }} \ --project ${{ secrets.PROJECT5 }} \ - --token ${{ secrets.BRIGHT_TOKEN }} \ --cluster demo.brightsec.com) echo "SCAN_ID=$SCAN_ID" >> $GITHUB_ENV - name: Get the output scan url 🔗 From 4d0b987370125710df431fcf48afcde94f0642b5 Mon Sep 17 00:00:00 2001 From: more-alas <99993346+more-alas@users.noreply.github.com> Date: Tue, 18 Jul 2023 14:06:06 -0700 Subject: [PATCH 14/46] Update run-ci.yml excess ive _data_exposure... and cut from 30 to 3 s wait --- .github/workflows/run-ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/run-ci.yml b/.github/workflows/run-ci.yml index 914e237..46328e4 100644 --- a/.github/workflows/run-ci.yml +++ b/.github/workflows/run-ci.yml @@ -30,12 +30,12 @@ jobs: run: | printf "BRIGHT_TOKEN=${{ secrets.BRIGHT_TOKEN }}\nREPEATER5=${{ secrets.REPEATER5 }}\nPROJECT5=${{ secrets.PROJECT5 }}\nBC_LESSB_AUTH5=${{ secrets.BC_LESSB_AUTH5 }}" > .env cat .env - - run: sleep 30s + - run: sleep 3s - name: Start Brightsec Scan 🏁 id: start run: | SCAN_ID=$(bright-cli scan:run --token ${{ secrets.BRIGHT_TOKEN }} --name "💎 Local GH BrokenCrystals for a '${GITHUB_REF##*/}' branch #${GITHUB_RUN_NUMBER}" \ - --test csrf dom_xss header_security secret_tokens open_buckets excess_data_exposure \ + --test csrf dom_xss header_security secret_tokens open_buckets excessive_data_exposure \ --crawler http://10.0.0.170:8090/api/config http://10.0.0.170:8090/ \ --host-filter 10.0.0.170:8090 \ --repeater ${{ secrets.REPEATER5 }} \ From 4be183ac4fbeb730288d728dcf91d5b85c0aee93 Mon Sep 17 00:00:00 2001 From: more-alas <99993346+more-alas@users.noreply.github.com> Date: Tue, 18 Jul 2023 15:39:50 -0700 Subject: [PATCH 15/46] Update run-ci.yml real one line to rule them all... --- .github/workflows/run-ci.yml | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/.github/workflows/run-ci.yml b/.github/workflows/run-ci.yml index 46328e4..b200acb 100644 --- a/.github/workflows/run-ci.yml +++ b/.github/workflows/run-ci.yml @@ -34,14 +34,7 @@ jobs: - name: Start Brightsec Scan 🏁 id: start run: | - SCAN_ID=$(bright-cli scan:run --token ${{ secrets.BRIGHT_TOKEN }} --name "💎 Local GH BrokenCrystals for a '${GITHUB_REF##*/}' branch #${GITHUB_RUN_NUMBER}" \ - --test csrf dom_xss header_security secret_tokens open_buckets excessive_data_exposure \ - --crawler http://10.0.0.170:8090/api/config http://10.0.0.170:8090/ \ - --host-filter 10.0.0.170:8090 \ - --repeater ${{ secrets.REPEATER5 }} \ - --auth ${{ secrets.BC_LESSB_AUTH5 }} \ - --project ${{ secrets.PROJECT5 }} \ - --cluster demo.brightsec.com) + SCAN_ID=$(bright-cli scan:run --token ${{ secrets.BRIGHT_TOKEN }} --name "💎 Local GH BrokenCrystals for a '${GITHUB_REF##*/}' branch #${GITHUB_RUN_NUMBER}" --test csrf dom_xss header_security secret_tokens open_buckets excessive_data_exposure --crawler http://10.0.0.170:8090 --host-filter 10.0.0.170:8090 --repeater ${{ secrets.REPEATER5 }} --auth ${{ secrets.BC_LESSB_AUTH5 }} --project ${{ secrets.PROJECT5 }} --cluster demo.brightsec.com) echo "SCAN_ID=$SCAN_ID" >> $GITHUB_ENV - name: Get the output scan url 🔗 run: | From bfa505a56d6486350ac49991b6811218ed2e5751 Mon Sep 17 00:00:00 2001 From: more-alas <99993346+more-alas@users.noreply.github.com> Date: Tue, 18 Jul 2023 15:51:52 -0700 Subject: [PATCH 16/46] Update run-ci.yml Forgot to start target app... take 2 --- .github/workflows/run-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/run-ci.yml b/.github/workflows/run-ci.yml index b200acb..7494fe5 100644 --- a/.github/workflows/run-ci.yml +++ b/.github/workflows/run-ci.yml @@ -38,7 +38,7 @@ jobs: echo "SCAN_ID=$SCAN_ID" >> $GITHUB_ENV - name: Get the output scan url 🔗 run: | - printf "Scan was started, check details at https://app.brightsec.com/scans/$SCAN_ID" + printf "Scan was started, check the details at https://app.brightsec.com/scans/$SCAN_ID" - name: Wait for issues ⏳ run: | bright-cli scan:polling \ From 29fa42c34acd0c98e6085c60db3a7ba4c7a3aa98 Mon Sep 17 00:00:00 2001 From: more-alas <99993346+more-alas@users.noreply.github.com> Date: Tue, 18 Jul 2023 16:04:15 -0700 Subject: [PATCH 17/46] Update run-ci.yml one-liner-ing the polling, try to capture results... --- .github/workflows/run-ci.yml | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/.github/workflows/run-ci.yml b/.github/workflows/run-ci.yml index 7494fe5..df698d0 100644 --- a/.github/workflows/run-ci.yml +++ b/.github/workflows/run-ci.yml @@ -38,16 +38,12 @@ jobs: echo "SCAN_ID=$SCAN_ID" >> $GITHUB_ENV - name: Get the output scan url 🔗 run: | - printf "Scan was started, check the details at https://app.brightsec.com/scans/$SCAN_ID" + printf "Scan was started, check the details at https://demo.brightsec.com/scans/$SCAN_ID" - name: Wait for issues ⏳ run: | - bright-cli scan:polling \ - --interval 30s \ - --timeout 10m \ - --token ${{ secrets.BRIGHT_TOKEN5 }} \ - --breakpoint high_issue $SCAN_ID \ - --cluster demo.brightsec.com + POLLING_RESULT=$(bright-cli scan:polling --interval 30s --timeout 10m --token ${{ secrets.BRIGHT_TOKEN }} --breakpoint high_issue $SCAN_ID --cluster demo.brightsec.com) + echo $POLLING_RESULT - name: Stop Scan 🛑 continue-on-error: true if: ${{ always() }} - run: bright-cli scan:stop --token ${{ secrets.BRIGHT_TOKEN5 }} $SCAN_ID --cluster demo.brightsec.com + run: bright-cli scan:stop --token ${{ secrets.BRIGHT_TOKEN }} $SCAN_ID --cluster demo.brightsec.com From a29e4d5d1e480163482af138f5db44452212df6d Mon Sep 17 00:00:00 2001 From: more-alas <99993346+more-alas@users.noreply.github.com> Date: Tue, 18 Jul 2023 16:12:52 -0700 Subject: [PATCH 18/46] Update run-ci.yml With previous scan already stopped... just in case? --- .github/workflows/run-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/run-ci.yml b/.github/workflows/run-ci.yml index df698d0..2475c82 100644 --- a/.github/workflows/run-ci.yml +++ b/.github/workflows/run-ci.yml @@ -38,7 +38,7 @@ jobs: echo "SCAN_ID=$SCAN_ID" >> $GITHUB_ENV - name: Get the output scan url 🔗 run: | - printf "Scan was started, check the details at https://demo.brightsec.com/scans/$SCAN_ID" + printf "Scan was started, check them details at https://demo.brightsec.com/scans/$SCAN_ID" - name: Wait for issues ⏳ run: | POLLING_RESULT=$(bright-cli scan:polling --interval 30s --timeout 10m --token ${{ secrets.BRIGHT_TOKEN }} --breakpoint high_issue $SCAN_ID --cluster demo.brightsec.com) From 12cfd69694768f363f76715e5856e5d195806e5f Mon Sep 17 00:00:00 2001 From: more-alas <99993346+more-alas@users.noreply.github.com> Date: Tue, 18 Jul 2023 16:24:27 -0700 Subject: [PATCH 19/46] Update run-ci.yml Restarted fragile repeater... --- .github/workflows/run-ci.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/run-ci.yml b/.github/workflows/run-ci.yml index 2475c82..98e8255 100644 --- a/.github/workflows/run-ci.yml +++ b/.github/workflows/run-ci.yml @@ -43,6 +43,7 @@ jobs: run: | POLLING_RESULT=$(bright-cli scan:polling --interval 30s --timeout 10m --token ${{ secrets.BRIGHT_TOKEN }} --breakpoint high_issue $SCAN_ID --cluster demo.brightsec.com) echo $POLLING_RESULT + echo "POLLING_RESULT=$POLLING_RESULT" >> $GITHUB_ENV - name: Stop Scan 🛑 continue-on-error: true if: ${{ always() }} From c3077a7906a8a7d3711c9e4c9952eb39ec34453e Mon Sep 17 00:00:00 2001 From: more-alas <99993346+more-alas@users.noreply.github.com> Date: Wed, 19 Jul 2023 16:08:48 -0700 Subject: [PATCH 20/46] Update run-ci.yml Trying to add support for not always stopping scan. (If...) --- .github/workflows/run-ci.yml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/.github/workflows/run-ci.yml b/.github/workflows/run-ci.yml index 98e8255..34a47ce 100644 --- a/.github/workflows/run-ci.yml +++ b/.github/workflows/run-ci.yml @@ -40,11 +40,12 @@ jobs: run: | printf "Scan was started, check them details at https://demo.brightsec.com/scans/$SCAN_ID" - name: Wait for issues ⏳ - run: | - POLLING_RESULT=$(bright-cli scan:polling --interval 30s --timeout 10m --token ${{ secrets.BRIGHT_TOKEN }} --breakpoint high_issue $SCAN_ID --cluster demo.brightsec.com) - echo $POLLING_RESULT + run: | + echo "POLLING_RESULT=Stop" >> $GITHUB_ENV + POLLING_RESULT=$(bright-cli scan:polling --interval 30s --timeout 10m --token ${{ secrets.BRIGHT_TOKEN }} --breakpoint critical_issue $SCAN_ID --cluster demo.brightsec.com) echo "POLLING_RESULT=$POLLING_RESULT" >> $GITHUB_ENV + - name: Stop Scan 🛑 continue-on-error: true - if: ${{ always() }} + if: ${{ $POLLING_RESULT == "Stop" }} run: bright-cli scan:stop --token ${{ secrets.BRIGHT_TOKEN }} $SCAN_ID --cluster demo.brightsec.com From cdc03879d1dc197a9b9d132b1e0748400cc356d8 Mon Sep 17 00:00:00 2001 From: more-alas <99993346+more-alas@users.noreply.github.com> Date: Wed, 19 Jul 2023 16:11:35 -0700 Subject: [PATCH 21/46] Update run-ci.yml typpo? --- .github/workflows/run-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/run-ci.yml b/.github/workflows/run-ci.yml index 34a47ce..af1bb49 100644 --- a/.github/workflows/run-ci.yml +++ b/.github/workflows/run-ci.yml @@ -38,7 +38,7 @@ jobs: echo "SCAN_ID=$SCAN_ID" >> $GITHUB_ENV - name: Get the output scan url 🔗 run: | - printf "Scan was started, check them details at https://demo.brightsec.com/scans/$SCAN_ID" + printf "Scan was started, check the details at https://demo.brightsec.com/scans/$SCAN_ID" - name: Wait for issues ⏳ run: | echo "POLLING_RESULT=Stop" >> $GITHUB_ENV From a188fe265bf9d7346948a7a33b8fe9508dd8ebbc Mon Sep 17 00:00:00 2001 From: more-alas <99993346+more-alas@users.noreply.github.com> Date: Wed, 19 Jul 2023 16:14:53 -0700 Subject: [PATCH 22/46] Update run-ci.yml odd changes? Editing fixes? --- .github/workflows/run-ci.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/run-ci.yml b/.github/workflows/run-ci.yml index af1bb49..6ab33e2 100644 --- a/.github/workflows/run-ci.yml +++ b/.github/workflows/run-ci.yml @@ -18,6 +18,7 @@ jobs: container: node:16 name: A job to run a BrightSec scan steps: + - name: Initialize - uses: actions/checkout@v2 - run: | apt update -qq --fix-missing From d3a4bfcbf6fd0c9932da913b419155d7e27ec45e Mon Sep 17 00:00:00 2001 From: more-alas <99993346+more-alas@users.noreply.github.com> Date: Wed, 19 Jul 2023 16:19:13 -0700 Subject: [PATCH 23/46] Update run-ci.yml add typo? --- .github/workflows/run-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/run-ci.yml b/.github/workflows/run-ci.yml index 6ab33e2..17e54f7 100644 --- a/.github/workflows/run-ci.yml +++ b/.github/workflows/run-ci.yml @@ -17,7 +17,7 @@ jobs: runs-on: ubuntu-20.04 container: node:16 name: A job to run a BrightSec scan - steps: + step: - name: Initialize - uses: actions/checkout@v2 - run: | From 8b515641b31f3c4dbe9352e117c70d52d85f15d4 Mon Sep 17 00:00:00 2001 From: more-alas <99993346+more-alas@users.noreply.github.com> Date: Wed, 19 Jul 2023 16:20:59 -0700 Subject: [PATCH 24/46] Update run-ci.yml remove previously added typo? --- .github/workflows/run-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/run-ci.yml b/.github/workflows/run-ci.yml index 17e54f7..6ab33e2 100644 --- a/.github/workflows/run-ci.yml +++ b/.github/workflows/run-ci.yml @@ -17,7 +17,7 @@ jobs: runs-on: ubuntu-20.04 container: node:16 name: A job to run a BrightSec scan - step: + steps: - name: Initialize - uses: actions/checkout@v2 - run: | From 4f016ff05492848412672a8874e79fa012ba7909 Mon Sep 17 00:00:00 2001 From: more-alas <99993346+more-alas@users.noreply.github.com> Date: Wed, 19 Jul 2023 16:41:23 -0700 Subject: [PATCH 25/46] Update run-ci.yml better if syntax? --- .github/workflows/run-ci.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/run-ci.yml b/.github/workflows/run-ci.yml index 6ab33e2..0dbe4d7 100644 --- a/.github/workflows/run-ci.yml +++ b/.github/workflows/run-ci.yml @@ -48,5 +48,6 @@ jobs: - name: Stop Scan 🛑 continue-on-error: true - if: ${{ $POLLING_RESULT == "Stop" }} - run: bright-cli scan:stop --token ${{ secrets.BRIGHT_TOKEN }} $SCAN_ID --cluster demo.brightsec.com + if: $POLLING_RESULT == "Stop" + run: | + bright-cli scan:stop --token ${{ secrets.BRIGHT_TOKEN }} $SCAN_ID --cluster demo.brightsec.com From 28c14d69c0c1b280bdde7099f60003c54c0064a9 Mon Sep 17 00:00:00 2001 From: more-alas <99993346+more-alas@users.noreply.github.com> Date: Wed, 19 Jul 2023 16:43:55 -0700 Subject: [PATCH 26/46] Update run-ci.yml even better yet if syntax? --- .github/workflows/run-ci.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/run-ci.yml b/.github/workflows/run-ci.yml index 0dbe4d7..4f3ecb5 100644 --- a/.github/workflows/run-ci.yml +++ b/.github/workflows/run-ci.yml @@ -49,5 +49,4 @@ jobs: - name: Stop Scan 🛑 continue-on-error: true if: $POLLING_RESULT == "Stop" - run: | - bright-cli scan:stop --token ${{ secrets.BRIGHT_TOKEN }} $SCAN_ID --cluster demo.brightsec.com + run: bright-cli scan:stop --token ${{ secrets.BRIGHT_TOKEN }} $SCAN_ID --cluster demo.brightsec.com From ee08695fbb7c3b74ee335f4aca55fdb9b84c8b6f Mon Sep 17 00:00:00 2001 From: more-alas <99993346+more-alas@users.noreply.github.com> Date: Wed, 19 Jul 2023 16:46:18 -0700 Subject: [PATCH 27/46] Update run-ci.yml delete excesss spaces... --- .github/workflows/run-ci.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/run-ci.yml b/.github/workflows/run-ci.yml index 4f3ecb5..335679b 100644 --- a/.github/workflows/run-ci.yml +++ b/.github/workflows/run-ci.yml @@ -45,7 +45,6 @@ jobs: echo "POLLING_RESULT=Stop" >> $GITHUB_ENV POLLING_RESULT=$(bright-cli scan:polling --interval 30s --timeout 10m --token ${{ secrets.BRIGHT_TOKEN }} --breakpoint critical_issue $SCAN_ID --cluster demo.brightsec.com) echo "POLLING_RESULT=$POLLING_RESULT" >> $GITHUB_ENV - - name: Stop Scan 🛑 continue-on-error: true if: $POLLING_RESULT == "Stop" From 49057094b455614a4bd934ac7a63d5477c0eab40 Mon Sep 17 00:00:00 2001 From: more-alas <99993346+more-alas@users.noreply.github.com> Date: Wed, 19 Jul 2023 16:47:54 -0700 Subject: [PATCH 28/46] Update run-ci.yml Another blank line goes down... --- .github/workflows/run-ci.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/run-ci.yml b/.github/workflows/run-ci.yml index 335679b..9950fa8 100644 --- a/.github/workflows/run-ci.yml +++ b/.github/workflows/run-ci.yml @@ -26,7 +26,6 @@ jobs: npm install -g @brightsec/cli --unsafe-perm=true apt-get install jq -y apt-get install curl -y - - name: Save environment variables run: | printf "BRIGHT_TOKEN=${{ secrets.BRIGHT_TOKEN }}\nREPEATER5=${{ secrets.REPEATER5 }}\nPROJECT5=${{ secrets.PROJECT5 }}\nBC_LESSB_AUTH5=${{ secrets.BC_LESSB_AUTH5 }}" > .env From 9a8b0d8bc091b290b78e3931fdc8ff49a622b829 Mon Sep 17 00:00:00 2001 From: more-alas <99993346+more-alas@users.noreply.github.com> Date: Wed, 19 Jul 2023 16:53:14 -0700 Subject: [PATCH 29/46] Update run-ci.yml different syntax --- .github/workflows/run-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/run-ci.yml b/.github/workflows/run-ci.yml index 9950fa8..e23408d 100644 --- a/.github/workflows/run-ci.yml +++ b/.github/workflows/run-ci.yml @@ -46,5 +46,5 @@ jobs: echo "POLLING_RESULT=$POLLING_RESULT" >> $GITHUB_ENV - name: Stop Scan 🛑 continue-on-error: true - if: $POLLING_RESULT == "Stop" + if: ${{ $POLLING_RESULT == "Stop" }} run: bright-cli scan:stop --token ${{ secrets.BRIGHT_TOKEN }} $SCAN_ID --cluster demo.brightsec.com From 2e9b9e952df2f6435ec5a98bd44c1a19da162a98 Mon Sep 17 00:00:00 2001 From: more-alas <99993346+more-alas@users.noreply.github.com> Date: Wed, 19 Jul 2023 16:55:00 -0700 Subject: [PATCH 30/46] Update run-ci.yml fix indent? --- .github/workflows/run-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/run-ci.yml b/.github/workflows/run-ci.yml index e23408d..87310fc 100644 --- a/.github/workflows/run-ci.yml +++ b/.github/workflows/run-ci.yml @@ -40,7 +40,7 @@ jobs: run: | printf "Scan was started, check the details at https://demo.brightsec.com/scans/$SCAN_ID" - name: Wait for issues ⏳ - run: | + run: | echo "POLLING_RESULT=Stop" >> $GITHUB_ENV POLLING_RESULT=$(bright-cli scan:polling --interval 30s --timeout 10m --token ${{ secrets.BRIGHT_TOKEN }} --breakpoint critical_issue $SCAN_ID --cluster demo.brightsec.com) echo "POLLING_RESULT=$POLLING_RESULT" >> $GITHUB_ENV From 09faacd3d5d9003de5f3153eb5aa5a527d43c302 Mon Sep 17 00:00:00 2001 From: more-alas <99993346+more-alas@users.noreply.github.com> Date: Wed, 19 Jul 2023 16:57:10 -0700 Subject: [PATCH 31/46] Update run-ci.yml fix extra names... --- .github/workflows/run-ci.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/run-ci.yml b/.github/workflows/run-ci.yml index 87310fc..035476f 100644 --- a/.github/workflows/run-ci.yml +++ b/.github/workflows/run-ci.yml @@ -18,7 +18,6 @@ jobs: container: node:16 name: A job to run a BrightSec scan steps: - - name: Initialize - uses: actions/checkout@v2 - run: | apt update -qq --fix-missing From ce4091b181900003d20041afa04cdd96f8037405 Mon Sep 17 00:00:00 2001 From: more-alas <99993346+more-alas@users.noreply.github.com> Date: Wed, 19 Jul 2023 17:05:38 -0700 Subject: [PATCH 32/46] Update run-ci.yml print polling result... without trying to use it. --- .github/workflows/run-ci.yml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/.github/workflows/run-ci.yml b/.github/workflows/run-ci.yml index 035476f..bfd4d7e 100644 --- a/.github/workflows/run-ci.yml +++ b/.github/workflows/run-ci.yml @@ -41,9 +41,11 @@ jobs: - name: Wait for issues ⏳ run: | echo "POLLING_RESULT=Stop" >> $GITHUB_ENV - POLLING_RESULT=$(bright-cli scan:polling --interval 30s --timeout 10m --token ${{ secrets.BRIGHT_TOKEN }} --breakpoint critical_issue $SCAN_ID --cluster demo.brightsec.com) + POLLING_RESULT=$(bright-cli scan:polling --interval 30s --timeout 10m --token ${{ secrets.BRIGHT_TOKEN }} --breakpoint any $SCAN_ID --cluster demo.brightsec.com) echo "POLLING_RESULT=$POLLING_RESULT" >> $GITHUB_ENV - name: Stop Scan 🛑 continue-on-error: true - if: ${{ $POLLING_RESULT == "Stop" }} - run: bright-cli scan:stop --token ${{ secrets.BRIGHT_TOKEN }} $SCAN_ID --cluster demo.brightsec.com + if: ${{ Always() }} + run: | + printf "Polling result was $POLLING_RESULT" + bright-cli scan:stop --token ${{ secrets.BRIGHT_TOKEN }} $SCAN_ID --cluster demo.brightsec.com From f077c830593e22c98d959b4b269c14b3218bbce0 Mon Sep 17 00:00:00 2001 From: more-alas <99993346+more-alas@users.noreply.github.com> Date: Wed, 19 Jul 2023 17:16:43 -0700 Subject: [PATCH 33/46] Update run-ci.yml ${{ failure() }} works? --- .github/workflows/run-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/run-ci.yml b/.github/workflows/run-ci.yml index bfd4d7e..4f7132e 100644 --- a/.github/workflows/run-ci.yml +++ b/.github/workflows/run-ci.yml @@ -45,7 +45,7 @@ jobs: echo "POLLING_RESULT=$POLLING_RESULT" >> $GITHUB_ENV - name: Stop Scan 🛑 continue-on-error: true - if: ${{ Always() }} + if: ${{ failure() }} run: | printf "Polling result was $POLLING_RESULT" bright-cli scan:stop --token ${{ secrets.BRIGHT_TOKEN }} $SCAN_ID --cluster demo.brightsec.com From 89cc29dd708f3f0b6cc508eeea5082fa8c2726bb Mon Sep 17 00:00:00 2001 From: more-alas <99993346+more-alas@users.noreply.github.com> Date: Wed, 19 Jul 2023 17:22:48 -0700 Subject: [PATCH 34/46] Update run-ci.yml test failure for critical_issue breakpoint --- .github/workflows/run-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/run-ci.yml b/.github/workflows/run-ci.yml index 4f7132e..9005b01 100644 --- a/.github/workflows/run-ci.yml +++ b/.github/workflows/run-ci.yml @@ -41,7 +41,7 @@ jobs: - name: Wait for issues ⏳ run: | echo "POLLING_RESULT=Stop" >> $GITHUB_ENV - POLLING_RESULT=$(bright-cli scan:polling --interval 30s --timeout 10m --token ${{ secrets.BRIGHT_TOKEN }} --breakpoint any $SCAN_ID --cluster demo.brightsec.com) + POLLING_RESULT=$(bright-cli scan:polling --interval 30s --timeout 10m --token ${{ secrets.BRIGHT_TOKEN }} --breakpoint critical_issue $SCAN_ID --cluster demo.brightsec.com) echo "POLLING_RESULT=$POLLING_RESULT" >> $GITHUB_ENV - name: Stop Scan 🛑 continue-on-error: true From 0a99e7e9d9d7abf031206e22175f8a6a8e086492 Mon Sep 17 00:00:00 2001 From: more-alas <99993346+more-alas@users.noreply.github.com> Date: Thu, 20 Jul 2023 10:06:27 -0700 Subject: [PATCH 35/46] Update run-ci.yml failed for timeout, fixing from 10m to 100m. --- .github/workflows/run-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/run-ci.yml b/.github/workflows/run-ci.yml index 9005b01..b8c5fdb 100644 --- a/.github/workflows/run-ci.yml +++ b/.github/workflows/run-ci.yml @@ -41,7 +41,7 @@ jobs: - name: Wait for issues ⏳ run: | echo "POLLING_RESULT=Stop" >> $GITHUB_ENV - POLLING_RESULT=$(bright-cli scan:polling --interval 30s --timeout 10m --token ${{ secrets.BRIGHT_TOKEN }} --breakpoint critical_issue $SCAN_ID --cluster demo.brightsec.com) + POLLING_RESULT=$(bright-cli scan:polling --interval 30s --timeout 100m --token ${{ secrets.BRIGHT_TOKEN }} --breakpoint critical_issue $SCAN_ID --cluster demo.brightsec.com) echo "POLLING_RESULT=$POLLING_RESULT" >> $GITHUB_ENV - name: Stop Scan 🛑 continue-on-error: true From d700470a18455b4849993b18111261fefedea234 Mon Sep 17 00:00:00 2001 From: more-alas <99993346+more-alas@users.noreply.github.com> Date: Thu, 20 Jul 2023 10:59:43 -0700 Subject: [PATCH 36/46] Update run-ci.yml fix repeater... make it 101m timeout polling --- .github/workflows/run-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/run-ci.yml b/.github/workflows/run-ci.yml index b8c5fdb..c2a6e59 100644 --- a/.github/workflows/run-ci.yml +++ b/.github/workflows/run-ci.yml @@ -41,7 +41,7 @@ jobs: - name: Wait for issues ⏳ run: | echo "POLLING_RESULT=Stop" >> $GITHUB_ENV - POLLING_RESULT=$(bright-cli scan:polling --interval 30s --timeout 100m --token ${{ secrets.BRIGHT_TOKEN }} --breakpoint critical_issue $SCAN_ID --cluster demo.brightsec.com) + POLLING_RESULT=$(bright-cli scan:polling --interval 30s --timeout 101m --token ${{ secrets.BRIGHT_TOKEN }} --breakpoint critical_issue $SCAN_ID --cluster demo.brightsec.com) echo "POLLING_RESULT=$POLLING_RESULT" >> $GITHUB_ENV - name: Stop Scan 🛑 continue-on-error: true From fe8c9395dcd4d8c70a659604c41cc49b3e5af927 Mon Sep 17 00:00:00 2001 From: more-alas <99993346+more-alas@users.noreply.github.com> Date: Thu, 20 Jul 2023 12:07:05 -0700 Subject: [PATCH 37/46] Update run-ci.yml narrow crawler scope to http://10.0.0.170:8090/marketplace to eliminate repeater timeout issues. --- .github/workflows/run-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/run-ci.yml b/.github/workflows/run-ci.yml index c2a6e59..249e3e7 100644 --- a/.github/workflows/run-ci.yml +++ b/.github/workflows/run-ci.yml @@ -33,7 +33,7 @@ jobs: - name: Start Brightsec Scan 🏁 id: start run: | - SCAN_ID=$(bright-cli scan:run --token ${{ secrets.BRIGHT_TOKEN }} --name "💎 Local GH BrokenCrystals for a '${GITHUB_REF##*/}' branch #${GITHUB_RUN_NUMBER}" --test csrf dom_xss header_security secret_tokens open_buckets excessive_data_exposure --crawler http://10.0.0.170:8090 --host-filter 10.0.0.170:8090 --repeater ${{ secrets.REPEATER5 }} --auth ${{ secrets.BC_LESSB_AUTH5 }} --project ${{ secrets.PROJECT5 }} --cluster demo.brightsec.com) + SCAN_ID=$(bright-cli scan:run --token ${{ secrets.BRIGHT_TOKEN }} --name "💎 Local GH BrokenCrystals for a '${GITHUB_REF##*/}' branch #${GITHUB_RUN_NUMBER}" --test csrf dom_xss header_security secret_tokens open_buckets excessive_data_exposure --crawler http://10.0.0.170:8090/marketplace --host-filter 10.0.0.170:8090 --repeater ${{ secrets.REPEATER5 }} --auth ${{ secrets.BC_LESSB_AUTH5 }} --project ${{ secrets.PROJECT5 }} --cluster demo.brightsec.com) echo "SCAN_ID=$SCAN_ID" >> $GITHUB_ENV - name: Get the output scan url 🔗 run: | From 62b7c0929d1627bb18f146bfc42f33d213df891b Mon Sep 17 00:00:00 2001 From: more-alas <99993346+more-alas@users.noreply.github.com> Date: Mon, 6 May 2024 10:02:05 -0700 Subject: [PATCH 38/46] Update run-ci.yml - convert to Action simple run scan no id or project --- .github/workflows/run-ci.yml | 46 ++++++++++-------------------------- 1 file changed, 13 insertions(+), 33 deletions(-) diff --git a/.github/workflows/run-ci.yml b/.github/workflows/run-ci.yml index 249e3e7..1fd7186 100644 --- a/.github/workflows/run-ci.yml +++ b/.github/workflows/run-ci.yml @@ -1,4 +1,4 @@ -name: CI +name: CICD on: push: @@ -13,39 +13,19 @@ on: - cron: "0 0 * * THU" jobs: - start_and_wait_scan: + run_dast: + name: Run super basic scan Action runs-on: ubuntu-20.04 container: node:16 - name: A job to run a BrightSec scan steps: - - uses: actions/checkout@v2 - - run: | - apt update -qq --fix-missing - apt install -y --no-install-recommends nodejs npm make g++ - npm install -g @brightsec/cli --unsafe-perm=true - apt-get install jq -y - apt-get install curl -y - - name: Save environment variables - run: | - printf "BRIGHT_TOKEN=${{ secrets.BRIGHT_TOKEN }}\nREPEATER5=${{ secrets.REPEATER5 }}\nPROJECT5=${{ secrets.PROJECT5 }}\nBC_LESSB_AUTH5=${{ secrets.BC_LESSB_AUTH5 }}" > .env - cat .env - - run: sleep 3s - - name: Start Brightsec Scan 🏁 + - name: Scan Start id: start - run: | - SCAN_ID=$(bright-cli scan:run --token ${{ secrets.BRIGHT_TOKEN }} --name "💎 Local GH BrokenCrystals for a '${GITHUB_REF##*/}' branch #${GITHUB_RUN_NUMBER}" --test csrf dom_xss header_security secret_tokens open_buckets excessive_data_exposure --crawler http://10.0.0.170:8090/marketplace --host-filter 10.0.0.170:8090 --repeater ${{ secrets.REPEATER5 }} --auth ${{ secrets.BC_LESSB_AUTH5 }} --project ${{ secrets.PROJECT5 }} --cluster demo.brightsec.com) - echo "SCAN_ID=$SCAN_ID" >> $GITHUB_ENV - - name: Get the output scan url 🔗 - run: | - printf "Scan was started, check the details at https://demo.brightsec.com/scans/$SCAN_ID" - - name: Wait for issues ⏳ - run: | - echo "POLLING_RESULT=Stop" >> $GITHUB_ENV - POLLING_RESULT=$(bright-cli scan:polling --interval 30s --timeout 101m --token ${{ secrets.BRIGHT_TOKEN }} --breakpoint critical_issue $SCAN_ID --cluster demo.brightsec.com) - echo "POLLING_RESULT=$POLLING_RESULT" >> $GITHUB_ENV - - name: Stop Scan 🛑 - continue-on-error: true - if: ${{ failure() }} - run: | - printf "Polling result was $POLLING_RESULT" - bright-cli scan:stop --token ${{ secrets.BRIGHT_TOKEN }} $SCAN_ID --cluster demo.brightsec.com + uses: NeuraLegion/run-scan@release + with: + api_token: ${{ secrets.BRIGHT_TOKEN}} + hostname: app.brightsec.com + name: Bright Scan - ${{ github.sha }} + discovery_types: | + [ "crawler" ] + crawler_urls: | + [ "https://brokencrystals.com" ] From d520f929ab57ce556245fb1883047b63a3b75449 Mon Sep 17 00:00:00 2001 From: more-alas <99993346+more-alas@users.noreply.github.com> Date: Mon, 6 May 2024 12:12:25 -0700 Subject: [PATCH 39/46] Update run-ci.yml Added Action to scan name. --- .github/workflows/run-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/run-ci.yml b/.github/workflows/run-ci.yml index 1fd7186..1039a30 100644 --- a/.github/workflows/run-ci.yml +++ b/.github/workflows/run-ci.yml @@ -24,7 +24,7 @@ jobs: with: api_token: ${{ secrets.BRIGHT_TOKEN}} hostname: app.brightsec.com - name: Bright Scan - ${{ github.sha }} + name: Bright Action Scan - ${{ github.sha }} discovery_types: | [ "crawler" ] crawler_urls: | From 357436d054fa0b5cda4944f7d638e001f3fdedee Mon Sep 17 00:00:00 2001 From: more-alas <99993346+more-alas@users.noreply.github.com> Date: Mon, 6 May 2024 14:53:21 -0700 Subject: [PATCH 40/46] Update README.md will use Actions? --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 5beeccd..903f30e 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ 2. Set `NEXPLOIT_TOKEN` and `REPEATER` secrets in your repo settings. 3. Run a CI job in Actions. 4. Go to Nexploit app and check if a scan started. -Bob? +Bob? bob. More Bob? Yet more. From d097633d633ac5259bf80636a0a37f327e5665f9 Mon Sep 17 00:00:00 2001 From: more-alas <99993346+more-alas@users.noreply.github.com> Date: Mon, 6 May 2024 15:10:22 -0700 Subject: [PATCH 41/46] Update run-ci.yml pluralization of the name... --- .github/workflows/run-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/run-ci.yml b/.github/workflows/run-ci.yml index 1039a30..a074184 100644 --- a/.github/workflows/run-ci.yml +++ b/.github/workflows/run-ci.yml @@ -24,7 +24,7 @@ jobs: with: api_token: ${{ secrets.BRIGHT_TOKEN}} hostname: app.brightsec.com - name: Bright Action Scan - ${{ github.sha }} + name: Bright Actions Scan - ${{ github.sha }} discovery_types: | [ "crawler" ] crawler_urls: | From aa61ef5f6e245ac7fbbd0e83391ff5acfd5552fa Mon Sep 17 00:00:00 2001 From: more-alas <99993346+more-alas@users.noreply.github.com> Date: Mon, 6 May 2024 15:17:00 -0700 Subject: [PATCH 42/46] Update run-ci.yml pull req. branch name edit? --- .github/workflows/run-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/run-ci.yml b/.github/workflows/run-ci.yml index a074184..05dd435 100644 --- a/.github/workflows/run-ci.yml +++ b/.github/workflows/run-ci.yml @@ -8,7 +8,7 @@ on: - swagger - brokencrystals pull_request: - branches: [main] + branches: [With-Actions] schedule: - cron: "0 0 * * THU" From 59d85e3de8e2f28ceb840138f050a5765a622256 Mon Sep 17 00:00:00 2001 From: more-alas <99993346+more-alas@users.noreply.github.com> Date: Mon, 6 May 2024 15:21:47 -0700 Subject: [PATCH 43/46] Update run-ci.yml added with-actions to push branches...? --- .github/workflows/run-ci.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/run-ci.yml b/.github/workflows/run-ci.yml index 05dd435..3983852 100644 --- a/.github/workflows/run-ci.yml +++ b/.github/workflows/run-ci.yml @@ -7,6 +7,7 @@ on: - har-file - swagger - brokencrystals + - With-Actions pull_request: branches: [With-Actions] schedule: From f863cd7d8a63bc85c44eeea84e4fc8282a72d401 Mon Sep 17 00:00:00 2001 From: more-alas <99993346+more-alas@users.noreply.github.com> Date: Tue, 7 May 2024 09:42:06 -0700 Subject: [PATCH 44/46] Update run-ci.yml Adding a project_id --- .github/workflows/run-ci.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/run-ci.yml b/.github/workflows/run-ci.yml index 3983852..492b293 100644 --- a/.github/workflows/run-ci.yml +++ b/.github/workflows/run-ci.yml @@ -25,8 +25,9 @@ jobs: with: api_token: ${{ secrets.BRIGHT_TOKEN}} hostname: app.brightsec.com - name: Bright Actions Scan - ${{ github.sha }} + name: Project 32 Bright Actions Scan - ${{ github.sha }} discovery_types: | [ "crawler" ] crawler_urls: | [ "https://brokencrystals.com" ] + project_id: ePB48tZH3KeGRHE6N2skAb From 4e855b2ca4b52f31e10c13a439acc9d5eaa2a62f Mon Sep 17 00:00:00 2001 From: more-alas <99993346+more-alas@users.noreply.github.com> Date: Wed, 8 May 2024 09:46:14 -0700 Subject: [PATCH 45/46] Update run-ci.yml Adding wait-for, with scan result push... and project_id in "quotes". Big changes. --- .github/workflows/run-ci.yml | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/.github/workflows/run-ci.yml b/.github/workflows/run-ci.yml index 492b293..481a283 100644 --- a/.github/workflows/run-ci.yml +++ b/.github/workflows/run-ci.yml @@ -25,9 +25,20 @@ jobs: with: api_token: ${{ secrets.BRIGHT_TOKEN}} hostname: app.brightsec.com - name: Project 32 Bright Actions Scan - ${{ github.sha }} + name: Project 32 Bright Actions Scan With Pipeline Wait1 - ${{ github.sha }} discovery_types: | [ "crawler" ] crawler_urls: | [ "https://brokencrystals.com" ] - project_id: ePB48tZH3KeGRHE6N2skAb + project_id: "ePB48tZH3KeGRHE6N2skAb" + - name: Wait for breakpoint + id: wait + uses: NeuraLegion/wait-for@release + with: + api_token: ${{ secrets.BRIGHT_TOKEN }} + hostname: app.brightsec.com + scan: ${{ steps.start.outputs.id }} + wait_for: critical + code_scanning_alerts: true + github_token: ${{ secrets.ACTION_GITHUB_TOKEN }} + timeout: 600 # time in seconds From 1925d602266aa85ffa1ae371a3f8c558db1accab Mon Sep 17 00:00:00 2001 From: more-alas <99993346+more-alas@users.noreply.github.com> Date: Wed, 8 May 2024 11:11:31 -0700 Subject: [PATCH 46/46] Update run-ci.yml Timeout 600 -> 60000 --- .github/workflows/run-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/run-ci.yml b/.github/workflows/run-ci.yml index 481a283..f26cf48 100644 --- a/.github/workflows/run-ci.yml +++ b/.github/workflows/run-ci.yml @@ -41,4 +41,4 @@ jobs: wait_for: critical code_scanning_alerts: true github_token: ${{ secrets.ACTION_GITHUB_TOKEN }} - timeout: 600 # time in seconds + timeout: 60000 # time in seconds