GithubHelp home page GithubHelp logo

thunderscan-action's Introduction

DefenseCode ThunderScan Github Action ThunderScan

DefenseCode ThunderScan GitHub Action with SARIF output.

  • DefenseCode ThunderScan® is a SAST (Static Application Security Testing, WhiteBox Testing) solution for performing deep and extensive security analysis of application source code. ThunderScan® is easy to use and can be deployed during or after development with easy integration into DevOps environment and CI/CD pipeline.

  • DefenseCode WebScanner is a DAST (Dynamic Application Security Testing, BlackBox Testing) solution for comprehensive security audits of active web applications (websites). WebScanner will test a website’s security by carrying out a large number of attacks using the most advanced techniques, just as a real attacker would.

Find more info in the official website: DefenseCode.com

Inputs

Variable Example Value Description Type Required Default
api_url https://localhost:8999 ThunderScan API URL String Yes N/A
api_token ${{ secrets.THUNDERSCAN_TOKEN }} ThunderScan API Token Secure String Yes N/A
client_path /opt/thunderscan/tsactioncli ThunderScan Client Path String Yes N/A
engines 2 ThunderScan Engine IDs String No N/A

Outputs

The default output format for this GitHub Action is a SARIF output report stored in the working directory as ./thunderscan-sarif.json

Example Usage

ThunderScan action runs on a self-hosted runner, utilizing a ThunderScan API CLI client.

    steps:
    # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
    - uses: actions/checkout@v2

    # ThunderScan Action
    - name: ThunderScan
      uses: defensecode/[email protected]
      with:
        api_url: 'http://localhost:8999'
        client_path: '/opt/thunderscan/tsactioncli'
        api_token:  ${{ secrets.THUNDERSCAN_TOKEN }}

    - name: Expose report
      uses: actions/upload-artifact@v2
      with:
        name: SARIF results
        path: thunderscan-sarif.json
    # Uploads thunderscan-sarif.json to GitHub repository using the upload-sarif action
    - uses: github/codeql-action/upload-sarif@v1
      with:
        # Path to SARIF file relative to the root of the repository
        sarif_file: thunderscan-sarif.json

Security Alerts Sample

Sample Alert Sample Flow

thunderscan-action's People

Contributors

boskostan avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.