Elgato_dark/ToolJet
1
0
Fork 0
mirror of https://github.com/ToolJet/ToolJet synced 2026-05-23 08:58:26 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Merge pull request #12415 from ToolJet/fix/vur-workflow

Browse source 
Adding vulnerability-ci.yml to main
This commit is contained in:
Adish M 2025-04-01 11:05:02 +05:30 committed by GitHub
commit acb34fe59f
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 650 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

650
.github/workflows/vulnerability-ci.yml vendored Normal file
View file

@ -0,0 +1,650 @@
name: Vulnerability CI
# Controls when the workflow will run
on:
pull_request:
types: [labeled, unlabeled, closed]
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
# Schedule the workflow to run every two weeks
schedule:
- cron: '30 5 */14 * *'
jobs:
PeriodicVulnerability-CheckOn-frontend-code:
if: github.event_name == 'schedule'
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v3
with:
ref: refs/heads/main
- name: Use Node.js 18.18.2
uses: actions/setup-node@v3
with:
node-version: 18.18.2
- name: Install dependencies
run: npm --prefix frontend install
- name: Running security audit
run: npm --prefix server audit --json > Periodic-frontend-audit.json
continue-on-error: true
- name: Parse audit summary
id: parse-audit
run: |
vulnerabilities=$(jq '.metadata.vulnerabilities' Periodic-frontend-audit.json)
moderate=$(echo $vulnerabilities | jq '.moderate')
high=$(echo $vulnerabilities | jq '.high')
critical=$(echo $vulnerabilities | jq '.critical')
echo "::set-output name=moderate::$moderate"
echo "::set-output name=high::$high"
echo "::set-output name=critical::$critical"
- name: Upload audit report
uses: actions/upload-artifact@v3
with:
name: Periodic-frontend-audit-report
path: Periodic-frontend-audit.json
- name: Send Slack Notification
run: |
message="Periodic Security Audit Report Of Frontend directory\n
Node module vulnerabilities summary:\n
🔴 Critical: ${{ steps.parse-audit.outputs.critical }}\n
🟠 High: ${{ steps.parse-audit.outputs.high }}\n
🟡 Moderate: ${{ steps.parse-audit.outputs.moderate }}\n
\nDownload Audit Report: http://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"
curl -X POST -H 'Content-type: application/json' --data "{\"text\":\"$message\"}" ${{ secrets.SLACK_WEBHOOK_URL_VUR }}
PeriodicVulnerability-CheckOn-server-code:
if: github.event_name == 'schedule'
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v3
with:
ref: refs/heads/main
- name: Use Node.js 18.18.2
uses: actions/setup-node@v3
with:
node-version: 18.18.2
- name: Install dependencies
run: npm --prefix server install
- name: Running security audit
run: npm --prefix server audit --json > Periodic-server-audit.json
continue-on-error: true
- name: Parse audit summary
id: parse-audit
run: |
vulnerabilities=$(jq '.metadata.vulnerabilities' Periodic-server-audit.json)
moderate=$(echo $vulnerabilities | jq '.moderate')
high=$(echo $vulnerabilities | jq '.high')
critical=$(echo $vulnerabilities | jq '.critical')
echo "::set-output name=moderate::$moderate"
echo "::set-output name=high::$high"
echo "::set-output name=critical::$critical"
- name: Upload audit report
uses: actions/upload-artifact@v3
with:
name: Periodic-server-audit-report
path: Periodic-server-audit.json
- name: Send Slack Notification
run: |
message="### Periodic Security Audit Report Of Server directory\n
Node module vulnerabilities summary:\n
🔴 Critical: ${{ steps.parse-audit.outputs.critical }}\n
🟠 High: ${{ steps.parse-audit.outputs.high }}\n
🟡 Moderate: ${{ steps.parse-audit.outputs.moderate }}\n
\nDownload Audit Report: http://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"
curl -X POST -H 'Content-type: application/json' --data "{\"text\":\"$message\"}" ${{ secrets.SLACK_WEBHOOK_URL_VUR }}
PeriodicVulnerability-CheckOn-marketplace-code:
if: github.event_name == 'schedule'
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v3
with:
ref: refs/heads/main
- name: Use Node.js 18.18.2
uses: actions/setup-node@v3
with:
node-version: 18.18.2
- name: Install dependencies
run: npm --prefix marketplace install
- name: Running security audit
run: npm --prefix marketplace audit --json > Periodic-marketplace-audit.json
continue-on-error: true
- name: Parse audit summary
id: parse-audit
run: |
vulnerabilities=$(jq '.metadata.vulnerabilities' Periodic-marketplace-audit.json)
moderate=$(echo $vulnerabilities | jq '.moderate')
high=$(echo $vulnerabilities | jq '.high')
critical=$(echo $vulnerabilities | jq '.critical')
echo "::set-output name=moderate::$moderate"
echo "::set-output name=high::$high"
echo "::set-output name=critical::$critical"
- name: Upload audit report
uses: actions/upload-artifact@v3
with:
name: Periodic-marketplace-audit-report
path: Periodic-marketplace-audit.json
- name: Send Slack Notification
run: |
message="Periodic Security Audit Report Of Marketplace directory\n
Node module vulnerabilities summary:\n
🔴 Critical: ${{ steps.parse-audit.outputs.critical }}\n
🟠 High: ${{ steps.parse-audit.outputs.high }}\n
🟡 Moderate: ${{ steps.parse-audit.outputs.moderate }}\n
\nDownload Audit Report: http://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"
curl -X POST -H 'Content-type: application/json' --data "{\"text\":\"$message\"}" ${{ secrets.SLACK_WEBHOOK_URL_VUR }}
PeriodicVulnerability-CheckOn-plugins-code:
if: github.event_name == 'schedule'
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v3
with:
ref: refs/heads/main
- name: Use Node.js 18.18.2
uses: actions/setup-node@v3
with:
node-version: 18.18.2
- name: Install dependencies
run: npm --prefix plugins install
- name: Running security audit
run: npm --prefix plugins audit --json > Periodic-plugins-audit.json
continue-on-error: true
- name: Parse audit summary
id: parse-audit
run: |
vulnerabilities=$(jq '.metadata.vulnerabilities' Periodic-plugins-audit.json)
moderate=$(echo $vulnerabilities | jq '.moderate')
high=$(echo $vulnerabilities | jq '.high')
critical=$(echo $vulnerabilities | jq '.critical')
echo "::set-output name=moderate::$moderate"
echo "::set-output name=high::$high"
echo "::set-output name=critical::$critical"
- name: Upload audit report
uses: actions/upload-artifact@v3
with:
name: Periodic-plugins-audit-report
path: Periodic-plugins-audit.json
- name: Send Slack Notification
run: |
message="Periodic Security Audit Report Of Plugins directory\n
Node module vulnerabilities summary:\n
🔴 Critical: ${{ steps.parse-audit.outputs.critical }}\n
🟠 High: ${{ steps.parse-audit.outputs.high }}\n
🟡 Moderate: ${{ steps.parse-audit.outputs.moderate }}\n
\nDownload Audit Report: http://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"
curl -X POST -H 'Content-type: application/json' --data "{\"text\":\"$message\"}" ${{ secrets.SLACK_WEBHOOK_URL_VUR }}
PeriodicVulnerability-CheckOn-cypress-code:
if: github.event_name == 'schedule'
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v3
with:
ref: refs/heads/main
- name: Use Node.js 18.18.2
uses: actions/setup-node@v3
with:
node-version: 18.18.2
- name: Install dependencies
run: npm --prefix cypress-tests install
- name: Running security audit
run: npm --prefix cypress-tests audit --json > Periodic-cypress-audit.json
continue-on-error: true
- name: Parse audit summary
id: parse-audit
run: |
vulnerabilities=$(jq '.metadata.vulnerabilities' Periodic-cypress-audit.json)
moderate=$(echo $vulnerabilities | jq '.moderate')
high=$(echo $vulnerabilities | jq '.high')
critical=$(echo $vulnerabilities | jq '.critical')
echo "::set-output name=moderate::$moderate"
echo "::set-output name=high::$high"
echo "::set-output name=critical::$critical"
- name: Upload audit report
uses: actions/upload-artifact@v3
with:
name: Periodic-cypress-audit-report
path: Periodic-cypress-audit.json
- name: Send Slack Notification
run: |
message="Periodic Security Audit Report Of Cypress directory\n
Node module vulnerabilities summary:\n
🔴 Critical: ${{ steps.parse-audit.outputs.critical }}\n
🟠 High: ${{ steps.parse-audit.outputs.high }}\n
🟡 Moderate: ${{ steps.parse-audit.outputs.moderate }}\n
\nDownload Audit Report: http://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"
curl -X POST -H 'Content-type: application/json' --data "{\"text\":\"$message\"}" ${{ secrets.SLACK_WEBHOOK_URL_VUR }}
PeriodicVulnerability-CheckOn-root-code:
if: github.event_name == 'schedule'
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v3
with:
ref: refs/heads/main
- name: Use Node.js 18.18.2
uses: actions/setup-node@v3
with:
node-version: 18.18.2
- name: Install dependencies
run: npm install
- name: Running security audit
run: npm audit --json > Periodic-root-audit.json
continue-on-error: true
- name: Parse audit summary
id: parse-audit
run: |
vulnerabilities=$(jq '.metadata.vulnerabilities' Periodic-root-audit.json)
moderate=$(echo $vulnerabilities | jq '.moderate')
high=$(echo $vulnerabilities | jq '.high')
critical=$(echo $vulnerabilities | jq '.critical')
echo "::set-output name=moderate::$moderate"
echo "::set-output name=high::$high"
echo "::set-output name=critical::$critical"
- name: Upload audit report
uses: actions/upload-artifact@v3
with:
name: Periodic-root-audit-report
path: Periodic-root-audit.json
- name: Send Slack Notification
run: |
message="Periodic Security Audit Report Of Root directory\n
Node module vulnerabilities summary:\n
🔴 Critical: ${{ steps.parse-audit.outputs.critical }}\n
🟠 High: ${{ steps.parse-audit.outputs.high }}\n
🟡 Moderate: ${{ steps.parse-audit.outputs.moderate }}\n
\nDownload Audit Report: http://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"
curl -X POST -H 'Content-type: application/json' --data "{\"text\":\"$message\"}" ${{ secrets.SLACK_WEBHOOK_URL_VUR }}
ManualVulnerability-CheckOn-frontend-code:
if: ${{ github.event.action == 'labeled' && (github.event.label.name == 'frontend-vulnerability' || github.event.label.name == 'check-vulnerability') }}
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v3
with:
ref: ${{ github.event.pull_request.head.ref }}
- name: Use Node.js 18.18.2
uses: actions/setup-node@v3
with:
node-version: 18.18.2
- name: Install dependencies
run: npm --prefix frontend install
- name: Running security audit
run: npm --prefix frontend audit --json > frontend-audit.json
continue-on-error: true
- name: Parse audit summary
id: parse-audit
run: |
vulnerabilities=$(jq '.metadata.vulnerabilities' frontend-audit.json)
moderate=$(echo $vulnerabilities | jq '.moderate')
high=$(echo $vulnerabilities | jq '.high')
critical=$(echo $vulnerabilities | jq '.critical')
echo "::set-output name=moderate::$moderate"
echo "::set-output name=high::$high"
echo "::set-output name=critical::$critical"
- name: Upload audit report
uses: actions/upload-artifact@v3
with:
name: frontend-audit-report
path: frontend-audit.json
- name: Create or update PR comment
uses: peter-evans/create-or-update-comment@v1
with:
token: ${{ secrets.GITHUB_TOKEN }}
repository: ${{ github.repository }}
issue-number: ${{ github.event.pull_request.number }}
body: |
### Security Audit Report Of Frontend directory
**Node module vulnerabilities summary:**
🔴 Critical: ${{ steps.parse-audit.outputs.critical }}
🟠 High: ${{ steps.parse-audit.outputs.high }}
🟡 Moderate: ${{ steps.parse-audit.outputs.moderate }}
Please find the JSON file in the [summary page](${{ github.frontend_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}).
ManualVulnerability-CheckOn-server-code:
if: ${{ github.event.action == 'labeled' && (github.event.label.name == 'server-vulnerability' || github.event.label.name == 'check-vulnerability') }}
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v3
with:
ref: ${{ github.event.pull_request.head.ref }}
- name: Use Node.js 18.18.2
uses: actions/setup-node@v3
with:
node-version: 18.18.2
- name: Install dependencies
run: npm --prefix server install
- name: Running security audit
run: npm --prefix server audit --json > server-audit.json
continue-on-error: true
- name: Parse audit summary
id: parse-audit
run: |
vulnerabilities=$(jq '.metadata.vulnerabilities' server-audit.json)
moderate=$(echo $vulnerabilities | jq '.moderate')
high=$(echo $vulnerabilities | jq '.high')
critical=$(echo $vulnerabilities | jq '.critical')
echo "::set-output name=moderate::$moderate"
echo "::set-output name=high::$high"
echo "::set-output name=critical::$critical"
- name: Upload audit report
uses: actions/upload-artifact@v3
with:
name: server-audit-report
path: server-audit.json
- name: Create or update PR comment
uses: peter-evans/create-or-update-comment@v1
with:
token: ${{ secrets.GITHUB_TOKEN }}
repository: ${{ github.repository }}
issue-number: ${{ github.event.pull_request.number }}
body: |
### Security Audit Report Of Server directory
**Node module vulnerabilities summary:**
🔴 Critical: ${{ steps.parse-audit.outputs.critical }}
🟠 High: ${{ steps.parse-audit.outputs.high }}
🟡 Moderate: ${{ steps.parse-audit.outputs.moderate }}
Please find the JSON file in the [summary page](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}).
ManualVulnerability-CheckOn-marketplace-code:
if: ${{ github.event.action == 'labeled' && (github.event.label.name == 'marketplace-vulnerability' || github.event.label.name == 'check-vulnerability') }}
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v3
with:
ref: ${{ github.event.pull_request.head.ref }}
- name: Use Node.js 18.18.2
uses: actions/setup-node@v3
with:
node-version: 18.18.2
- name: Install dependencies
run: npm --prefix marketplace install
- name: Running security audit
run: npm --prefix marketplace audit --json > marketplace-audit.json
continue-on-error: true
- name: Parse audit summary
id: parse-audit
run: |
vulnerabilities=$(jq '.metadata.vulnerabilities' marketplace-audit.json)
moderate=$(echo $vulnerabilities | jq '.moderate')
high=$(echo $vulnerabilities | jq '.high')
critical=$(echo $vulnerabilities | jq '.critical')
echo "::set-output name=moderate::$moderate"
echo "::set-output name=high::$high"
echo "::set-output name=critical::$critical"
- name: Upload audit report
uses: actions/upload-artifact@v3
with:
name: marketplace-audit-report
path: marketplace-audit.json
- name: Create or update PR comment
uses: peter-evans/create-or-update-comment@v1
with:
token: ${{ secrets.GITHUB_TOKEN }}
repository: ${{ github.repository }}
issue-number: ${{ github.event.pull_request.number }}
body: |
### Security Audit Report Of Marketplace directory
**Node module vulnerabilities summary:**
🔴 Critical: ${{ steps.parse-audit.outputs.critical }}
🟠 High: ${{ steps.parse-audit.outputs.high }}
🟡 Moderate: ${{ steps.parse-audit.outputs.moderate }}
Please find the JSON file in the [summary page](${{ github.marketplace_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}).
ManualVulnerability-CheckOn-plugins-code:
if: ${{ github.event.action == 'labeled' && (github.event.label.name == 'plugins-vulnerability' || github.event.label.name == 'check-vulnerability') }}
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v3
with:
ref: ${{ github.event.pull_request.head.ref }}
- name: Use Node.js 18.18.2
uses: actions/setup-node@v3
with:
node-version: 18.18.2
- name: Install dependencies
run: npm --prefix plugins install
- name: Running security audit
run: npm --prefix plugins audit --json > plugins-audit.json
continue-on-error: true
- name: Parse audit summary
id: parse-audit
run: |
vulnerabilities=$(jq '.metadata.vulnerabilities' plugins-audit.json)
moderate=$(echo $vulnerabilities | jq '.moderate')
high=$(echo $vulnerabilities | jq '.high')
critical=$(echo $vulnerabilities | jq '.critical')
echo "::set-output name=moderate::$moderate"
echo "::set-output name=high::$high"
echo "::set-output name=critical::$critical"
- name: Upload audit report
uses: actions/upload-artifact@v3
with:
name: plugins-audit-report
path: plugins-audit.json
- name: Create or update PR comment
uses: peter-evans/create-or-update-comment@v1
with:
token: ${{ secrets.GITHUB_TOKEN }}
repository: ${{ github.repository }}
issue-number: ${{ github.event.pull_request.number }}
body: |
### Security Audit Report Of Plugins directory
**Node module vulnerabilities summary:**
🔴 Critical: ${{ steps.parse-audit.outputs.critical }}
🟠 High: ${{ steps.parse-audit.outputs.high }}
🟡 Moderate: ${{ steps.parse-audit.outputs.moderate }}
Please find the JSON file in the [summary page](${{ github.plugins_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}).
ManualVulnerability-CheckOn-cypress-code:
if: ${{ github.event.action == 'labeled' && (github.event.label.name == 'cypress-vulnerability' || github.event.label.name == 'check-vulnerability') }}
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v3
with:
ref: ${{ github.event.pull_request.head.ref }}
- name: Use Node.js 18.18.2
uses: actions/setup-node@v3
with:
node-version: 18.18.2
- name: Install dependencies
run: npm --prefix cypress-tests install
- name: Running security audit
run: npm --prefix cypress-tests audit --json > cypress-audit.json
continue-on-error: true
- name: Parse audit summary
id: parse-audit
run: |
vulnerabilities=$(jq '.metadata.vulnerabilities' cypress-audit.json)
moderate=$(echo $vulnerabilities | jq '.moderate')
high=$(echo $vulnerabilities | jq '.high')
critical=$(echo $vulnerabilities | jq '.critical')
echo "::set-output name=moderate::$moderate"
echo "::set-output name=high::$high"
echo "::set-output name=critical::$critical"
- name: Upload audit report
uses: actions/upload-artifact@v3
with:
name: cypress-audit-report
path: cypress-audit.json
- name: Create or update PR comment
uses: peter-evans/create-or-update-comment@v1
with:
token: ${{ secrets.GITHUB_TOKEN }}
repository: ${{ github.repository }}
issue-number: ${{ github.event.pull_request.number }}
body: |
### Security Audit Report Of Cypress directory
**Node module vulnerabilities summary:**
🔴 Critical: ${{ steps.parse-audit.outputs.critical }}
🟠 High: ${{ steps.parse-audit.outputs.high }}
🟡 Moderate: ${{ steps.parse-audit.outputs.moderate }}
Please find the JSON file in the [summary page](${{ github.cypress_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}).
ManualVulnerability-CheckOn-root-code:
if: ${{ github.event.action == 'labeled' && (github.event.label.name == 'root-vulnerability' || github.event.label.name == 'check-vulnerability') }}
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v3
with:
ref: ${{ github.event.pull_request.head.ref }}
- name: Use Node.js 18.18.2
uses: actions/setup-node@v3
with:
node-version: 18.18.2
- name: Install dependencies
run: npm install
- name: Running security audit
run: npm audit --json > root-audit.json
continue-on-error: true
- name: Parse audit summary
id: parse-audit
run: |
vulnerabilities=$(jq '.metadata.vulnerabilities' root-audit.json)
moderate=$(echo $vulnerabilities | jq '.moderate')
high=$(echo $vulnerabilities | jq '.high')
critical=$(echo $vulnerabilities | jq '.critical')
echo "::set-output name=moderate::$moderate"
echo "::set-output name=high::$high"
echo "::set-output name=critical::$critical"
- name: Upload audit report
uses: actions/upload-artifact@v3
with:
name: root-audit-report
path: root-audit.json
- name: Create or update PR comment
uses: peter-evans/create-or-update-comment@v1
with:
token: ${{ secrets.GITHUB_TOKEN }}
repository: ${{ github.repository }}
issue-number: ${{ github.event.pull_request.number }}
body: |
### Security Audit Report Of Root directory
**Node module vulnerabilities summary:**
🔴 Critical: ${{ steps.parse-audit.outputs.critical }}
🟠 High: ${{ steps.parse-audit.outputs.high }}
🟡 Moderate: ${{ steps.parse-audit.outputs.moderate }}
Please find the JSON file in the [summary page](${{ github.root_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}).