name: Vulnerability CI # Controls when the workflow will run on: pull_request: types: [labeled, unlabeled, closed] # Allows you to run this workflow manually from the Actions tab workflow_dispatch: # Schedule the workflow to run every two weeks once schedule: - cron: '30 5 * * 1' jobs: PeriodicVulnerability-CheckOn-frontend-code: if: github.event_name == 'schedule' runs-on: ubuntu-latest steps: - name: Checkout repository uses: actions/checkout@v3 with: ref: refs/heads/main - name: Use Node.js 18.18.2 uses: actions/setup-node@v3 with: node-version: 18.18.2 - name: Install dependencies run: npm --prefix frontend install - name: Running security audit run: npm --prefix server audit --json > Periodic-frontend-audit.json continue-on-error: true - name: Parse audit summary id: parse-audit run: | vulnerabilities=$(jq '.metadata.vulnerabilities' Periodic-frontend-audit.json) moderate=$(echo $vulnerabilities | jq '.moderate') high=$(echo $vulnerabilities | jq '.high') critical=$(echo $vulnerabilities | jq '.critical') echo "::set-output name=moderate::$moderate" echo "::set-output name=high::$high" echo "::set-output name=critical::$critical" - name: Upload audit report uses: actions/upload-artifact@v4 with: name: Periodic-frontend-audit-report path: Periodic-frontend-audit.json - name: Send Slack Notification run: | message="Periodic Security Audit Report Of Frontend directory\n Node module vulnerabilities summary:\n 🔴 Critical: ${{ steps.parse-audit.outputs.critical }}\n 🟠 High: ${{ steps.parse-audit.outputs.high }}\n 🟡 Moderate: ${{ steps.parse-audit.outputs.moderate }}\n \nDownload Audit Report: http://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" curl -X POST -H 'Content-type: application/json' --data "{\"text\":\"$message\"}" ${{ secrets.SLACK_WEBHOOK_URL_VUR }} PeriodicVulnerability-CheckOn-server-code: if: github.event_name == 'schedule' runs-on: ubuntu-latest steps: - name: Checkout repository uses: actions/checkout@v3 with: ref: refs/heads/main - name: Use Node.js 18.18.2 uses: actions/setup-node@v3 with: node-version: 18.18.2 - name: Install dependencies run: npm --prefix server install - name: Running security audit run: npm --prefix server audit --json > Periodic-server-audit.json continue-on-error: true - name: Parse audit summary id: parse-audit run: | vulnerabilities=$(jq '.metadata.vulnerabilities' Periodic-server-audit.json) moderate=$(echo $vulnerabilities | jq '.moderate') high=$(echo $vulnerabilities | jq '.high') critical=$(echo $vulnerabilities | jq '.critical') echo "::set-output name=moderate::$moderate" echo "::set-output name=high::$high" echo "::set-output name=critical::$critical" - name: Upload audit report uses: actions/upload-artifact@v4 with: name: Periodic-server-audit-report path: Periodic-server-audit.json - name: Send Slack Notification run: | message="### Periodic Security Audit Report Of Server directory\n Node module vulnerabilities summary:\n 🔴 Critical: ${{ steps.parse-audit.outputs.critical }}\n 🟠 High: ${{ steps.parse-audit.outputs.high }}\n 🟡 Moderate: ${{ steps.parse-audit.outputs.moderate }}\n \nDownload Audit Report: http://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" curl -X POST -H 'Content-type: application/json' --data "{\"text\":\"$message\"}" ${{ secrets.SLACK_WEBHOOK_URL_VUR }} PeriodicVulnerability-CheckOn-marketplace-code: if: github.event_name == 'schedule' runs-on: ubuntu-latest steps: - name: Checkout repository uses: actions/checkout@v3 with: ref: refs/heads/main - name: Use Node.js 18.18.2 uses: actions/setup-node@v3 with: node-version: 18.18.2 - name: Install dependencies run: npm --prefix marketplace install - name: Running security audit run: npm --prefix marketplace audit --json > Periodic-marketplace-audit.json continue-on-error: true - name: Parse audit summary id: parse-audit run: | vulnerabilities=$(jq '.metadata.vulnerabilities' Periodic-marketplace-audit.json) moderate=$(echo $vulnerabilities | jq '.moderate') high=$(echo $vulnerabilities | jq '.high') critical=$(echo $vulnerabilities | jq '.critical') echo "::set-output name=moderate::$moderate" echo "::set-output name=high::$high" echo "::set-output name=critical::$critical" - name: Upload audit report uses: actions/upload-artifact@v4 with: name: Periodic-marketplace-audit-report path: Periodic-marketplace-audit.json - name: Send Slack Notification run: | message="Periodic Security Audit Report Of Marketplace directory\n Node module vulnerabilities summary:\n 🔴 Critical: ${{ steps.parse-audit.outputs.critical }}\n 🟠 High: ${{ steps.parse-audit.outputs.high }}\n 🟡 Moderate: ${{ steps.parse-audit.outputs.moderate }}\n \nDownload Audit Report: http://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" curl -X POST -H 'Content-type: application/json' --data "{\"text\":\"$message\"}" ${{ secrets.SLACK_WEBHOOK_URL_VUR }} PeriodicVulnerability-CheckOn-plugins-code: if: github.event_name == 'schedule' runs-on: ubuntu-latest steps: - name: Checkout repository uses: actions/checkout@v3 with: ref: refs/heads/main - name: Use Node.js 18.18.2 uses: actions/setup-node@v3 with: node-version: 18.18.2 - name: Install dependencies run: npm --prefix plugins install - name: Running security audit run: npm --prefix plugins audit --json > Periodic-plugins-audit.json continue-on-error: true - name: Parse audit summary id: parse-audit run: | vulnerabilities=$(jq '.metadata.vulnerabilities' Periodic-plugins-audit.json) moderate=$(echo $vulnerabilities | jq '.moderate') high=$(echo $vulnerabilities | jq '.high') critical=$(echo $vulnerabilities | jq '.critical') echo "::set-output name=moderate::$moderate" echo "::set-output name=high::$high" echo "::set-output name=critical::$critical" - name: Upload audit report uses: actions/upload-artifact@v4 with: name: Periodic-plugins-audit-report path: Periodic-plugins-audit.json - name: Send Slack Notification run: | message="Periodic Security Audit Report Of Plugins directory\n Node module vulnerabilities summary:\n 🔴 Critical: ${{ steps.parse-audit.outputs.critical }}\n 🟠 High: ${{ steps.parse-audit.outputs.high }}\n 🟡 Moderate: ${{ steps.parse-audit.outputs.moderate }}\n \nDownload Audit Report: http://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" curl -X POST -H 'Content-type: application/json' --data "{\"text\":\"$message\"}" ${{ secrets.SLACK_WEBHOOK_URL_VUR }} PeriodicVulnerability-CheckOn-cypress-code: if: github.event_name == 'schedule' runs-on: ubuntu-latest steps: - name: Checkout repository uses: actions/checkout@v3 with: ref: refs/heads/main - name: Use Node.js 18.18.2 uses: actions/setup-node@v3 with: node-version: 18.18.2 - name: Install dependencies run: npm --prefix cypress-tests install - name: Running security audit run: npm --prefix cypress-tests audit --json > Periodic-cypress-audit.json continue-on-error: true - name: Parse audit summary id: parse-audit run: | vulnerabilities=$(jq '.metadata.vulnerabilities' Periodic-cypress-audit.json) moderate=$(echo $vulnerabilities | jq '.moderate') high=$(echo $vulnerabilities | jq '.high') critical=$(echo $vulnerabilities | jq '.critical') echo "::set-output name=moderate::$moderate" echo "::set-output name=high::$high" echo "::set-output name=critical::$critical" - name: Upload audit report uses: actions/upload-artifact@v4 with: name: Periodic-cypress-audit-report path: Periodic-cypress-audit.json - name: Send Slack Notification run: | message="Periodic Security Audit Report Of Cypress directory\n Node module vulnerabilities summary:\n 🔴 Critical: ${{ steps.parse-audit.outputs.critical }}\n 🟠 High: ${{ steps.parse-audit.outputs.high }}\n 🟡 Moderate: ${{ steps.parse-audit.outputs.moderate }}\n \nDownload Audit Report: http://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" curl -X POST -H 'Content-type: application/json' --data "{\"text\":\"$message\"}" ${{ secrets.SLACK_WEBHOOK_URL_VUR }} PeriodicVulnerability-CheckOn-root-code: if: github.event_name == 'schedule' runs-on: ubuntu-latest steps: - name: Checkout repository uses: actions/checkout@v3 with: ref: refs/heads/main - name: Use Node.js 18.18.2 uses: actions/setup-node@v3 with: node-version: 18.18.2 - name: Install dependencies run: npm install - name: Running security audit run: npm audit --json > Periodic-root-audit.json continue-on-error: true - name: Parse audit summary id: parse-audit run: | vulnerabilities=$(jq '.metadata.vulnerabilities' Periodic-root-audit.json) moderate=$(echo $vulnerabilities | jq '.moderate') high=$(echo $vulnerabilities | jq '.high') critical=$(echo $vulnerabilities | jq '.critical') echo "::set-output name=moderate::$moderate" echo "::set-output name=high::$high" echo "::set-output name=critical::$critical" - name: Upload audit report uses: actions/upload-artifact@v4 with: name: Periodic-root-audit-report path: Periodic-root-audit.json - name: Send Slack Notification run: | message="Periodic Security Audit Report Of Root directory\n Node module vulnerabilities summary:\n 🔴 Critical: ${{ steps.parse-audit.outputs.critical }}\n 🟠 High: ${{ steps.parse-audit.outputs.high }}\n 🟡 Moderate: ${{ steps.parse-audit.outputs.moderate }}\n \nDownload Audit Report: http://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" curl -X POST -H 'Content-type: application/json' --data "{\"text\":\"$message\"}" ${{ secrets.SLACK_WEBHOOK_URL_VUR }} ManualVulnerability-CheckOn-frontend-code: if: ${{ github.event.action == 'labeled' && (github.event.label.name == 'frontend-vulnerability' || github.event.label.name == 'check-vulnerability') }} runs-on: ubuntu-latest steps: - name: Checkout repository uses: actions/checkout@v3 with: ref: ${{ github.event.pull_request.head.ref }} - name: Use Node.js 18.18.2 uses: actions/setup-node@v3 with: node-version: 18.18.2 - name: Install dependencies run: npm --prefix frontend install - name: Running security audit run: npm --prefix frontend audit --json > frontend-audit.json continue-on-error: true - name: Parse audit summary id: parse-audit run: | vulnerabilities=$(jq '.metadata.vulnerabilities' frontend-audit.json) moderate=$(echo $vulnerabilities | jq '.moderate') high=$(echo $vulnerabilities | jq '.high') critical=$(echo $vulnerabilities | jq '.critical') echo "::set-output name=moderate::$moderate" echo "::set-output name=high::$high" echo "::set-output name=critical::$critical" - name: Upload audit report uses: actions/upload-artifact@v4 with: name: frontend-audit-report path: frontend-audit.json - name: Create or update PR comment uses: peter-evans/create-or-update-comment@v1 with: token: ${{ secrets.GITHUB_TOKEN }} repository: ${{ github.repository }} issue-number: ${{ github.event.pull_request.number }} body: | ### Security Audit Report Of Frontend directory **Node module vulnerabilities summary:** 🔴 Critical: ${{ steps.parse-audit.outputs.critical }} 🟠 High: ${{ steps.parse-audit.outputs.high }} 🟡 Moderate: ${{ steps.parse-audit.outputs.moderate }} Please find the JSON file in the [summary page](${{ github.frontend_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}). ManualVulnerability-CheckOn-server-code: if: ${{ github.event.action == 'labeled' && (github.event.label.name == 'server-vulnerability' || github.event.label.name == 'check-vulnerability') }} runs-on: ubuntu-latest steps: - name: Checkout repository uses: actions/checkout@v3 with: ref: ${{ github.event.pull_request.head.ref }} - name: Use Node.js 18.18.2 uses: actions/setup-node@v3 with: node-version: 18.18.2 - name: Install dependencies run: npm --prefix server install - name: Running security audit run: npm --prefix server audit --json > server-audit.json continue-on-error: true - name: Parse audit summary id: parse-audit run: | vulnerabilities=$(jq '.metadata.vulnerabilities' server-audit.json) moderate=$(echo $vulnerabilities | jq '.moderate') high=$(echo $vulnerabilities | jq '.high') critical=$(echo $vulnerabilities | jq '.critical') echo "::set-output name=moderate::$moderate" echo "::set-output name=high::$high" echo "::set-output name=critical::$critical" - name: Upload audit report uses: actions/upload-artifact@v4 with: name: server-audit-report path: server-audit.json - name: Create or update PR comment uses: peter-evans/create-or-update-comment@v1 with: token: ${{ secrets.GITHUB_TOKEN }} repository: ${{ github.repository }} issue-number: ${{ github.event.pull_request.number }} body: | ### Security Audit Report Of Server directory **Node module vulnerabilities summary:** 🔴 Critical: ${{ steps.parse-audit.outputs.critical }} 🟠 High: ${{ steps.parse-audit.outputs.high }} 🟡 Moderate: ${{ steps.parse-audit.outputs.moderate }} Please find the JSON file in the [summary page](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}). ManualVulnerability-CheckOn-marketplace-code: if: ${{ github.event.action == 'labeled' && (github.event.label.name == 'marketplace-vulnerability' || github.event.label.name == 'check-vulnerability') }} runs-on: ubuntu-latest steps: - name: Checkout repository uses: actions/checkout@v3 with: ref: ${{ github.event.pull_request.head.ref }} - name: Use Node.js 18.18.2 uses: actions/setup-node@v3 with: node-version: 18.18.2 - name: Install dependencies run: npm --prefix marketplace install - name: Running security audit run: npm --prefix marketplace audit --json > marketplace-audit.json continue-on-error: true - name: Parse audit summary id: parse-audit run: | vulnerabilities=$(jq '.metadata.vulnerabilities' marketplace-audit.json) moderate=$(echo $vulnerabilities | jq '.moderate') high=$(echo $vulnerabilities | jq '.high') critical=$(echo $vulnerabilities | jq '.critical') echo "::set-output name=moderate::$moderate" echo "::set-output name=high::$high" echo "::set-output name=critical::$critical" - name: Upload audit report uses: actions/upload-artifact@v4 with: name: marketplace-audit-report path: marketplace-audit.json - name: Create or update PR comment uses: peter-evans/create-or-update-comment@v1 with: token: ${{ secrets.GITHUB_TOKEN }} repository: ${{ github.repository }} issue-number: ${{ github.event.pull_request.number }} body: | ### Security Audit Report Of Marketplace directory **Node module vulnerabilities summary:** 🔴 Critical: ${{ steps.parse-audit.outputs.critical }} 🟠 High: ${{ steps.parse-audit.outputs.high }} 🟡 Moderate: ${{ steps.parse-audit.outputs.moderate }} Please find the JSON file in the [summary page](${{ github.marketplace_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}). ManualVulnerability-CheckOn-plugins-code: if: ${{ github.event.action == 'labeled' && (github.event.label.name == 'plugins-vulnerability' || github.event.label.name == 'check-vulnerability') }} runs-on: ubuntu-latest steps: - name: Checkout repository uses: actions/checkout@v3 with: ref: ${{ github.event.pull_request.head.ref }} - name: Use Node.js 18.18.2 uses: actions/setup-node@v3 with: node-version: 18.18.2 - name: Install dependencies run: npm --prefix plugins install - name: Running security audit run: npm --prefix plugins audit --json > plugins-audit.json continue-on-error: true - name: Parse audit summary id: parse-audit run: | vulnerabilities=$(jq '.metadata.vulnerabilities' plugins-audit.json) moderate=$(echo $vulnerabilities | jq '.moderate') high=$(echo $vulnerabilities | jq '.high') critical=$(echo $vulnerabilities | jq '.critical') echo "::set-output name=moderate::$moderate" echo "::set-output name=high::$high" echo "::set-output name=critical::$critical" - name: Upload audit report uses: actions/upload-artifact@v4 with: name: plugins-audit-report path: plugins-audit.json - name: Create or update PR comment uses: peter-evans/create-or-update-comment@v1 with: token: ${{ secrets.GITHUB_TOKEN }} repository: ${{ github.repository }} issue-number: ${{ github.event.pull_request.number }} body: | ### Security Audit Report Of Plugins directory **Node module vulnerabilities summary:** 🔴 Critical: ${{ steps.parse-audit.outputs.critical }} 🟠 High: ${{ steps.parse-audit.outputs.high }} 🟡 Moderate: ${{ steps.parse-audit.outputs.moderate }} Please find the JSON file in the [summary page](${{ github.plugins_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}). ManualVulnerability-CheckOn-cypress-code: if: ${{ github.event.action == 'labeled' && (github.event.label.name == 'cypress-vulnerability' || github.event.label.name == 'check-vulnerability') }} runs-on: ubuntu-latest steps: - name: Checkout repository uses: actions/checkout@v3 with: ref: ${{ github.event.pull_request.head.ref }} - name: Use Node.js 18.18.2 uses: actions/setup-node@v3 with: node-version: 18.18.2 - name: Install dependencies run: npm --prefix cypress-tests install - name: Running security audit run: npm --prefix cypress-tests audit --json > cypress-audit.json continue-on-error: true - name: Parse audit summary id: parse-audit run: | vulnerabilities=$(jq '.metadata.vulnerabilities' cypress-audit.json) moderate=$(echo $vulnerabilities | jq '.moderate') high=$(echo $vulnerabilities | jq '.high') critical=$(echo $vulnerabilities | jq '.critical') echo "::set-output name=moderate::$moderate" echo "::set-output name=high::$high" echo "::set-output name=critical::$critical" - name: Upload audit report uses: actions/upload-artifact@v4 with: name: cypress-audit-report path: cypress-audit.json - name: Create or update PR comment uses: peter-evans/create-or-update-comment@v1 with: token: ${{ secrets.GITHUB_TOKEN }} repository: ${{ github.repository }} issue-number: ${{ github.event.pull_request.number }} body: | ### Security Audit Report Of Cypress directory **Node module vulnerabilities summary:** 🔴 Critical: ${{ steps.parse-audit.outputs.critical }} 🟠 High: ${{ steps.parse-audit.outputs.high }} 🟡 Moderate: ${{ steps.parse-audit.outputs.moderate }} Please find the JSON file in the [summary page](${{ github.cypress_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}). ManualVulnerability-CheckOn-root-code: if: ${{ github.event.action == 'labeled' && (github.event.label.name == 'root-vulnerability' || github.event.label.name == 'check-vulnerability') }} runs-on: ubuntu-latest steps: - name: Checkout repository uses: actions/checkout@v3 with: ref: ${{ github.event.pull_request.head.ref }} - name: Use Node.js 18.18.2 uses: actions/setup-node@v3 with: node-version: 18.18.2 - name: Install dependencies run: npm install - name: Running security audit run: npm audit --json > root-audit.json continue-on-error: true - name: Parse audit summary id: parse-audit run: | vulnerabilities=$(jq '.metadata.vulnerabilities' root-audit.json) moderate=$(echo $vulnerabilities | jq '.moderate') high=$(echo $vulnerabilities | jq '.high') critical=$(echo $vulnerabilities | jq '.critical') echo "::set-output name=moderate::$moderate" echo "::set-output name=high::$high" echo "::set-output name=critical::$critical" - name: Upload audit report uses: actions/upload-artifact@v4 with: name: root-audit-report path: root-audit.json - name: Create or update PR comment uses: peter-evans/create-or-update-comment@v1 with: token: ${{ secrets.GITHUB_TOKEN }} repository: ${{ github.repository }} issue-number: ${{ github.event.pull_request.number }} body: | ### Security Audit Report Of Root directory **Node module vulnerabilities summary:** 🔴 Critical: ${{ steps.parse-audit.outputs.critical }} 🟠 High: ${{ steps.parse-audit.outputs.high }} 🟡 Moderate: ${{ steps.parse-audit.outputs.moderate }} Please find the JSON file in the [summary page](${{ github.root_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}).