Skip to content

GitHub actions and GitLab CI templates run various vulnerability scanners, upload the results into SecObserve and make the results of the scans available for download as artefacts in JSON format.

License

Notifications You must be signed in to change notification settings

MaibornWolff/secobserve_actions_templates

SecObserve GitHub actions and GitLab CI templates

SecObserve gathers results about potential security flaws from various vulnerability scanning tools and makes them available for assessment and reporting.

It consists of 2 major components:

  • GitHub actions and GitLab CI templates: Integrating vulnerability scanners into a CI/CD pipeline can be tedious. Each tool has to be installed differently and is called with different parameters. To avoid having to solve this task all over again, there are repositories with GitHub actions and GitLab CI templates. These make the process of integrating vulnerability scanners very simple by providing uniform methods for launching the tools and uniform parameters. The tools are regularly updated in the repositories so that the latest features and bug fixes are always available.

    All actions and templates run the scanner, upload the results into SecObserve and make the results of the scans available for download as artefacts in JSON format.

    These GitHub actions and GitLab CI templates are the content of this repository.

  • Vulnerability management system SecObserve: SecObserve provides the development team with an overview of the results of all vulnerability scans for their project, which can be easily filtered and sorted. In the detailed view, the results are displayed uniformly with a wealth of information, regardless of which vulnerability scanner generated them.

    The sources of the vulnerability management system can be found in https://github.com/MaibornWolff/SecObserve.

Available actions and templates

Scanner GitHub Action GitLab CI Template License
Bandit actions/SAST/bandit templates/SAST/bandit.yml Apache 2.0
ESLint actions/SAST/eslint templates/SAST/eslint.yml MIT
Semgrep actions/SAST/semgrep templates/SAST/semgrep.yml LGPL 2.1
Checkov actions/SAST/checkov templates/SAST/checkov.yml Apache 2.0
KICS actions/SAST/kics templates/SAST/kics.yml Apache 2.0
tfsec actions/SAST/tfsec templates/SAST/tfsec.yml MIT
Grype actions/SCA/grype_image templates/SCA/grype_image.yml Apache 2.0
Trivy actions/SCA/trivy_filesystem templates/SCA/trivy_filesystem.yml Apache 2.0
Trivy actions/SCA/trivy_image templates/SCA/trivy_image.yml Apache 2.0
Gitleaks actions/secrets/gitleaks templates/secrets/gitleaks.yml MIT
CryptoLyzer actions/DAST/cryptolyzer templates/DAST/cryptolyzer.yml MPL 2.0
DrHeader actions/DAST/drheader templates/DAST/drheader.yml MIT
ZAP actions/DAST/zap templates/DAST/zap.yml Apache 2.0

All GitHub actions and GitLab CI templates use a pre-built Docker image that contains all scanners and the SecObserve importer.

Documentation

See GitHub actions and GitLab CI templates for the full documentation how to use the actions and templates.

Code of Conduct

Please note that this project is released with a Contributor Code of Conduct. By participating in this project you agree to abide by its terms.

License

SecObserve is licensed under the 3-Clause BSD License