Merge pull request #45 from SocialGouv/fixDashlord-RemoveStartup #249

Workflow file for this run

	name: DashLord scans

	on:
	workflow_dispatch:
	inputs:
	url:
	description: "Single url to scan or scan all urls"
	required: false
	default: ""
	push:
	branches:
	- master
	- main
	paths:
	- "dashlord.yaml"
	- "dashlord.yml"
	- "urls.txt"
	# schedule:
	# - cron: "0 0 * * 0" # see https://crontab.guru

	jobs:
	init:
	runs-on: ubuntu-latest
	name: Prepare
	outputs:
	sites: ${{ steps.init.outputs.sites }}
	config: ${{ steps.init.outputs.config }}
	steps:
	- uses: actions/checkout@v3
	- id: init
	uses: "SocialGouv/dashlord-actions/init@v1"
	with:
	url: ${{ github.event.inputs.url }}

	scans:
	runs-on: ubuntu-latest
	name: Scan
	needs: init
	continue-on-error: true
	strategy:
	fail-fast: false
	max-parallel: 3
	matrix:
	sites: ${{ fromJson(needs.init.outputs.sites) }}
	steps:
	- uses: actions/checkout@v3

	- run: \|
	mkdir scans

	- uses: actions/cache@v3
	with:
	path: "**/node_modules"
	key: ${{ runner.os }}-modules-${{ hashFiles('**/yarn.lock') }}

	- name: Déclaration a11y
	continue-on-error: true
	uses: "socialgouv/dashlord-actions/declaration-a11y@v1"
	if: ${{ matrix.sites.tools['declaration-a11y'] }}
	with:
	url: ${{ matrix.sites.url }}
	output: scans/declaration-a11y.json

	- name: eco-index
	continue-on-error: true
	uses: "socialgouv/dashlord-actions/ecoindex@v1"
	if: ${{ matrix.sites.tools.ecoindex }}
	with:
	url: ${{ matrix.sites.url }}
	output: scans/ecoindex.json

	- name: Trivy GHCR
	continue-on-error: true
	uses: "socialgouv/dashlord-actions/trivy-ghcr@v1"
	if: ${{ matrix.sites.tools['trivy'] && matrix.sites.repositories }}
	with:
	repos: ${{ join(matrix.sites.repositories) }}
	output: scans/trivy.json

	- name: Detect 404s
	continue-on-error: true
	uses: "socialgouv/detect-404-action@master"
	if: ${{ matrix.sites.tools['404'] }}
	with:
	url: ${{ matrix.sites.url }}
	output: scans/404.json

	- name: Betagouv API scan
	if: ${{ matrix.sites.tools.betagouv }}
	continue-on-error: true
	timeout-minutes: 10
	id: betagouv
	uses: betagouv/dashlord-startup-action@main
	with:
	id: "${{ matrix.sites.betaId }}"
	output: "scans/betagouv.json"

	- name: Stats page
	continue-on-error: true
	timeout-minutes: 10
	uses: "betagouv/check-url-action@main"
	if: ${{ matrix.sites.tools.stats }}
	with:
	url: ${{ steps.betagouv.outputs.stats_url \|\| format('{0}/stats', matrix.sites.url) }}
	output: scans/stats.json
	minExpectedRegex: ^stat
	exactExpectedRegex: ^stats$

	- name: Screenshot Website
	uses: swinton/screenshot-website@v1.x
	if: ${{ matrix.sites.tools.screenshot }}
	timeout-minutes: 10
	continue-on-error: true
	with:
	source: "${{ matrix.sites.url }}"
	type: jpeg
	destination: screenshot.jpeg
	width: 1280
	scaleFactor: 0.5

	- name: Wappalyzer scan
	if: ${{ matrix.sites.tools.wappalyzer }}
	uses: "socialgouv/wappalyzer-action@master"
	continue-on-error: true
	with:
	url: "${{ matrix.sites.url }}"
	output: scans/wappalyzer.json

	- name: ZAP Scan
	if: ${{ matrix.sites.tools.zap }}
	uses: zaproxy/action-baseline@v0.7.0
	continue-on-error: true
	with:
	token: "" # disable issue creation
	rules_file_name: "zap-rules.tsv"
	docker_name: "owasp/zap2docker-stable"
	target: "${{ matrix.sites.url }}"
	cmd_options: "-a"
	allow_issue_writing: false

	- name: Lighthouse scan
	if: ${{ matrix.sites.tools.lighthouse }}
	continue-on-error: true
	uses: socialgouv/dashlord-actions/lhci@v1
	with:
	url: "${{ join(matrix.sites.subpages, ',') }}"

	- name: Mozilla HTTP Observatory
	if: ${{ matrix.sites.tools.http }}
	continue-on-error: true
	uses: SocialGouv/httpobs-action@master
	with:
	url: "${{ matrix.sites.url }}"
	output: "scans/http.json"

	- name: Third-party scripts scan
	if: ${{ matrix.sites.tools.thirdparties }}
	continue-on-error: true
	uses: SocialGouv/thirdparties-action@master
	id: thirdparties
	with:
	url: "${{ matrix.sites.url }}"
	output: "scans/thirdparties.json"

	- name: Déclaration RGPD
	continue-on-error: true
	uses: SocialGouv/dashlord-actions/declaration-rgpd@v1
	if: ${{ matrix.sites.tools['declaration-rgpd'] }}
	with:
	thirdparties: ${{ steps.thirdparties.outputs.json }}
	url: ${{ matrix.sites.url }}
	output: scans/declaration-rgpd.json

	# testssl.sh action needs an hostname to save its output so we build it here
	- name: Extract hostname
	id: hostname
	run: \|
	HOSTNAME=$(echo "${{ matrix.sites.url }}" \| sed -e 's/[^/]\/\/$[^@]@$\?$[^:/]$./\2/')
	echo "::set-output name=value::$HOSTNAME"

	- name: testssl.sh scan
	if: ${{ matrix.sites.tools.testssl }}
	continue-on-error: true
	uses: "mbogh/test-ssl-action@v1.1"
	with:
	host: ${{ steps.hostname.outputs.value }}
	output: scans
	grade: "F"
	options: "--fast"

	- name: Nuclei scan
	if: ${{ matrix.sites.tools.nuclei }}
	continue-on-error: true
	uses: "SocialGouv/dashlord-nuclei-action@master"
	with:
	url: ${{ matrix.sites.url }}
	output: "scans/nuclei.log"

	- name: Updown.io checks
	if: ${{ matrix.sites.tools.updownio }}
	continue-on-error: true
	uses: "MTES-MCT/updownio-action@main"
	with:
	apiKey: ${{ secrets.UPDOWNIO_API_KEY }}
	url: ${{ matrix.sites.url }}
	output: scans/updownio.json

	- name: Dependabot vulnerabilities alerts
	if: ${{ matrix.sites.tools.dependabot && matrix.sites.repositories }}
	continue-on-error: true
	uses: "MTES-MCT/dependabotalerts-action@main"
	with:
	token: ${{ secrets.DEPENDABOTALERTS_TOKEN }}
	repositories: ${{ join(matrix.sites.repositories) }}
	output: scans/dependabotalerts.json

	- name: Code quality alerts
	if: ${{ matrix.sites.tools.codescan && matrix.sites.repositories }}
	continue-on-error: true
	uses: "MTES-MCT/codescanalerts-action@main"
	with:
	token: ${{ secrets.CODESCANALERTS_TOKEN }}
	repositories: ${{ join(matrix.sites.repositories) }}
	output: scans/codescanalerts.json

	- name: nmap vulnerabilities scan
	if: ${{ matrix.sites.tools.nmap }}
	continue-on-error: true
	timeout-minutes: 10
	uses: "MTES-MCT/nmap-action@main"
	with:
	host: ${{ steps.hostname.outputs.value }}
	outputDir: "scans"
	outputFile: "nmapvuln.json"
	withVulnerabilities: true
	raw: false

	- uses: SocialGouv/dashlord-actions/save@v1
	with:
	url: ${{ matrix.sites.url }}

	- name: "Commit"
	id: commit1
	continue-on-error: true
	run: \|
	git config --global user.email 41898282+github-actions[bot]@users.noreply.github.com
	git config --global user.name GitHub
	git add "results"
	git commit -m "update: ${{ matrix.sites.url }}"
	git pull --rebase --no-ff origin main
	git push

	- name: "Commit retry"
	if: steps.commit1.outcome=='failure'
	run: \|
	git config --global user.email 41898282+github-actions[bot]@users.noreply.github.com
	git config --global user.name GitHub
	git add "results"
	git commit -m "update: ${{ matrix.sites.url }}"
	git pull --rebase --no-ff origin main
	git push

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Merge pull request #45 from SocialGouv/fixDashlord-RemoveStartup #249

Workflow file

Merge pull request #45 from SocialGouv/fixDashlord-RemoveStartup #249

Jobs

Run details

Workflow file for this run