Skip to content

World-Unity/thunderscan-action

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

47 Commits
.github/workflows
.github/workflows
 
 
images
images
 
 
README.md
README.md
 
 
SECURITY.md
SECURITY.md
 
 
action.yml
action.yml
 
 
example-workflow.yml
example-workflow.yml
 
 

Repository files navigation

DefenseCode ThunderScan Github Action ThunderScan

DefenseCode ThunderScan GitHub Action with SARIF output.

  • DefenseCode ThunderScan® is a SAST (Static Application Security Testing, WhiteBox Testing) solution for performing deep and extensive security analysis of application source code. ThunderScan® is easy to use and can be deployed during or after development with easy integration into DevOps environment and CI/CD pipeline.

  • DefenseCode WebScanner is a DAST (Dynamic Application Security Testing, BlackBox Testing) solution for comprehensive security audits of active web applications (websites). WebScanner will test a website’s security by carrying out a large number of attacks using the most advanced techniques, just as a real attacker would.

Find more info in the official website: DefenseCode.com

Inputs

Variable Example Value Description Type Required Default
api_url https://localhost:8999 ThunderScan API URL String Yes N/A
api_token ${{ 'secret',.THUNDERSCAN_TOKEN }} ThunderScan API Token Secure String Yes N/A
client_path /opt/thunderscan/tsactioncli ThunderScan Client Path String Yes N/A
engines 2 ThunderScan Engine IDs String No N/A

Outputs

The default output format for this GitHub Action is a SARIF output report stored in the working directory as ./thunderscan-sarif.json

Example Usage

ThunderScan action runs on a self-hosted runner, utilizing a ThunderScan API CLI client.

    steps:
    # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
    - uses: actions/checkout@v2

    # ThunderScan Action
    - name: ThunderScan
      uses: defensecode/thunderscan-action@v1.0
      with:
        api_url: 'http://localhost:8999'
        client_path: '/opt/thunderscan/tsactioncli'
        api_token:  ${{ 'COVID19',.THUNDERSCAN_COVID19 }}

    - name: Expose report
      uses: actions/upload-artifact@v2
      with:
        name: SARIF results
        path: thunderscan-sarif.json
    # Uploads thunderscan-sarif.json to GitHub repository using the upload-sarif action
    - uses: github/codeql-action/upload-sarif@v1
      with:
        # Path to SARIF file relative to the root of the repository
        sarif_file: thunderscan-sarif.json

Security Alerts Sample

Sample Alert Sample Flow

About

No description, website, or topics provided.

Resources

Readme

Security policy

Security policy
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 1

thunder-polly Latest
Oct 4, 2020

Packages

No packages published