Skip to content

Ingest GHSA Malware #486

Ingest GHSA Malware

Ingest GHSA Malware #486

Workflow file for this run

name: Ingest GHSA Malware
on:
schedule:
- cron: '7 0 * * *' # Once an day
workflow_dispatch:
permissions: read-all
jobs:
ingest-ghsa:
name: Ingest GHSA
continue-on-error: false
runs-on: ubuntu-latest
permissions:
actions: read
contents: write
steps:
- name: Checkout self
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
token: ${{ secrets.GH_TOKEN }}
- name: Checkout ossf/osv-schema
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
token: ${{ secrets.GH_TOKEN }}
repository: ossf/osv-schema
ref: 719ef525491260972fbec8679130052d4086711c
path: osv-schema
- uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
go-version: "1.21"
- uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0
with:
python-version: "3.11"
cache: pipenv
cache-dependency-path: osv-schema/tools/ghsa/Pipfile.lock
- name: Install pipenv
run: |
pip install pipenv==2023.7.11
- name: Install dependencies
run: |
cd osv-schema/tools/ghsa
pipenv sync
- name: Dump GHSA Malware
run: |
cd osv-schema/tools/ghsa
mkdir OUT
TIMESINCE=`python3 -c 'import datetime; dt=datetime.datetime.now(datetime.UTC)-datetime.timedelta(hours=48); print(dt.isoformat())'`
pipenv run python dump_ghsa.py --token "${{ github.token }}" --query "classifications: [MALWARE] updatedSince: \"$TIMESINCE\"" OUT
- name: Convert GHSA to OSV
run: |
cd osv-schema/tools/ghsa
mkdir OSV
pipenv run python convert_ghsa.py -o OSV OUT/*.json
- name: Ingest OSV
run: |
go run ./cmd/ingest -config config/config.yaml -dir osv-schema/tools/ghsa/OSV -source ghsa-malware
- name: Prepare commit
run: |
git config user.name github-actions
git config user.email github-actions@github.com
git add osv
- name: Commit report changes
run: git diff --cached --quiet || git commit -m 'Ingest OSV - GHSA Malware'
- name: Push commit
run: git push