From 3f996a368b0470700d0c2d46a9f7c422e60d929e Mon Sep 17 00:00:00 2001 From: patrickbeane Date: Sat, 4 Oct 2025 13:35:15 -0400 Subject: [PATCH] Initial commit --- .github/workflows/update-vuln-summary.yml | 36 +++++++++++++++++++++++ .gitignore | 1 + README.md | 5 ++++ 3 files changed, 42 insertions(+) create mode 100644 .github/workflows/update-vuln-summary.yml create mode 100644 .gitignore create mode 100644 README.md diff --git a/.github/workflows/update-vuln-summary.yml b/.github/workflows/update-vuln-summary.yml new file mode 100644 index 0000000..f32e9e5 --- /dev/null +++ b/.github/workflows/update-vuln-summary.yml @@ -0,0 +1,36 @@ +name: Update Vulnerability Summary + +on: + schedule: + - cron: "15 4 * * *" # runs daily at 04:15 EST + workflow_dispatch: # allow manual trigger + +jobs: + update-summary: + runs-on: ubuntu-latest + steps: + - name: Checkout repo + uses: actions/checkout@v4 + + - name: Fetch sanitized JSON + run: | + curl -sSL https://vuln.beane.me/json/trivy_sanitized.json -o trivy_sanitized.json + + - name: Extract last scan summary + id: summary + run: | + summary=$(jq -r '"Last scan: \(.date) - Critical: \(.critical) | High: \(.high) | Medium: \(.medium) | Low: \(.low) | Total: \(.total)"' trivy_sanitized.json) + echo "SUMMARY=$summary" >> $GITHUB_ENV + + - name: Update README + run: | + sed -i '//,//c\\n_${SUMMARY}_\n' README.md + + - name: Commit updated summary + run: | + git config user.name "github-actions[bot]" + git config user.email "41898282+github-actions[bot]@users.noreply.github.com" + mv latest.json data/last-scan.json + git add data/last-scan.json + git commit -m "chore: update vuln summary [skip ci]" || echo "No changes to commit" + git push diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..e99efc9 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +trivy_sanitized.json diff --git a/README.md b/README.md new file mode 100644 index 0000000..7e98e96 --- /dev/null +++ b/README.md @@ -0,0 +1,5 @@ +## 🔒 Vulnerability Summary + + +_Last scan: pending..._ +