mirror of
https://github.com/patrickbeane/vuln-summary.git
synced 2026-01-27 16:40:24 +00:00
57 lines
1.8 KiB
YAML
57 lines
1.8 KiB
YAML
name: Update Vulnerability Summary
|
|
|
|
on:
|
|
schedule:
|
|
- cron: "15 9 * * *" # runs daily at 09:15 UTC
|
|
workflow_dispatch: # allow manual trigger
|
|
|
|
jobs:
|
|
update-summary:
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
contents: write # allow pushing back to the repo
|
|
|
|
steps:
|
|
- name: Checkout repo
|
|
uses: actions/checkout@v4
|
|
with:
|
|
token: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
- name: Fetch sanitized JSON
|
|
run: |
|
|
curl -sSL https://vuln.beane.me/json/trivy_sanitized.json -o trivy_sanitized.json
|
|
ls -lh trivy_sanitized.json
|
|
head -20 trivy_sanitized.json || true
|
|
|
|
- name: Extract last scan JSON
|
|
run: |
|
|
jq '.last_scan' trivy_sanitized.json > latest.json
|
|
cat latest.json
|
|
|
|
- name: Build summary string
|
|
run: |
|
|
jq -r '.last_scan | "_Last scan: \(.date)_<br><br>Critical: \(.critical)<br>High: \(.high)<br>Medium: \(.medium)<br>Low: \(.low)<br><br>Total: \(.total)"' trivy_sanitized.json > summary.txt
|
|
|
|
- name: Update README
|
|
run: |
|
|
awk '
|
|
/<!-- vuln-summary-start -->/ {
|
|
print;
|
|
while ((getline line < "summary.txt") > 0) print line;
|
|
skip=1;
|
|
next
|
|
}
|
|
/<!-- vuln-summary-end -->/ {skip=0}
|
|
!skip
|
|
' README.md > README.tmp && mv README.tmp README.md
|
|
|
|
- name: Commit updated files
|
|
run: |
|
|
git config user.name "github-actions[bot]"
|
|
git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
|
|
mkdir -p data
|
|
mv latest.json data/last-scan.json
|
|
git add data/last-scan.json README.md
|
|
git commit -m "chore: refresh vuln summary (README + JSON)" || echo "No changes to commit"
|
|
git push
|