mirror of
https://github.com/patrickbeane/vuln-summary.git
synced 2026-01-27 16:40:24 +00:00
37 lines
1.3 KiB
YAML
37 lines
1.3 KiB
YAML
name: Update Vulnerability Summary
|
|
|
|
on:
|
|
schedule:
|
|
- cron: "15 4 * * *" # runs daily at 04:15 EST
|
|
workflow_dispatch: # allow manual trigger
|
|
|
|
jobs:
|
|
update-summary:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout repo
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Fetch sanitized JSON
|
|
run: |
|
|
curl -sSL https://vuln.beane.me/json/trivy_sanitized.json -o trivy_sanitized.json
|
|
|
|
- name: Extract last scan summary
|
|
id: summary
|
|
run: |
|
|
summary=$(jq -r '"Last scan: \(.date) - Critical: \(.critical) | High: \(.high) | Medium: \(.medium) | Low: \(.low) | Total: \(.total)"' trivy_sanitized.json)
|
|
echo "SUMMARY=$summary" >> $GITHUB_ENV
|
|
|
|
- name: Update README
|
|
run: |
|
|
sed -i '/<!-- vuln-summary-start -->/,/<!-- vuln-summary-end -->/c\<!-- vuln-summary-start -->\n_${SUMMARY}_\n<!-- vuln-summary-end -->' README.md
|
|
|
|
- name: Commit updated summary
|
|
run: |
|
|
git config user.name "github-actions[bot]"
|
|
git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
|
|
mv latest.json data/last-scan.json
|
|
git add data/last-scan.json
|
|
git commit -m "chore: update vuln summary [skip ci]" || echo "No changes to commit"
|
|
git push
|