Execute Vulnerability Scan #1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Execute Vulnerability Scan | |
| on: | |
| workflow_dispatch: | |
| schedule: | |
| - cron: "0 12 * * 5" | |
| env: | |
| ELIXIR_VERSION: "1.15" | |
| OTP_VERSION: "24.2.1" | |
| APPLICATION_WORKING_DIR: ./ | |
| jobs: | |
| execute_scan: | |
| name: Execute Vulnerability Scan | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout Github Repo | |
| uses: actions/checkout@v3 | |
| - name: Setup Elixir | |
| uses: erlef/setup-beam@v1 | |
| with: | |
| otp-version: ${{ env.OTP_VERSION }} | |
| elixir-version: ${{ env.ELIXIR_VERSION }} | |
| - name: Setup Dependencies Cache | |
| id: deps-cache | |
| run: | | |
| echo "key=${{ runner.os }}-Elixir(${{ env.OTP_VERSION }})-OTP(${{ env.ELIXIR_VERSION }})-Mix.LockHash(${{ hashFiles('**/mix.lock') }})" >> $GITHUB_OUTPUT | |
| - name: Retrieve Cached Dependencies | |
| uses: actions/cache@v3 | |
| id: mix-cache | |
| with: | |
| path: | | |
| ${{env.APPLICATION_WORKING_DIR}}/deps | |
| ${{env.APPLICATION_WORKING_DIR}}/_build | |
| key: ${{ steps.deps-cache.outputs.key }} | |
| - name: Install Dependencies | |
| if: steps.mix-cache.outputs.cache-hit != 'true' | |
| working-directory: ${{env.APPLICATION_WORKING_DIR}} | |
| run: | | |
| mix local.rebar --force | |
| mix local.hex --force | |
| mix deps.get | |
| mix deps.compile | |
| - name: Execute Report | |
| id: report_status | |
| working-directory: ${{env.APPLICATION_WORKING_DIR}} | |
| run: | | |
| mix deps.audit | |
| - name: Echo Scan Exit Code | |
| if: always() | |
| run: echo "${{steps.report_status.outcome}}" | |
| - name: Vulnerabilities Found - Discord notification | |
| if: always() && steps.report_status.outcome == 'failure' | |
| uses: sarisia/actions-status-discord@v1 | |
| with: | |
| webhook: ${{ secrets.DISCORD_WEBHOOK }} | |
| status: 'failure' | |
| username: GitHub Actions | |
| avatar_url: ${{ secrets.DISCORD_AVATAR_URL }} | |
| title: " Vulnerability Audit" | |
| description: "View Scan Results: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" | |
| image: ${{ secrets.DISCORD_EMBED_IMAGE }} | |
| color: 0x0000ff | |
| url: ${{ github.server_url }}/${{ github.repository }} |