mirror of
https://github.com/Rarebuffalo/securelens-backend.git
synced 2026-06-19 07:00:30 +00:00
47 lines
1.4 KiB
YAML
47 lines
1.4 KiB
YAML
name: SecureLens CI/CD Scan
|
|
|
|
on:
|
|
push:
|
|
branches: [ "main" ]
|
|
pull_request:
|
|
branches: [ "main" ]
|
|
|
|
jobs:
|
|
security-scan:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout Code
|
|
uses: actions/checkout@v3
|
|
|
|
# Example: Wait for deployment/staging URL to be available
|
|
- name: Run SecureLens Scan
|
|
env:
|
|
SECURELENS_API_URL: "https://your-securelens-instance.com"
|
|
SECURELENS_API_KEY: ${{ secrets.SECURELENS_API_KEY }}
|
|
TARGET_URL: "https://staging.your-app.com"
|
|
MINIMUM_SCORE: 80
|
|
run: |
|
|
echo "Initiating SecureLens Scan against $TARGET_URL"
|
|
|
|
# Trigger Scan
|
|
RESPONSE=$(curl -s -X POST "$SECURELENS_API_URL/scans/scan" \
|
|
-H "X-API-Key: $SECURELENS_API_KEY" \
|
|
-H "Content-Type: application/json" \
|
|
-d "{\"url\": \"$TARGET_URL\"}")
|
|
|
|
# Extract score using jq
|
|
SCORE=$(echo $RESPONSE | jq -r '.security_score')
|
|
SCAN_ID=$(echo $RESPONSE | jq -r '.id')
|
|
|
|
echo "Scan completed (ID: $SCAN_ID)"
|
|
echo "Security Score: $SCORE"
|
|
|
|
# Check Threshold
|
|
if (( $(echo "$SCORE < $MINIMUM_SCORE" | bc -l) )); then
|
|
echo "::error::Security score ($SCORE) is below the minimum threshold ($MINIMUM_SCORE)"
|
|
exit 1
|
|
else
|
|
echo "Security check passed!"
|
|
exit 0
|
|
fi
|