Run Vulnerability Data Script with Parameters and Update PR

Run Vulnerability #2

Workflow file for this run

.github/workflows/test-vulnerabilities-data.yml at 915b602

	name: Run Vulnerability Data Script with Parameters and Update PR

	on:
	workflow_dispatch:
	inputs:
	image_name:
	description: 'Docker image name to scan'
	required: true
	default: 'appsmith/appsmith-ce:release'

	jobs:
	run-and-update-pr:
	runs-on: ubuntu-latest
	steps:
	- name: Checkout repository
	uses: actions/checkout@v3

	- name: Set up Node.js
	uses: actions/setup-node@v3
	with:
	node-version: '20'

	- name: Login to DockerHub
	uses: docker/login-action@v3
	with:
	username: ${{ secrets.DOCKER_HUB_USERNAME }}
	password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}

	- name: Install pg
	run: npm install pg

	- name: Fetch vulnerability data
	id: vulnerability_data
	env:
	DB_HOST: ${{ secrets.CYPRESS_DB_HOST }}
	DB_NAME: ${{ secrets.CYPRESS_DB_NAME }}
	DB_USER: ${{ secrets.CYPRESS_DB_USER }}
	DB_PWD: ${{ secrets.CYPRESS_DB_PWD }}
	uses: actions/github-script@v7
	with:
	script: \|
	const { Pool } = require("pg");
	const fs = require('fs');
	const path = require('path');
	const { DB_HOST, DB_NAME, DB_USER, DB_PWD } = process.env;

	const pool = new Pool({
	user: DB_USER,
	host: DB_HOST,
	database: DB_NAME,
	password: DB_PWD,
	port: 5432,
	connectionTimeoutMillis: 60000,
	});

	(async () => {
	const client = await pool.connect();
	try {
	// Fetch vurn_id, product, scanner_tool, and priority from the database
	const result = await client.query(`SELECT vurn_id, product, scanner_tool, priority FROM vulnerability_tracking`);
	console.log('Vulnerability Data:', result.rows);

	// Extract relevant fields from the result
	const extractedData = result.rows.map(({ vurn_id, product, scanner_tool, priority }) => ({
	vurn_id,
	product,
	scanner_tool,
	priority
	}));
	console.log('Extracted Vulnerability Data:', extractedData);

	// Prepare CSV content
	const csvContent = [
	['vurn_id', 'product', 'scanner_tool', 'priority'], // Add priority column header
	...extractedData.map(row => [row.vurn_id, row.product, row.scanner_tool, row.priority])
	]
	.map(e => e.join(',')) // Join columns
	.join('\n'); // Join rows

	// Write to CSV file in workspace
	const csvFilePath = path.join(process.env.GITHUB_WORKSPACE, 'vulnerability_base_data.csv');
	fs.writeFileSync(csvFilePath, csvContent);
	console.log(`Data successfully written to ${csvFilePath}`);

	// Prepare TXT content
	const txtContent = extractedData
	.map(row => `vurn_id: ${row.vurn_id}, product: ${row.product}, scanner_tool: ${row.scanner_tool}, priority: ${row.priority}`)
	.join('\n'); // Join rows

	// Write to TXT file in workspace
	const txtFilePath = path.join(process.env.GITHUB_WORKSPACE, 'vulnerability_base_data.txt');
	fs.writeFileSync(txtFilePath, txtContent);
	console.log(`Data successfully written to ${txtFilePath}`);

	client.release();
	return extractedData; // Return the extracted data
	} catch (err) {
	console.error('Error fetching vulnerability data:', err);
	client.release();
	}
	})();

	- name: Upload Vulnerability Data
	uses: actions/upload-artifact@v3
	with:
	name: vulnerability-data
	path: \|
	vulnerability_base_data.csv
	vulnerability_base_data.txt

	# Run Scout vulnerability data script
	- name: Run Scout vulnerability data script
	if: always()
	env:
	DB_HOST: ${{ secrets.CYPRESS_DB_HOST }}
	DB_NAME: ${{ secrets.CYPRESS_DB_NAME }}
	DB_USER: ${{ secrets.CYPRESS_DB_USER }}
	DB_PWD: ${{ secrets.CYPRESS_DB_PWD }}
	run: \|
	chmod +x scripts/scout_vulnerabilities_data.sh
	./scripts/scout_vulnerabilities_data.sh \
	"${{ inputs.image_name }}" \
	"${{ github.event.pull_request.number }}" \
	"${{ github.event.pull_request.html_url }}" \
	"${{ github.run_id }}"

	- name: Run Trivy vulnerability data script
	if: always()
	env:
	DB_HOST: ${{ secrets.CYPRESS_DB_HOST }}
	DB_NAME: ${{ secrets.CYPRESS_DB_NAME }}
	DB_USER: ${{ secrets.CYPRESS_DB_USER }}
	DB_PWD: ${{ secrets.CYPRESS_DB_PWD }}
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	run: \|
	echo "${{ secrets.GITHUB_TOKEN }}" \| docker login ghcr.io -u "${{ github.actor }}" --password-stdin
	chmod +x scripts/trivy_vulnerabilities_data.sh
	./scripts/trivy_vulnerabilities_data.sh \
	"${{ inputs.image_name }}" \
	"${{ github.event.pull_request.number }}" \
	"${{ github.event.pull_request.html_url }}" \
	"${{ github.run_id }}"

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Run Vulnerability #2

Workflow file

Run Vulnerability #2

Jobs

Run details

Workflow file for this run