github-action-qwas/action.yaml at main · Qualys/github-action-qwas · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
name: 'Qualys GitHub actions for Web Application Scanning'

description: 'The Qualys GitHub Actions for Web Application Scanning allows DevOps teams to build application
              vulnerability scans into their existing CI/CD processes. By integrating web application scans in
              this manner, application security testing is accomplished earlier in the SDLC to catch and eliminate
              security flaws.'

branding:
  icon: 'shield'
  color: 'red'

inputs:
  QUALYS_USERNAME:
    description: "Qualys Username"
    required: true
  QUALYS_PASSWORD:
    description: "Qualys Password"
    required: true
  API_SERVER:
    description: "API Server URL"
    required: true
  SCAN_NAME:
    description: "Scan Name"
    required: true
  SCAN_TYPE:
    description: "Scan Type"
    required: true
  WEBAPP_ID:
    description: "Webapp ID"
    required: true
  AUTH_RECORD:
    description: "Authentication Record"
    required: false
  AUTH_RECORD_ID:
    description: "Authentication Record ID"
    required: false
  OPTION_PROFILE:
    description: "Option Profile"
    required: false
  OPTION_PROFILE_ID:
    description: "Option Profile ID"
    required: false
  CANCEL_OPTION:
    description: "Cancel Option"
    required: false
  CANCEL_HOURS:
    description: "Cancel Hours"
    required: false
  SEVERITY_CHECK:
    description: "Severity Check"
    required: false
  SEVERITY_LEVEL:
    description: "Severity Level"
    required: false
  EXCLUDE:
    description: "Exclude"
    required: false
  FAIL_ON_SCAN_ERROR:
    description: "Fail on Scan Error"
    required: false
  WAIT_FOR_RESULT:
    description: "Wait for Result"
    required: false
  INTERVAL:
    description: "Interval"
    required: false
  TIMEOUT:
    description: "Timeout"
    required: false
  FILE_TYPE:
    description: "File format to download artifact"
    required: false

runs:
  using: composite
  steps:
    - name: Setting up GitHub Repository
      uses: actions/checkout@v4
      with:
        repository: Qualys/github-action-qwas

    - name: Setting up Maven Wrapper
      if: runner.os != 'Windows'
      run: chmod +x ./mvnw
      shell: bash

    - name: Setting up Java Environment
      uses: actions/setup-java@v4
      with:
        java-version: '17'
        distribution: 'oracle'

    - name: Caching Maven dependencies
      uses: actions/cache@v4
      with:
        path: ~/.m2/repository
        key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
        restore-keys: |
          ${{ runner.os }}-maven-

    - name: Building plugin with Maven
      run: ./mvnw clean package
      shell: bash

    - name: Storing Maven dependencies in cache
      uses: actions/cache@v4
      with:
        path: ~/.m2/repository
        key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}

    - name: Spinning up Qualys WAS Scan Plugin
      run: java -jar ./target/GitHubActionsQWas-0.0.1-SNAPSHOT.jar
      id: run-app
      env:
        API_SERVER: ${{ inputs.API_SERVER }}
        QUALYS_USERNAME: ${{ inputs.QUALYS_USERNAME }}
        QUALYS_PASSWORD: ${{ inputs.QUALYS_PASSWORD }}
        WEBAPP_ID: ${{ inputs.WEBAPP_ID }}
        SCAN_NAME: ${{ inputs.SCAN_NAME }}
        SCAN_TYPE: ${{ inputs.SCAN_TYPE }}
        AUTH_RECORD: ${{ inputs.AUTH_RECORD }}
        AUTH_RECORD_ID: ${{ inputs.AUTH_RECORD_ID }}
        OPTION_PROFILE: ${{ inputs.OPTION_PROFILE }}
        OPTION_PROFILE_ID: ${{ inputs.OPTION_PROFILE_ID }}
        CANCEL_OPTION: ${{ inputs.CANCEL_OPTION }}
        CANCEL_HOURS: ${{ inputs.CANCEL_HOURS }}
        SEVERITY_CHECK: ${{ inputs.SEVERITY_CHECK }}
        SEVERITY_LEVEL: ${{ inputs.SEVERITY_LEVEL }}
        EXCLUDE: ${{ inputs.EXCLUDE }}
        FAIL_ON_SCAN_ERROR: ${{ inputs.FAIL_ON_SCAN_ERROR }}
        WAIT_FOR_RESULT: ${{ inputs.WAIT_FOR_RESULT }}
        INTERVAL: ${{ inputs.INTERVAL }}
        TIMEOUT: ${{ inputs.TIMEOUT }}
        FILE_TYPE: ${{ inputs.FILE_TYPE }}
      continue-on-error: true
      shell: bash

    - name: Uploading Qualys WAS Scan Result
      uses: actions/upload-artifact@v4
      with:
        name: Qualys_WAS_Scan_Result
        path: ./outputs/

    - name: Checking for Qualys WAS Scan Plugin Failure
      if: steps.run-app.outcome != 'success'
      run: exit 1
      shell: bash