DashLord scans #893

Workflow file for this run

	name: DashLord scans

	on:
	workflow_dispatch:
	inputs:
	url:
	description: "Single url to scan or scan all urls"
	required: false
	default: ""
	tool:
	description: "Single tool to run or use all tools"
	type: choice
	default: all
	options:
	- all
	- codescan
	- dependabot
	- ecoindex
	- lighthouse
	- sonarcloud
	- trivy
	- zap
	- ecoindex
	- dsfr
	- declaration-a11y
	- declaration-rgpd
	schedule:
	- cron: "0 0 * * 0" # At 00:00 on Sunday

	jobs:
	init:
	runs-on: ubuntu-latest
	name: Prepare
	outputs:
	sites: ${{ steps.init.outputs.sites }}
	config: ${{ steps.init.outputs.config }}
	steps:
	- uses: actions/checkout@v2
	- id: init
	uses: "SocialGouv/dashlord-actions/init@v1"
	with:
	url: ${{ github.event.inputs.url }}
	tool: ${{ github.event.inputs.tool }}
	- id: updown-init
	uses: "SocialGouv/dashlord-actions/updown-init@v1"
	env:
	UPDOWNIO_API_KEY: ${{ secrets.UPDOWNIO_API_KEY }}
	scans:
	runs-on: ubuntu-latest
	name: Scan
	needs: init
	continue-on-error: true
	strategy:
	fail-fast: false
	max-parallel: 3
	matrix:
	sites: ${{ fromJson(needs.init.outputs.sites) }}
	steps:
	- uses: actions/checkout@v4

	- run: \|
	mkdir scans

	- uses: actions/cache@v2
	with:
	path: "**/node_modules"
	key: ${{ runner.os }}-modules-${{ hashFiles('**/yarn.lock') }}

	- name: dsfr
	continue-on-error: true
	timeout-minutes: 10
	uses: "socialgouv/dashlord-actions/dsfr@v1"
	if: ${{ matrix.sites.tools.dsfr }}
	with:
	url: ${{ matrix.sites.url }}
	output: scans/dsfr.json

	- name: eco-index
	continue-on-error: true
	timeout-minutes: 10
	uses: "socialgouv/dashlord-actions/ecoindex@v1"
	if: ${{ matrix.sites.tools.ecoindex }}
	with:
	url: ${{ matrix.sites.url }}
	output: scans/ecoindex.json

	- name: Screenshot Website
	if: ${{ matrix.sites.tools.screenshot }}
	uses: swinton/screenshot-website@v1.x
	continue-on-error: true
	timeout-minutes: 10
	with:
	source: "${{ matrix.sites.url }}"
	type: jpeg
	destination: screenshot.jpeg
	width: 1280
	scaleFactor: 0.5

	- name: Déclaration a11y
	continue-on-error: true
	timeout-minutes: 10
	uses: "socialgouv/dashlord-actions/declaration-a11y@v1"
	if: ${{ matrix.sites.tools['declaration-a11y'] }}
	with:
	url: ${{ matrix.sites.url }}
	output: scans/declaration-a11y.json

	- name: Wappalyzer scan
	if: ${{ matrix.sites.tools.wappalyzer }}
	uses: "socialgouv/wappalyzer-action@master"
	continue-on-error: true
	timeout-minutes: 10
	with:
	url: "${{ matrix.sites.url }}"
	output: scans/wappalyzer.json

	- name: ZAP Scan
	if: ${{ matrix.sites.tools.zap }}
	uses: zaproxy/action-baseline@v0.4.0
	continue-on-error: true
	timeout-minutes: 10
	with:
	token: "" # disable issue creation
	rules_file_name: "zap-rules.tsv"
	docker_name: "owasp/zap2docker-stable"
	target: "${{ matrix.sites.url }}"
	cmd_options: "-a"

	- name: Lighthouse scan
	if: ${{ matrix.sites.tools.lighthouse }}
	continue-on-error: true
	timeout-minutes: 20
	uses: SocialGouv/dashlord-actions/lhci@v1
	with:
	url: "${{ join(matrix.sites.subpages, ',') }}"

	- name: Mozilla HTTP Observatory
	if: ${{ matrix.sites.tools.http }}
	continue-on-error: true
	id: http
	timeout-minutes: 10
	uses: SocialGouv/httpobs-action@master
	with:
	url: "${{ matrix.sites.url }}"
	output: "scans/http.json"

	- name: Mozilla HTTP Observatory retry
	if: steps.http.outcome=='failure'
	continue-on-error: true
	timeout-minutes: 10
	uses: SocialGouv/httpobs-action@master
	with:
	url: "${{ matrix.sites.url }}"
	output: "scans/http.json"

	- name: Third-party scripts scan
	if: ${{ matrix.sites.tools.thirdparties }}
	continue-on-error: true
	timeout-minutes: 10
	uses: SocialGouv/thirdparties-action@master
	id: thirdparties
	with:
	url: "${{ matrix.sites.url }}"
	output: "scans/thirdparties.json"

	- name: Déclaration RGPD
	continue-on-error: true
	uses: SocialGouv/dashlord-actions/declaration-rgpd@v1
	if: ${{ matrix.sites.tools['declaration-rgpd'] }}
	with:
	thirdparties: ${{ steps.thirdparties.outputs.json }}
	url: ${{ matrix.sites.url }}
	output: scans/declaration-rgpd.json

	# testssl.sh action needs an hostname to save its output so we build it here
	- name: Extract hostname
	id: hostname
	run: \|
	HOSTNAME=$(echo "${{ matrix.sites.url }}" \| sed -e 's/[^/]\/\/$[^@]@$\?$[^:/]$./\2/')
	echo "::set-output name=value::$HOSTNAME"

	- name: testssl.sh scan
	if: ${{ matrix.sites.tools.testssl }}
	continue-on-error: true
	timeout-minutes: 10
	uses: "mbogh/test-ssl-action@v1.1"
	with:
	host: ${{ steps.hostname.outputs.value }}
	output: scans
	grade: "F"
	options: "--fast"

	- name: nmap vulnerabilities scan
	if: ${{ matrix.sites.tools.nmap }}
	continue-on-error: true
	timeout-minutes: 10
	uses: "MTES-MCT/nmap-action@main"
	with:
	host: ${{ steps.hostname.outputs.value }}
	outputDir: "scans"
	outputFile: "nmapvuln.json"
	withVulnerabilities: true
	raw: false

	- name: Nuclei scan
	if: ${{ matrix.sites.tools.nuclei }}
	continue-on-error: true
	timeout-minutes: 10
	uses: "SocialGouv/dashlord-nuclei-action@master"
	with:
	url: ${{ matrix.sites.url }}
	output: "scans/nuclei.log"

	- name: Updown.io checks
	if: ${{ matrix.sites.tools.updownio }}
	continue-on-error: true
	timeout-minutes: 10
	uses: "MTES-MCT/updownio-action@main"
	with:
	apiKey: ${{ secrets.UPDOWNIO_API_KEY }}
	url: ${{ matrix.sites.url }}
	output: scans/updownio.json

	- name: Betagouv API scan
	if: ${{ matrix.sites.tools.betagouv }}
	continue-on-error: true
	timeout-minutes: 10
	id: betagouv
	uses: betagouv/dashlord-startup-action@main
	with:
	id: "${{ matrix.sites.betaId }}"
	output: "scans/betagouv.json"

	- name: Stats page
	continue-on-error: true
	timeout-minutes: 10
	uses: "SocialGouv/dashlord-actions/check-url@v1"
	if: ${{ matrix.sites.tools.stats }}
	with:
	url: ${{ steps.betagouv.outputs.stats_url }}
	output: scans/stats.json

	- name: Budget page
	continue-on-error: true
	timeout-minutes: 10
	uses: "SocialGouv/dashlord-actions/check-url@v1"
	if: ${{ matrix.sites.tools.budget_page }}
	with:
	url: ${{ steps.betagouv.outputs.budget_url }}
	output: scans/budget_page.json

	- name: Open Github repository
	continue-on-error: true
	timeout-minutes: 10
	uses: "SocialGouv/dashlord-actions/check-url@v1"
	if: ${{ matrix.sites.tools.betagouv }}
	with:
	url: ${{ steps.betagouv.outputs.github_repository }}
	output: scans/github_repository.json

	- name: Dependabot vulnerabilities alerts
	continue-on-error: true
	timeout-minutes: 10
	if: ${{ matrix.sites.tools.dependabot && matrix.sites.repositories }}
	uses: "MTES-MCT/dependabotalerts-action@main"
	with:
	token: ${{ secrets.DEPENDABOTALERTS_TOKEN }}
	repositories: ${{ join(matrix.sites.repositories) }}
	output: scans/dependabotalerts.json

	- name: Code quality alerts
	if: ${{ matrix.sites.tools.codescan && matrix.sites.repositories }}
	continue-on-error: true
	timeout-minutes: 10
	uses: "MTES-MCT/codescanalerts-action@main"
	with:
	token: ${{ secrets.CODESCANALERTS_TOKEN }}
	repositories: ${{ join(matrix.sites.repositories) }}
	output: scans/codescanalerts.json

	- uses: SocialGouv/dashlord-actions/save@v1
	with:
	url: ${{ matrix.sites.url }}
	# only clean up previous stats when all tools runned
	cleanup: ${{ github.event.inputs.tool == 'all' && true \|\| false }}

	- uses: EndBug/add-and-commit@v9
	with:
	add: "results"
	author_name: "DashlordBetaGouvBot"
	author_email: "DashlordBetaGouvBot@incubateur.net"
	message: "update: ${{ matrix.sites.url }}"
	pull: "--rebase --autostash"

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

DashLord scans #893

Workflow file

DashLord scans #893

Jobs

Run details

Workflow file for this run