feat: add telemetry option

cerberauth · Nov 9, 2024 · ffb96ca · ffb96ca
1 parent 66ea68b
commit ffb96ca
Show file tree

Hide file tree

Showing 7 changed files with 33 additions and 8 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -84,6 +84,7 @@ jobs:
           scans: jwt.*
           curl: |
             curl http://localhost:8080 -H "Authorization: Bearer ${{ steps.get-jwt.outputs.jwt }}"
+          telemetry: false
 
       # - name: Test OpenAPI Local Action
       #   uses: ./
@@ -92,6 +93,7 @@ jobs:
       #   with:
       #     scans: jwt.*
       #     openapi: ./__tests__/openapi.yaml
+      #     telemetry: false
 
       - name: Stop Server
         if: ${{ always() }}

diff --git a/README.md b/README.md
@@ -111,21 +111,27 @@ jobs:
 
 | Name              | Required | Description                                         | Default |
 | ----------------- | -------- | --------------------------------------------------- | ------- |
-| scans             | false    | The scans performed.                                | all     |
+| scans             | false    | The scans performed.                                | `all`   |
 | excludeScans      | false    | The scans to exclude.                               |         |
-| rateLimit         | false    | The rate limit used to run API vulnerability scans. | 10/s    |
+| rateLimit         | false    | The rate limit used to run API vulnerability scans. | `10/s`  |
 | proxy             | false    | The proxy server used during the scan.              |         |
-| severityThreshold | false    | The severity threshold to trigger a failure.        | 0       |
+| severityThreshold | false    | The severity threshold to trigger a failure.        | `0`     |
 
 ## Outputs
 
 Scan results are output to the console.
 
 ## Disclaimer
 
-This scanner is provided for educational and informational purposes only. It
-should not be used for malicious purposes or to attack any system without proper
-authorization. Always respect the security and privacy of others.
+This scanner is provided for informational purposes only. It should not be used
+for malicious purposes or to attack any system without proper authorization.
+Always respect the security and privacy of others.
+
+## Telemetry
+
+VulnAPI collects fully anonymized usage data to help improve the tool. This data
+is not shared with third parties. You can opt-out of telemetry by setting the
+`telemetry` option to `false`.
 
 ## License
 

diff --git a/action.yml b/action.yml
@@ -34,6 +34,13 @@ inputs:
     required: false
     default: 10/s
 
+  telemetry:
+    description:
+      'VulnAPI uses fully anonymized telemetry data to help improve the tool.
+      You can disable it by setting this to false.'
+    required: false
+    default: 'true'
+
   proxy:
     description: 'The proxy server used during the scan'
     required: false

diff --git a/badges/coverage.svg b/badges/coverage.svg
diff --git a/dist/index.js b/dist/index.js
diff --git a/dist/index.js.map b/dist/index.js.map
diff --git a/src/main.js b/src/main.js
@@ -27,6 +27,11 @@ function getCommonArgs() {
     commonArgs.push(`--rate-limit=${rateLimit}`)
   }
 
+  const telemetry = getInput('telemetry')
+  if (telemetry && (telemetry === 'false' || telemetry === '0')) {
+    commonArgs.push('--sqa-opt-out')
+  }
+
   const scans = getInput('scans')
   if (scans) {
     commonArgs.push(`--scans=${scans}`)