Skip to content

Vulnerability Scan

Vulnerability Scan #82

name: Vulnerability Scan
on:
schedule:
- cron: '5 4 * * *'
workflow_dispatch:
jobs:
scan:
name: Vulnerability Scan
runs-on: ubuntu-latest
steps:
- name: Checkout Repository
uses: actions/checkout@v4
- name: Setup project
uses: ./.github/actions/setup
with:
npm_fontawesome_auth_token: ${{ secrets.NPM_FONTAWESOME_AUTH_TOKEN }}
packagist_github_token: ${{ secrets.PACKAGIST_GITHUB_TOKEN }}
- name: Install development packages and build assets
run: composer install:development
- name: Install WordPress
uses: ./.github/actions/install-wordpress
- name: Run vulnerability scan
run: ./vendor/bin/wp vuln status --nagios
- name: Show vulnerabilties
if: failure()
run: ./vendor/bin/wp vuln status
- name: Microsoft Teams Notification
uses: skitionek/notify-microsoft-teams@master
if: failure()
with:
webhook_url: ${{ secrets.MICROSOFT_TEAMS_FAUCET_WEBHOOK }}
raw: >-
{
"@type": "MessageCard",
"@context": "http://schema.org/extensions",
"themeColor": "0076D7",
"summary": "Vulnerability scan failed: ${{ github.event.repository.name }}",
"sections": [{
"activityTitle": "Vulnerability scan failed: ${{ github.event.repository.name }}",
"activitySubtitle": "Potential vulnerable plugin version detected by Wordfence on ${{ github.event.repository.name }} site",
"facts": [],
"markdown": true
}],
"potentialAction": [{
"@type": "OpenUri",
"name": "Repository",
"targets": [{
"os": "default",
"uri": "${{ github.server_url }}/${{ github.repository }}"
}]
}, {
"@type": "OpenUri",
"name": "Job details",
"targets": [{
"os": "default",
"uri": "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
}]
}]
}