Skip to content

Commit 6be995c

Browse files
swmalswmal
authored
Update vulnerability-scan.yml
1 parent 98ebc90 commit 6be995c

1 file changed

Lines changed: 43 additions & 2 deletions

File tree

.github/workflows/vulnerability-scan.yml

Lines changed: 43 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -28,6 +28,33 @@ jobs:
2828
echo "SBOM index fetched:"
2929
cat all.json
3030
31+
- name: Get grype version
32+
id: grype_version
33+
run: |
34+
GRYPE_VERSION=$(grype version -o json | jq -r '.version')
35+
echo "GRYPE_VERSION=$GRYPE_VERSION" >> $GITHUB_ENV
36+
echo "Grype version: $GRYPE_VERSION"
37+
38+
- name: Start scan
39+
id: start_scan
40+
run: |
41+
SCAN_GUID=$(uuidgen)
42+
echo "SCAN_GUID=$SCAN_GUID" >> $GITHUB_ENV
43+
44+
response=$(curl -s -o start_response.json -w "%{http_code}" \
45+
-X POST "https://epplussoftware.com/api/security/vulnerability/scan/start?scanId=${SCAN_GUID}&grypeVersion=${GRYPE_VERSION}" \
46+
-H "X-Api-Key: ${{ secrets.EPPLUS_VULNERABILITY_API_KEY }}")
47+
48+
if [ "$response" != "200" ]; then
49+
echo "ERROR: Failed to start scan with HTTP $response"
50+
cat start_response.json
51+
exit 1
52+
fi
53+
54+
SCAN_DB_ID=$(jq -r '.scanDbId' start_response.json)
55+
echo "SCAN_DB_ID=$SCAN_DB_ID" >> $GITHUB_ENV
56+
echo "Scan started: GUID=$SCAN_GUID, DB ID=$SCAN_DB_ID"
57+
3158
- name: Scan each SBOM
3259
shell: bash
3360
run: |
@@ -135,7 +162,7 @@ jobs:
135162
136163
echo "--- Indexing EPPlus $version / $tfm ---"
137164
response=$(curl -s -o response.json -w "%{http_code}" \
138-
-X POST "https://epplussoftware.com/api/security/vulnerability/index/${version}?tfm=${tfm}" \
165+
-X POST "https://epplussoftware.com/api/security/vulnerability/index/${version}?tfm=${tfm}&scanId=${SCAN_DB_ID}" \
139166
-H "X-Api-Key: ${{ secrets.EPPLUS_VULNERABILITY_API_KEY }}" \
140167
-H "Content-Type: application/json" \
141168
-d @"./reports/${version}/${tfm}/report.json")
@@ -152,7 +179,7 @@ jobs:
152179
else
153180
echo "--- Indexing EPPlus $version (combined) ---"
154181
response=$(curl -s -o response.json -w "%{http_code}" \
155-
-X POST "https://epplussoftware.com/api/security/vulnerability/index/${version}" \
182+
-X POST "https://epplussoftware.com/api/security/vulnerability/index/${version}?scanId=${SCAN_DB_ID}" \
156183
-H "X-Api-Key: ${{ secrets.EPPLUS_VULNERABILITY_API_KEY }}" \
157184
-H "Content-Type: application/json" \
158185
-d @"./reports/${version}/report.json")
@@ -167,3 +194,17 @@ jobs:
167194
cat response.json
168195
fi
169196
done
197+
198+
- name: Complete scan (success)
199+
if: success()
200+
run: |
201+
curl -s -X POST "https://epplussoftware.com/api/security/vulnerability/scan/complete?scanId=${SCAN_GUID}&status=completed" \
202+
-H "X-Api-Key: ${{ secrets.EPPLUS_VULNERABILITY_API_KEY }}"
203+
echo "Scan marked as completed"
204+
205+
- name: Complete scan (failure)
206+
if: failure() && env.SCAN_GUID != ''
207+
run: |
208+
curl -s -X POST "https://epplussoftware.com/api/security/vulnerability/scan/complete?scanId=${SCAN_GUID}&status=failed" \
209+
-H "X-Api-Key: ${{ secrets.EPPLUS_VULNERABILITY_API_KEY }}"
210+
echo "Scan marked as failed"

0 commit comments

Comments
 (0)