diff --git a/Dockerfile b/Dockerfile index d1fe421..0106a8e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -8,10 +8,11 @@ RUN CGO_ENABLED=0 go build -ldflags="-s -w" -trimpath -o build/goscan FROM alpine:3.20 -RUN apk --no-cache update && apk --no-cache upgrade +RUN apk --no-cache update && apk --no-cache upgrade && apk --no-cache add curl COPY --from=builder /app/build/goscan /goscan +COPY ./entrypoint.sh /entrypoint.sh -RUN chmod +x /goscan +RUN chmod +x /goscan && chmod +x /entrypoint.sh -ENTRYPOINT ["/goscan"] \ No newline at end of file +ENTRYPOINT ["/entrypoint.sh"] \ No newline at end of file diff --git a/action.yml b/action.yml new file mode 100644 index 0000000..f106dcb --- /dev/null +++ b/action.yml @@ -0,0 +1,5 @@ +name: 'GoSec Scanning' +description: 'Scan codebase with gosec' +runs: + using: 'docker' + image: 'docker://git.shadowhosting.xyz/actions/goscan:latest' \ No newline at end of file diff --git a/build.sh b/build.sh new file mode 100644 index 0000000..100ad2d --- /dev/null +++ b/build.sh @@ -0,0 +1,3 @@ +#!/bin/sh + +docker buildx build --platform=linux/amd64,linux/arm64/v8 --push -t git.shadowhosting.xyz/actions/goscan . \ No newline at end of file diff --git a/cmd/root.go b/cmd/root.go index e7c3cd7..9baadc5 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -10,6 +10,7 @@ import ( "github.com/kr/pretty" "github.com/nao1215/markdown" "github.com/owenrumney/go-sarif/sarif" + "github.com/sethvargo/go-githubactions" "log" "os" "strconv" @@ -27,6 +28,8 @@ var rootCmd = &cobra.Command{ Short: "A brief description of your application", Run: func(cmd *cobra.Command, args []string) { + action := githubactions.New() + cwd, err := os.Getwd() if err != nil { log.Fatalln(err) @@ -56,11 +59,6 @@ var rootCmd = &cobra.Command{ run := report.Runs[0] - outputFile, err := os.Create("output.md") - if err != nil { - log.Fatal(err) - } - var rows [][]string sevCountMap := map[string]int{ "high": 0, @@ -127,7 +125,8 @@ var rootCmd = &cobra.Command{ } - markdownHandler := markdown.NewMarkdown(outputFile) + var markdownOutput strings.Builder + markdownHandler := markdown.NewMarkdown(&markdownOutput) markdownHandler.H1("GoSec Results:") markdownHandler.PlainText("
") @@ -165,6 +164,8 @@ var rootCmd = &cobra.Command{ log.Fatalln(err) } + action.AddStepSummary(markdownOutput.String()) + }, } diff --git a/entrypoint.sh b/entrypoint.sh new file mode 100644 index 0000000..b3a54df --- /dev/null +++ b/entrypoint.sh @@ -0,0 +1,5 @@ +#!/bin/sh + +curl -sfL https://raw.githubusercontent.com/securego/gosec/master/install.sh | sh -s -- -b /usr/local/bin +gosec -no-fail -fmt sarif -out output.sarif ./... +/goscan \ No newline at end of file diff --git a/go.mod b/go.mod index 36e1fe5..1ae7da3 100644 --- a/go.mod +++ b/go.mod @@ -38,6 +38,7 @@ require ( github.com/sagikazarmark/locafero v0.4.0 // indirect github.com/sagikazarmark/slog-shim v0.1.0 // indirect github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 // indirect + github.com/sethvargo/go-githubactions v1.3.0 // indirect github.com/skeema/knownhosts v1.2.2 // indirect github.com/sourcegraph/conc v0.3.0 // indirect github.com/spf13/afero v1.11.0 // indirect diff --git a/go.sum b/go.sum index e9ac4fc..0733f3c 100644 --- a/go.sum +++ b/go.sum @@ -80,6 +80,8 @@ github.com/sagikazarmark/slog-shim v0.1.0 h1:diDBnUNK9N/354PgrxMywXnAwEr1QZcOr6g github.com/sagikazarmark/slog-shim v0.1.0/go.mod h1:SrcSrq8aKtyuqEI1uvTDTK1arOWRIczQRv+GVI1AkeQ= github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 h1:n661drycOFuPLCN3Uc8sB6B/s6Z4t2xvBgU1htSHuq8= github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3/go.mod h1:A0bzQcvG0E7Rwjx0REVgAGH58e96+X0MeOfepqsbeW4= +github.com/sethvargo/go-githubactions v1.3.0 h1:Kg633LIUV2IrJsqy2MfveiED/Ouo+H2P0itWS0eLh8A= +github.com/sethvargo/go-githubactions v1.3.0/go.mod h1:7/4WeHgYfSz9U5vwuToCK9KPnELVHAhGtRwLREOQV80= github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= github.com/skeema/knownhosts v1.2.2 h1:Iug2P4fLmDw9f41PB6thxUkNUkJzB5i+1/exaj40L3A= github.com/skeema/knownhosts v1.2.2/go.mod h1:xYbVRSPxqBZFrdmDyMmsOs+uX1UZC3nTN3ThzgDxUwo=