With the increasing complexity of technology stack, managing endless threats and maintaining the security of your Infrastructure can be a significant challenge — and a time-consuming one. As a Developer and Security Engineer, I have to keep an eye on recent vulnerabilities related to technology stack so that vulnerabilities can be patched asap.
NVD provides us Multiple Feeds containing vulnerabilities according to CVE specification but those feeds aren't human-readable and it requires manual efforts to check whether the products we're using are affected. There are multiple solutions available in the market but those are mainly commercial or require configuring one or another infrastructure. So, I built a simple GitHub action that can be used easily and doesn't require any maintenance.
Why GitHub Actions?
GitHub Actions enables you to create custom software development life cycle (SDLC) workflows directly in your GitHub repository. GitHub Actions are complete free for open-source repositories and allow 3000 minutes per month free usage for Private Repositories. Also, GitHub WorkFlows can be triggered based on scheduled events.
What you'll need?
- A Slack Incoming Webhook
- CPE ID of products that you want to monitor
- Public/Private GitHub Repository
y-mehta / vulnalerts
Get new vulnerability alerts daily straight to your slack channel using GitHub Actions for Free.
VulnAlerts - Customized CVE Alerts straight to your Slack Channel
How to Use?
- Create an Incoming Webhook on Slack
- Goto Repository Settings -> Secrets -> Add a New Secret
- Enter
SLACK_WEBHOOK
in the Secret Name and your slack webhook in the value. - Add CPEs of the products that you want to monitor for vulnerabilities in the cpe.txt file. NVD CPE Search
- Create new workflow in .github/workflows/alerts.yml
name: VulnAlerts
on
schedule
- cron: '15 * */1 * *'
jobs:
alert:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@master
- uses: y-mehta/vulnalerts@master
env:
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
- name: done
run: echo 'done'
- That's it. You'll receive daily alerts on the selected slack channel.
Note: No need to enter full CPE unless you want to monitor specific version. apple:icloud
or atlassian:sourcetree
will do the job.
- Action Schedule can be changed in
.github/workflows/alerts.yml
if needed. Follow crontab format(@daily,@monthly etc. aren't supported by Github Actions)
How
…Sample Alert:
How to Use?
Step 1:
- Goto Repository Settings -> Secrets -> Add a New Secret
- Enter
SLACK_WEBHOOK
in the Secret Name and your slack webhook in the value.
Step 2:
- Add CPEs of the products that you want to monitor for vulnerabilities in the cpe.txt file. [Each CPE on new line]
Step 3:
- Create new workflow in .github/workflows/alerts.yml
name: VulnAlerts
on:
schedule:
- cron: '15 * */1 * *'
jobs:
alert:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@master
- uses: y-mehta/vulnalerts@master
env:
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
- name: done
run: echo 'done'
- That's it. You'll receive daily alerts on the selected slack channel.
I would love feedback from other people working on similar things.
Top comments (0)