DEV Community

Cover image for Customized Vulnerability Alerts delivered to your Slack Channel using GitHub Actions
Yash Mehta
Yash Mehta

Posted on

Customized Vulnerability Alerts delivered to your Slack Channel using GitHub Actions

With the increasing complexity of technology stack, managing endless threats and maintaining the security of your Infrastructure can be a significant challenge — and a time-consuming one. As a Developer and Security Engineer, I have to keep an eye on recent vulnerabilities related to technology stack so that vulnerabilities can be patched asap.

NVD provides us Multiple Feeds containing vulnerabilities according to CVE specification but those feeds aren't human-readable and it requires manual efforts to check whether the products we're using are affected. There are multiple solutions available in the market but those are mainly commercial or require configuring one or another infrastructure. So, I built a simple GitHub action that can be used easily and doesn't require any maintenance.

Why GitHub Actions?

GitHub Actions enables you to create custom software development life cycle (SDLC) workflows directly in your GitHub repository. GitHub Actions are complete free for open-source repositories and allow 3000 minutes per month free usage for Private Repositories. Also, GitHub WorkFlows can be triggered based on scheduled events.

What you'll need?

GitHub logo y-mehta / vulnalerts

Get new vulnerability alerts daily straight to your slack channel using GitHub Actions for Free.

VulnAlerts - Customized CVE Alerts straight to your Slack Channel

How to Use?

  • Create an Incoming Webhook on Slack
  • Goto Repository Settings -> Secrets -> Add a New Secret
  • Enter SLACK_WEBHOOK in the Secret Name and your slack webhook in the value.
  • Add CPEs of the products that you want to monitor for vulnerabilities in the cpe.txt file. NVD CPE Search
  • Create new workflow in .github/workflows/alerts.yml
name: VulnAlerts
on
  schedule
    - cron:  '15 * */1 * *'

jobs:
  alert:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@master
    - uses: y-mehta/vulnalerts@master
      env:
        SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
    - name: done
      run: echo 'done'
  • That's it. You'll receive daily alerts on the selected slack channel.

Note: No need to enter full CPE unless you want to monitor specific version. apple:icloud or atlassian:sourcetree will do the job.

  • Action Schedule can be changed in .github/workflows/alerts.yml if needed. Follow crontab format(@daily,@monthly etc. aren't supported by Github Actions)

How

…

Sample Alert:

image

How to Use?

Step 1:

  • Goto Repository Settings -> Secrets -> Add a New Secret
  • Enter SLACK_WEBHOOK in the Secret Name and your slack webhook in the value.

Step 2:

  • Add CPEs of the products that you want to monitor for vulnerabilities in the cpe.txt file. [Each CPE on new line]

Step 3:

  • Create new workflow in .github/workflows/alerts.yml
name: VulnAlerts

on: 
  schedule:
    - cron:  '15 * */1 * *'

jobs:
  alert:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@master
    - uses: y-mehta/vulnalerts@master
      env:
        SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
    - name: done
      run: echo 'done'
Enter fullscreen mode Exit fullscreen mode
  • That's it. You'll receive daily alerts on the selected slack channel.

I would love feedback from other people working on similar things.

Top comments (0)