Audit Check
| Project Name | Stars | Downloads | Repos Using This | Packages Using This | Most Recent Commit | Total Releases | Latest Release | Open Issues | License | Language |
|---|---|---|---|---|---|---|---|---|---|---|
| Laravel | 73,649 |  | 1,106 | 1,206 | 20 hours ago | 152 | July 19, 2022 | 31 | PHP | |
| Laravel is a web application framework with expressive, elegant syntax. We’ve already laid the foundation for your next big idea — freeing you to create without sweating the small things. | ||||||||||
| Payloadsallthethings | 48,106 | 6 days ago | 17 | mit | Python | |||||
| A list of useful payloads and bypass for Web Application Security and Pentest/CTF | ||||||||||
| Framework | 29,611 |  | 116,342 | 10,768 | 7 hours ago | 840 | September 22, 2022 | 15 | mit | PHP |
| The Laravel Framework. | ||||||||||
| Trivy | 17,615 | 25 | 9 hours ago | 176 | September 16, 2022 | 180 | apache-2.0 | Go | ||
| Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more | ||||||||||
| Authelia | 16,521 | 1 | 8 hours ago | 34 | September 19, 2022 | 98 | apache-2.0 | Go | ||
| The Single Sign-On Multi-Factor portal for web apps | ||||||||||
| Flarum | 13,991 | 1 | 16 days ago | 19 | July 13, 2022 | mit | PHP | |||
| Simple forum software for building great communities. | ||||||||||
| Hacker101 | 12,940 | a month ago | 28 | other | SCSS | |||||
| Source code for Hacker101.com - a free online web and mobile security class. | ||||||||||
| Nats Server | 12,876 | 1,090 | 7 hours ago | 417 | September 22, 2022 | 275 | apache-2.0 | Go | ||
| High-Performance server for NATS.io, the cloud and edge native messaging system. | ||||||||||
| Pytest | 10,263 |  | 65,292 | 18,299 | 12 hours ago | 155 | April 23, 2022 | 862 | mit | Python |
| The pytest framework makes it easy to write small tests, yet scales to support complex functional testing | ||||||||||
| Vuls | 9,996 | 6 days ago | 142 | September 02, 2022 | 77 | gpl-3.0 | Go | |||
| Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices | ||||||||||
Rust audit-check Action
Security vulnerabilities audit
This GitHub Action is using cargo-audit to perform an audit for crates with security vulnerabilities.
Usage
Audit changes
We can utilize the GitHub Actions ability to execute workflow only if the specific files were changed and execute this Action to check the changed dependencies:
name: Security audit
on:
push:
paths:
- '**/Cargo.toml'
- '**/Cargo.lock'
jobs:
security_audit:
runs-on: ubuntu-latest
steps:
- uses: actions/[email protected]
- uses: actions-rs/[email protected]
with:
token: ${{ secrets.GITHUB_TOKEN }}
It is recommended to add the paths: section into the workflow file,
as it would effectively speed up the CI pipeline, since the audit process
will not be performed if no dependencies were changed.
In case of any security advisories found, status check
created by this Action will be marked as "failed".
Note that informational advisories are not affecting the check status.
Limitations
Due to token permissions,
this Action WILL NOT be able to create Checks for Pull Requests from the forked repositories,
see actions-rs/clippy-check#2 for details.
As a fallback this Action will output all found advisories to the stdout.
It is expected that this behavior will be fixed later by GitHub.
Scheduled audit
Another option is to use schedule event
and execute this Action periodically against the HEAD of repository default branch.
name: Security audit
on:
schedule:
- cron: '0 0 * * *'
jobs:
audit:
runs-on: ubuntu-latest
steps:
- uses: actions/[email protected]
- uses: actions-rs/[email protected]
with:
token: ${{ secrets.GITHUB_TOKEN }}
With this example Action will be executed periodically at midnight of each day
and check if there any new advisories appear for crate dependencies.
For each new advisory (including informal) an issue will be created:
Inputs
| Name | Required | Description | Type | Default |
|---|---|---|---|---|
token |
✓ |
GitHub token, usually a ${{ secrets.GITHUB_TOKEN }}
|
string |
