upgraded action to use skds multi scan run

Author: justary27

.github/workflows/test.yaml

@@ -12,19 +12,11 @@ on:
       asset_id:
         description: 'Asset ID to scan (defaults to secret DEFAULT_ASSET_ID if not provided)'
         required: false
-      scan_type:
-        description: 'Type of scan'
+      scan_types:
+        description: 'Type(s) of scan to run (comma-separated for multiple scans, e.g., "quick_scan,safety_scan")'
         required: true
-        default: 'quick_scan'
-        type: choice
-        options:
-          - quick_scan
-          - safety_scan
-          - owasp
-          - mitre
-          - nist
-          - whistleblower
-          - fingerprint
+        default: 'quick_scan,owasp'
+        type: string
 
 jobs:
   test-action:
@@ -37,7 +29,7 @@ jobs:
         uses: ./
         with:
           asset_id: ${{ github.event.inputs.asset_id || secrets.DEFAULT_ASSET_ID }}
-          scan_type: ${{ github.event.inputs.scan_type || 'quick_scan' }}
+          scan_types: ${{ github.event.inputs.scan_types || 'quick_scan,owasp' }}
         env:
           ARTEMIS_CLIENT_ID: ${{ secrets.ARTEMIS_CLIENT_ID }}
           ARTEMIS_CLIENT_SECRET: ${{ secrets.ARTEMIS_CLIENT_SECRET }}

README.md

@@ -18,19 +18,11 @@ on:
       asset_id:
         description: 'Asset ID to scan (defaults to secret DEFAULT_ASSET_ID if not provided)'
         required: false
-      scan_type:
-        description: 'Type of scan'
+      scan_types:
+        description: 'Type(s) of scan to run (comma-separated for multiple scans)'
         required: true
         default: 'quick_scan'
-        type: choice
-        options:
-          - quick_scan
-          - safety_scan
-          - owasp
-          - mitre
-          - nist
-          - whistleblower
-          - fingerprint
+        type: string
 
 jobs:
   security-scan:
@@ -43,7 +35,7 @@ jobs:
         uses: repello-ai/artemis-gh-action@v1
         with:
           asset_id: ${{ github.event.inputs.asset_id || secrets.DEFAULT_ASSET_ID }}
-          scan_type: ${{ github.event.inputs.scan_type || 'quick_scan' }}
+          scan_types: ${{ github.event.inputs.scan_types || 'quick_scan' }}
         env:
           ARTEMIS_CLIENT_ID: ${{ secrets.ARTEMIS_CLIENT_ID }}
           ARTEMIS_CLIENT_SECRET: ${{ secrets.ARTEMIS_CLIENT_SECRET }}
@@ -54,19 +46,51 @@ jobs:
 | Input | Description | Required | Default |
 |-------|-------------|----------|---------|
 | `asset_id` | The ID of the asset to scan | No* | Uses `DEFAULT_ASSET_ID` secret |
-| `scan_type` | Type of scan to run | Yes | `quick_scan` |
+| `scan_types` | Type(s) of scan to run (comma-separated for multiple scans) | Yes | `quick_scan` |
 
 \* While the `asset_id` parameter is optional in the workflow, you must either provide it as an input or set up the `DEFAULT_ASSET_ID` secret.
 
+### Examples
+
+Run a single scan:
+```yaml
+- name: Run Quick Scan
+  uses: repello-ai/artemis-gh-action@v1
+  with:
+    asset_id: "6abec05b-0245-4d38-9a2a-df8045cba142"
+    scan_types: "quick_scan"
+```
+
+Run multiple scans:
+```yaml
+- name: Run Multiple Scans
+  uses: repello-ai/artemis-gh-action@v1
+  with:
+    asset_id: "6abec05b-0245-4d38-9a2a-df8045cba142"
+    scan_types: "quick_scan,safety_scan,mitre"
+```
+
 ### Supported Scan Types
 
-- `quick_scan`: Basic scan for common issues
-- `safety_scan`: Focused on safety concerns
-- `owasp`: Scan based on OWASP guidelines
-- `mitre`: Scan based on MITRE ATT&CK framework
-- `nist`: Scan based on NIST standards
-- `whistleblower`: Dedicated whistleblower vulnerability scan
-- `fingerprint`: Digital fingerprinting scan
+You can use any of the following scan types, individually or in combination (comma-separated):
+
+| Scan Type | Description |
+|-----------|-------------|
+| `quick_scan` | Basic scan for common issues (fastest scan) |
+| `safety_scan` | Comprehensive scan focused on safety concerns |
+| `owasp` | Scan based on OWASP Top 10 guidelines |
+| `mitre` | Scan based on MITRE ATT&CK framework |
+| `nist` | Scan based on NIST standards and compliance |
+| `whistleblower` | Dedicated whistleblower vulnerability scan |
+| `fingerprint` | Model fingerprinting scan |
+
+### Example Combinations
+
+Some commonly used combinations include:
+- `quick_scan,safety_scan`: For a balance of speed and comprehensive safety checking
+- `owasp,mitre`: For a thorough security assessment against industry standards
+- `quick_scan,fingerprint`: For identifying assets and performing basic security checks
+- `safety_scan,nist,whistleblower`: For organizations requiring compliance and protection
 
 ## Environment Variables and Secrets
 
@@ -87,7 +111,7 @@ To contribute to this action:
 1. Clone the repository
 2. Install dependencies: `pip install -r requirements.txt`
 3. Make your changes to `main.py`
-4. Test locally by running: `python main.py <asset_id> <scan_type>`
+4. Test locally by running: `python main.py <asset_id> <scan_type[,scan_type,...]>`
 5. Test in GitHub Actions by using the workflow_dispatch trigger
 
 ## License

action.yaml

@@ -9,8 +9,8 @@ inputs:
   asset_id:
     description: 'The ID of the asset to scan'
     required: true
-  scan_type:
-    description: 'Type of scan to run (quick_scan, safety_scan, owasp, mitre, nist, whistleblower, fingerprint)'
+  scan_types:
+    description: 'Type(s) of scan to run. Use individual values (quick_scan, safety_scan, owasp, mitre, nist, whistleblower, fingerprint) or any comma-separated combination.'
     required: true
     default: 'quick_scan'
 
@@ -19,4 +19,4 @@ runs:
   image: 'Dockerfile'
   args:
     - ${{ inputs.asset_id }}
-    - ${{ inputs.scan_type }}
+    - ${{ inputs.scan_types }}

main.py

@@ -8,11 +8,11 @@ def main():
     # Get arguments passed from entrypoint.sh
     if len(sys.argv) < 3:
         print("Error: Missing required arguments")
-        print("Usage: python main.py <asset_id> <scan_type>")
+        print("Usage: python main.py <asset_id> <scan_type[,scan_type,...]>")
         sys.exit(1)
 
     asset_id = sys.argv[1]
-    scan_type_str = sys.argv[2]
+    scan_types_str = sys.argv[2]
 
     # Get credentials from environment
     client_id = os.environ.get('ARTEMIS_CLIENT_ID')
@@ -33,11 +33,19 @@ def main():
         'fingerprint': ScanType.fingerprint,
     }
 
-    if scan_type_str not in scan_type_map:
-        print(f"Error: Invalid scan type '{scan_type_str}'. Must be one of: {', '.join(scan_type_map.keys())}")
-        sys.exit(1)
+    # Split the scan types by comma
+    scan_types_list = [st.strip() for st in scan_types_str.split(',')]
+    scan_types = []
+    
+    # Validate each scan type
+    for scan_type_str in scan_types_list:
+        if scan_type_str not in scan_type_map:
+            print(f"Error: Invalid scan type '{scan_type_str}'. Must be one of: {', '.join(scan_type_map.keys())}")
+            sys.exit(1)
+        scan_types.append(scan_type_map[scan_type_str])
 
-    scan_type = scan_type_map[scan_type_str]
+    # If only one scan type is provided, use it directly instead of a list
+    scan_type_param = scan_types[0] if len(scan_types) == 1 else scan_types
 
     # Initialize client
     client = RepelloArtemisClient(
@@ -47,9 +55,9 @@ def main():
     )
 
     # Trigger scan
-    print(f"::group::Triggering {scan_type_str} for asset {asset_id}")
+    print(f"::group::Triggering scan(s) {scan_types_str} for asset {asset_id}")
     try:
-        scan_result = client.assets.trigger_scan(asset_id, scan_type)
+        scan_result = client.assets.trigger_scan(asset_id, scan_type_param)
         print("::endgroup::")
 
     except Exception as e:

requirements.txt

@@ -1 +1 @@
-repello-artemis-sdk>=1.0.1
+repello-artemis-sdk==1.0.2