Update vuln-list repo #8251
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Update vuln-list repo | |
| on: | |
| schedule: | |
| - cron: "0 */6 * * *" | |
| workflow_dispatch: | |
| jobs: | |
| update: | |
| name: Update repo vuln-list | |
| runs-on: ubuntu-2404-2core | |
| permissions: | |
| contents: read | |
| env: | |
| VULN_LIST_DIR: "vuln-list" | |
| steps: | |
| - name: Check out code | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| with: | |
| persist-credentials: false | |
| - name: Set up Go | |
| uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 | |
| with: | |
| go-version-file: go.mod | |
| - name: Check out vuln-list repo | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| with: | |
| repository: ${{ github.repository_owner }}/${{ env.VULN_LIST_DIR }} | |
| path: ${{ env.VULN_LIST_DIR }} | |
| persist-credentials: false # update-source action mints a fresh token per push | |
| - name: Setup github user email and name | |
| run: | | |
| git config --global user.email "action@github.com" | |
| git config --global user.name "GitHub Action" | |
| - name: Compile vuln-list-update | |
| run: go build -o vuln-list-update . | |
| - if: always() | |
| name: Alpine Issue Tracker | |
| uses: ./.github/actions/update-source | |
| with: | |
| target: alpine | |
| client-id: ${{ secrets.SA_GH_VULN_LIST_UPDATE_GH_APP_CLIENT_ID }} | |
| private-key: ${{ secrets.SA_GH_VULN_LIST_UPDATE_GH_APP_PRIVATE_KEY }} | |
| owner: ${{ github.repository_owner }} | |
| repository: ${{ env.VULN_LIST_DIR }} | |
| commit-message: "Alpine Issue Tracker" | |
| - if: always() | |
| name: Alpine Unfixed Vulnerability Tracker | |
| uses: ./.github/actions/update-source | |
| with: | |
| target: alpine-unfixed | |
| client-id: ${{ secrets.SA_GH_VULN_LIST_UPDATE_GH_APP_CLIENT_ID }} | |
| private-key: ${{ secrets.SA_GH_VULN_LIST_UPDATE_GH_APP_PRIVATE_KEY }} | |
| owner: ${{ github.repository_owner }} | |
| repository: ${{ env.VULN_LIST_DIR }} | |
| commit-message: "Alpine Secshfixes Tracker" | |
| - if: always() | |
| name: Ubuntu CVE Tracker | |
| uses: ./.github/actions/update-source | |
| with: | |
| target: ubuntu | |
| client-id: ${{ secrets.SA_GH_VULN_LIST_UPDATE_GH_APP_CLIENT_ID }} | |
| private-key: ${{ secrets.SA_GH_VULN_LIST_UPDATE_GH_APP_PRIVATE_KEY }} | |
| owner: ${{ github.repository_owner }} | |
| repository: ${{ env.VULN_LIST_DIR }} | |
| commit-message: "Ubuntu CVE Tracker" | |
| - if: always() | |
| name: Amazon Linux AMI Security Advisory | |
| uses: ./.github/actions/update-source | |
| with: | |
| target: amazon | |
| client-id: ${{ secrets.SA_GH_VULN_LIST_UPDATE_GH_APP_CLIENT_ID }} | |
| private-key: ${{ secrets.SA_GH_VULN_LIST_UPDATE_GH_APP_PRIVATE_KEY }} | |
| owner: ${{ github.repository_owner }} | |
| repository: ${{ env.VULN_LIST_DIR }} | |
| commit-message: "Amazon Linux Security Center" | |
| - if: always() | |
| name: Oracle Linux OVAL | |
| uses: ./.github/actions/update-source | |
| with: | |
| target: oracle-oval | |
| client-id: ${{ secrets.SA_GH_VULN_LIST_UPDATE_GH_APP_CLIENT_ID }} | |
| private-key: ${{ secrets.SA_GH_VULN_LIST_UPDATE_GH_APP_PRIVATE_KEY }} | |
| owner: ${{ github.repository_owner }} | |
| repository: ${{ env.VULN_LIST_DIR }} | |
| commit-message: "Oracle Linux OVAL" | |
| - if: always() | |
| name: Photon CVE Advisory | |
| uses: ./.github/actions/update-source | |
| with: | |
| target: photon | |
| client-id: ${{ secrets.SA_GH_VULN_LIST_UPDATE_GH_APP_CLIENT_ID }} | |
| private-key: ${{ secrets.SA_GH_VULN_LIST_UPDATE_GH_APP_PRIVATE_KEY }} | |
| owner: ${{ github.repository_owner }} | |
| repository: ${{ env.VULN_LIST_DIR }} | |
| commit-message: "Photon Security Advisories" | |
| - if: always() | |
| name: CWE | |
| uses: ./.github/actions/update-source | |
| with: | |
| target: cwe | |
| client-id: ${{ secrets.SA_GH_VULN_LIST_UPDATE_GH_APP_CLIENT_ID }} | |
| private-key: ${{ secrets.SA_GH_VULN_LIST_UPDATE_GH_APP_PRIVATE_KEY }} | |
| owner: ${{ github.repository_owner }} | |
| repository: ${{ env.VULN_LIST_DIR }} | |
| commit-message: "CWE" | |
| - if: always() | |
| name: SUSE CVRF | |
| uses: ./.github/actions/update-source | |
| with: | |
| target: suse-cvrf | |
| client-id: ${{ secrets.SA_GH_VULN_LIST_UPDATE_GH_APP_CLIENT_ID }} | |
| private-key: ${{ secrets.SA_GH_VULN_LIST_UPDATE_GH_APP_PRIVATE_KEY }} | |
| owner: ${{ github.repository_owner }} | |
| repository: ${{ env.VULN_LIST_DIR }} | |
| commit-message: "SUSE CVRF" | |
| - if: always() | |
| name: GitLab Advisory Database | |
| uses: ./.github/actions/update-source | |
| with: | |
| target: glad | |
| client-id: ${{ secrets.SA_GH_VULN_LIST_UPDATE_GH_APP_CLIENT_ID }} | |
| private-key: ${{ secrets.SA_GH_VULN_LIST_UPDATE_GH_APP_PRIVATE_KEY }} | |
| owner: ${{ github.repository_owner }} | |
| repository: ${{ env.VULN_LIST_DIR }} | |
| commit-message: "GitLab Advisory Database" | |
| - if: always() | |
| name: AlmaLinux Security Advisory | |
| uses: ./.github/actions/update-source | |
| with: | |
| target: alma | |
| client-id: ${{ secrets.SA_GH_VULN_LIST_UPDATE_GH_APP_CLIENT_ID }} | |
| private-key: ${{ secrets.SA_GH_VULN_LIST_UPDATE_GH_APP_PRIVATE_KEY }} | |
| owner: ${{ github.repository_owner }} | |
| repository: ${{ env.VULN_LIST_DIR }} | |
| commit-message: "AlmaLinux Security Advisory" | |
| - if: always() | |
| name: Rocky Linux Security Advisory | |
| uses: ./.github/actions/update-source | |
| with: | |
| target: rocky | |
| client-id: ${{ secrets.SA_GH_VULN_LIST_UPDATE_GH_APP_CLIENT_ID }} | |
| private-key: ${{ secrets.SA_GH_VULN_LIST_UPDATE_GH_APP_PRIVATE_KEY }} | |
| owner: ${{ github.repository_owner }} | |
| repository: ${{ env.VULN_LIST_DIR }} | |
| commit-message: "Rocky Linux Security Advisory" | |
| - if: always() | |
| name: Azure Linux and CBL-Mariner Vulnerability Data | |
| uses: ./.github/actions/update-source | |
| with: | |
| target: azure | |
| client-id: ${{ secrets.SA_GH_VULN_LIST_UPDATE_GH_APP_CLIENT_ID }} | |
| private-key: ${{ secrets.SA_GH_VULN_LIST_UPDATE_GH_APP_PRIVATE_KEY }} | |
| owner: ${{ github.repository_owner }} | |
| repository: ${{ env.VULN_LIST_DIR }} | |
| commit-message: "Azure Linux and CBL-Mariner Vulnerability Data" | |
| - if: always() | |
| name: OSV Database (osv.dev) | |
| uses: ./.github/actions/update-source | |
| with: | |
| target: osvdev | |
| client-id: ${{ secrets.SA_GH_VULN_LIST_UPDATE_GH_APP_CLIENT_ID }} | |
| private-key: ${{ secrets.SA_GH_VULN_LIST_UPDATE_GH_APP_PRIVATE_KEY }} | |
| owner: ${{ github.repository_owner }} | |
| repository: ${{ env.VULN_LIST_DIR }} | |
| commit-message: "OSV Database" | |
| - if: always() | |
| name: Wolfi Secdb | |
| uses: ./.github/actions/update-source | |
| with: | |
| target: wolfi | |
| client-id: ${{ secrets.SA_GH_VULN_LIST_UPDATE_GH_APP_CLIENT_ID }} | |
| private-key: ${{ secrets.SA_GH_VULN_LIST_UPDATE_GH_APP_PRIVATE_KEY }} | |
| owner: ${{ github.repository_owner }} | |
| repository: ${{ env.VULN_LIST_DIR }} | |
| commit-message: "Wolfi Security Data" | |
| - if: always() | |
| name: Chainguard Secdb | |
| uses: ./.github/actions/update-source | |
| with: | |
| target: chainguard | |
| client-id: ${{ secrets.SA_GH_VULN_LIST_UPDATE_GH_APP_CLIENT_ID }} | |
| private-key: ${{ secrets.SA_GH_VULN_LIST_UPDATE_GH_APP_PRIVATE_KEY }} | |
| owner: ${{ github.repository_owner }} | |
| repository: ${{ env.VULN_LIST_DIR }} | |
| commit-message: "Chainguard Security Data" | |
| - if: always() | |
| name: openEuler CVE | |
| uses: ./.github/actions/update-source | |
| with: | |
| target: openeuler | |
| client-id: ${{ secrets.SA_GH_VULN_LIST_UPDATE_GH_APP_CLIENT_ID }} | |
| private-key: ${{ secrets.SA_GH_VULN_LIST_UPDATE_GH_APP_PRIVATE_KEY }} | |
| owner: ${{ github.repository_owner }} | |
| repository: ${{ env.VULN_LIST_DIR }} | |
| commit-message: "openEuler CVE Data" | |
| - if: always() | |
| name: Echo CVEs | |
| uses: ./.github/actions/update-source | |
| with: | |
| target: echo | |
| client-id: ${{ secrets.SA_GH_VULN_LIST_UPDATE_GH_APP_CLIENT_ID }} | |
| private-key: ${{ secrets.SA_GH_VULN_LIST_UPDATE_GH_APP_PRIVATE_KEY }} | |
| owner: ${{ github.repository_owner }} | |
| repository: ${{ env.VULN_LIST_DIR }} | |
| commit-message: "Echo CVE Data" | |
| - if: always() | |
| name: MinimOS Secdb | |
| uses: ./.github/actions/update-source | |
| with: | |
| target: minimos | |
| client-id: ${{ secrets.SA_GH_VULN_LIST_UPDATE_GH_APP_CLIENT_ID }} | |
| private-key: ${{ secrets.SA_GH_VULN_LIST_UPDATE_GH_APP_PRIVATE_KEY }} | |
| owner: ${{ github.repository_owner }} | |
| repository: ${{ env.VULN_LIST_DIR }} | |
| commit-message: "MinimOS Security Data" | |
| - if: always() | |
| name: Seal Security | |
| uses: ./.github/actions/update-source | |
| with: | |
| target: seal | |
| client-id: ${{ secrets.SA_GH_VULN_LIST_UPDATE_GH_APP_CLIENT_ID }} | |
| private-key: ${{ secrets.SA_GH_VULN_LIST_UPDATE_GH_APP_PRIVATE_KEY }} | |
| owner: ${{ github.repository_owner }} | |
| repository: ${{ env.VULN_LIST_DIR }} | |
| commit-message: "Seal Security Data" | |
| - if: always() | |
| name: EOL dates | |
| uses: ./.github/actions/update-source | |
| with: | |
| target: eoldates | |
| client-id: ${{ secrets.SA_GH_VULN_LIST_UPDATE_GH_APP_CLIENT_ID }} | |
| private-key: ${{ secrets.SA_GH_VULN_LIST_UPDATE_GH_APP_PRIVATE_KEY }} | |
| owner: ${{ github.repository_owner }} | |
| repository: ${{ env.VULN_LIST_DIR }} | |
| commit-message: "EOL dates" | |
| - name: Microsoft Teams Notification | |
| uses: Skitionek/notify-microsoft-teams@e7a2493ac87dad8aa7a62f079f295e54ff511d88 | |
| if: failure() | |
| with: | |
| webhook_url: ${{ secrets.TRIVY_MSTEAMS_WEBHOOK }} | |
| needs: ${{ toJson(needs) }} | |
| job: ${{ toJson(job) }} | |
| steps: ${{ toJson(steps) }} |