Update

.github/scripts/prep.sh

@@ -0,0 +1,21 @@
+## ENVIRONMENT ##
+
+#!/bin/bash
+
+# Error tracking and logging function
+log_error() {
+    echo "Error: $1" >&2
+}
+
+# INSTALL JQ
+mkdir -p $HOME/bin
+curl -L https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64 -o $HOME/bin/jq
+if [ $? -ne 0 ]; then
+    log_error "Failed to install jq"
+    exit 1
+fi
+chmod +x $HOME/bin/jq
+if [ $? -ne 0 ]; then
+    log_error "Failed to set executable permission for jq"
+    exit 1
+fi

.github/workflows/aws.yml

@@ -0,0 +1,69 @@
+name: Amazon Web Services
+
+on:
+  schedule:
+    # Run at 00:00 on the first day of every month
+    - cron: "0 0 1 * *"
+
+jobs:
+  run-script:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v2
+
+      - name: Set up Python
+        uses: actions/setup-python@v2
+        with:
+          python-version: "3.x"
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          # If you have a requirements.txt, uncomment the line below
+          # pip install -r requirements.txt
+
+      - name: Configure AWS credentials for commercial
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          aws-access-key-id: ${{ secrets.DEVOPS_PRIVSEC_AUTOMATION_AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.DEVOPS_PRIVSEC_AUTOMATION_AWS_SECRET_ACCESS_KEY }}
+          aws-region: us-east-1
+
+      - name: Configure AWS credentials for federal
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          aws-access-key-id: ${{ secrets.DEVOPS_DOOP_AUTOMATION_AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.DEVOPS_DOOP_AUTOMATION_AWS_SECRET_ACCESS_KEY }}
+          aws-region: us-east-1
+
+      - id: install-aws-cli
+        uses: unfor19/install-aws-cli-action@v1
+        with:
+          version: 2 # default
+          verbose: false # default
+          arch: amd64 # allowed values: amd64, arm64
+          rootdir: "" # defaults to "PWD"
+          workdir: "" # defaults to "PWD/unfor19-awscli"
+
+      - name: Prepare Environment
+        id: prep
+        run: /bin/bash scripts/prep.sh
+        continue-on-error: false
+
+      - name: Get current date
+        id: date
+        run: echo "::set-output name=date::$(date +'%Y-%m-%d-%H-%M')
+
+      - uses: github-actions-x/[email protected]
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          push-branch: "main"
+          force-add: "true"
+
+      - name: Commit & Push changes
+        uses: actions-js/push@master
+        with:
+          force: true
+          github_token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/okta.yml

@@ -0,0 +1,46 @@
+name: Run Okta Scripts
+
+on:
+  push:
+    branches:
+      - main
+  schedule:
+    - cron: "0 0 * * *" # Runs daily at midnight
+  workflow_dispatch: # Allows manual triggering of the workflow
+
+jobs:
+  run-okta-scripts:
+    runs-on: ubuntu-latest
+
+    env:
+      OKTA_DOMAIN: ${{ secrets.OKTA_DOMAIN }}
+      OKTA_API_TOKEN: ${{ secrets.OKTA_API_TOKEN }}
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - name: Set up Python
+        uses: actions/setup-python@v3
+        with:
+          python-version: "3.x"
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install requests jq
+
+      - name: Run check-authentication-settings
+        run: python src/evidence-collection/okta/check_authentication_settings.py
+
+      - name: Run check-deactivated-users
+        run: python src/evidence-collection/okta/check_deactivated_users.py
+
+      - name: Run check-mfa-enrollments
+        run: python src/evidence-collection/okta/check_mfa_enrollments.py
+
+      - name: Run check-password-policies
+        run: python src/evidence-collection/okta/check_password_policies.py
+
+      - name: Run check-users-and-groups
+        run: python src/evidence-collection/okta/check_users_and_groups.py

.github/workflows/tenable.yml

@@ -0,0 +1,29 @@
+name: Tenable
+
+on:
+  schedule:
+    # Runs at 00:00 every Monday
+    - cron: "0 0 * * 1"
+
+jobs:
+  fetch_and_save_scans:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Set up Python 3.8
+        uses: actions/setup-python@v3
+        with:
+          python-version: 3.8
+
+      - name: Install dependencies
+        run: |
+          pip install pytenable
+
+      - name: Run Tenable Scan Script
+        env:
+          PRIVSEC_TENABLE_ACCESS_KEY: ${{ secrets.PRIVSEC_TENABLE_ACCESS_KEY }}
+          PRIVSEC_TENABLE_SECRET_KEY: ${{ secrets.PRIVSEC_TENABLE_SECRET_KEY }}
+        run: python src/tools/tenable/tenable-results.py