Skip to content

Commit

Permalink
initial commit
Browse files Browse the repository at this point in the history
  • Loading branch information
@revolunet
revolunet committed Jan 17, 2024
0 parents commit 73ff95b
Show file tree
Hide file tree
Showing 4,225 changed files with 4,019,771 additions and 0 deletions.
The diff you're trying to view is too large. We only load the first 3000 changed files.
49 changes: 49 additions & 0 deletions .github/workflows/report.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
name: DashLord report

on:
workflow_dispatch:
workflow_run:
workflows: ["DashLord scans"]
branches: [main]
types:
- completed

jobs:
website:
runs-on: ubuntu-latest
name: Website
steps:
- uses: actions/checkout@v2
with:
fetch-depth: 0

- uses: actions/cache@v2
with:
path: '**/node_modules'
key: ${{ runner.os }}-modules-${{ hashFiles('**/yarn.lock') }}

# build the report
- id: dashlord-report
uses: SocialGouv/dashlord-actions/report@v1

# to save the generated report.json as artifact
- uses: actions/upload-artifact@v2
with:
path: report.json
name: report
if-no-files-found: error

# save full report for history
- uses: EndBug/add-and-commit@v7
with:
add: '["report.json"]'
author_name: "DashlordBetaGouvBot "
author_email: "[email protected]"
message: "chore: report update"

# deploy build to gh-pages
- name: Deploy 🚀
uses: JamesIves/[email protected]
with:
branch: gh-pages
folder: build
290 changes: 290 additions & 0 deletions .github/workflows/scans.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,290 @@
name: DashLord scans

on:
workflow_dispatch:
inputs:
url:
description: "Single url to scan or scan all urls"
required: false
default: ""
tool:
description: "Single tool to run or use all tools"
type: choice
default: all
options:
- all
- codescan
- dependabot
- ecoindex
- lighthouse
- sonarcloud
- trivy
- zap
- ecoindex
- dsfr
schedule:
- cron: "0 0 * * 0" # At 00:00 on Sunday

jobs:
init:
runs-on: ubuntu-latest
name: Prepare
outputs:
sites: ${{ steps.init.outputs.sites }}
config: ${{ steps.init.outputs.config }}
steps:
- uses: actions/checkout@v2
- id: init
uses: "SocialGouv/dashlord-actions/init@v1"
with:
url: ${{ github.event.inputs.url }}
tool: ${{ github.event.inputs.tool }}
env:
UPDOWNIO_API_KEY: ${{ secrets.UPDOWNIO_API_KEY }}
scans:
runs-on: ubuntu-latest
name: Scan
needs: init
continue-on-error: true
strategy:
fail-fast: false
max-parallel: 3
matrix:
sites: ${{ fromJson(needs.init.outputs.sites) }}
steps:
- uses: actions/checkout@v2

- run: |
mkdir scans
- uses: actions/cache@v2
with:
path: "**/node_modules"
key: ${{ runner.os }}-modules-${{ hashFiles('**/yarn.lock') }}

- name: dsfr
continue-on-error: true
timeout-minutes: 10
uses: "socialgouv/dashlord-actions/dsfr@v1"
if: ${{ matrix.sites.tools.dsfr }}
with:
url: ${{ matrix.sites.url }}
output: scans/dsfr.json

- name: eco-index
continue-on-error: true
timeout-minutes: 10
uses: "socialgouv/dashlord-actions/ecoindex@v1"
if: ${{ matrix.sites.tools.ecoindex }}
with:
url: ${{ matrix.sites.url }}
output: scans/ecoindex.json

- name: Screenshot Website
if: ${{ matrix.sites.tools.screenshot }}
uses: swinton/[email protected]
continue-on-error: true
timeout-minutes: 10
with:
source: "${{ matrix.sites.url }}"
type: jpeg
destination: screenshot.jpeg
width: 1280
scaleFactor: 0.5

- name: Déclaration a11y
continue-on-error: true
timeout-minutes: 10
uses: "socialgouv/dashlord-actions/declaration-a11y@v1"
if: ${{ matrix.sites.tools['declaration-a11y'] }}
with:
url: ${{ matrix.sites.url }}
output: scans/declaration-a11y.json

- name: Wappalyzer scan
if: ${{ matrix.sites.tools.wappalyzer }}
uses: "socialgouv/wappalyzer-action@master"
continue-on-error: true
timeout-minutes: 10
with:
url: "${{ matrix.sites.url }}"
output: scans/wappalyzer.json

- name: ZAP Scan
if: ${{ matrix.sites.tools.zap }}
uses: zaproxy/[email protected]
continue-on-error: true
timeout-minutes: 10
with:
token: "" # disable issue creation
rules_file_name: "zap-rules.tsv"
docker_name: "owasp/zap2docker-stable"
target: "${{ matrix.sites.url }}"
cmd_options: "-a"

- name: Lighthouse scan
if: ${{ matrix.sites.tools.lighthouse }}
continue-on-error: true
timeout-minutes: 20
uses: SocialGouv/dashlord-actions/lhci@v1
with:
url: "${{ join(matrix.sites.subpages, ',') }}"

- name: Mozilla HTTP Observatory
if: ${{ matrix.sites.tools.http }}
continue-on-error: true
id: http
timeout-minutes: 10
uses: SocialGouv/httpobs-action@master
with:
url: "${{ matrix.sites.url }}"
output: "scans/http.json"

- name: Mozilla HTTP Observatory retry
if: steps.http.outcome=='failure'
continue-on-error: true
timeout-minutes: 10
uses: SocialGouv/httpobs-action@master
with:
url: "${{ matrix.sites.url }}"
output: "scans/http.json"

- name: Third-party scripts scan
if: ${{ matrix.sites.tools.thirdparties }}
continue-on-error: true
timeout-minutes: 10
uses: SocialGouv/thirdparties-action@master
id: thirdparties
with:
url: "${{ matrix.sites.url }}"
output: "scans/thirdparties.json"

- name: Déclaration RGPD
continue-on-error: true
uses: SocialGouv/dashlord-actions/declaration-rgpd@v1
if: ${{ matrix.sites.tools['declaration-rgpd'] }}
with:
thirdparties: ${{ steps.thirdparties.outputs.json }}
url: ${{ matrix.sites.url }}
output: scans/declaration-rgpd.json

# testssl.sh action needs an hostname to save its output so we build it here
- name: Extract hostname
id: hostname
run: |
HOSTNAME=$(echo "${{ matrix.sites.url }}" | sed -e 's/[^/]*\/\/\([^@]*@\)\?\([^:/]*\).*/\2/')
echo "::set-output name=value::$HOSTNAME"
- name: testssl.sh scan
if: ${{ matrix.sites.tools.testssl }}
continue-on-error: true
timeout-minutes: 10
uses: "mbogh/[email protected]"
with:
host: ${{ steps.hostname.outputs.value }}
output: scans
grade: "F"
options: "--fast"

- name: nmap vulnerabilities scan
if: ${{ matrix.sites.tools.nmap }}
continue-on-error: true
timeout-minutes: 10
uses: "MTES-MCT/nmap-action@main"
with:
host: ${{ steps.hostname.outputs.value }}
outputDir: "scans"
outputFile: "nmapvuln.json"
withVulnerabilities: true
raw: false

- name: Nuclei scan
if: ${{ matrix.sites.tools.nuclei }}
continue-on-error: true
timeout-minutes: 10
uses: "SocialGouv/dashlord-nuclei-action@master"
with:
url: ${{ matrix.sites.url }}
output: "scans/nuclei.log"

- name: Updown.io checks
if: ${{ matrix.sites.tools.updownio }}
continue-on-error: true
timeout-minutes: 10
uses: "MTES-MCT/updownio-action@main"
with:
apiKey: ${{ secrets.UPDOWNIO_API_KEY }}
url: ${{ matrix.sites.url }}
output: scans/updownio.json

- name: Betagouv API scan
if: ${{ matrix.sites.tools.betagouv }}
continue-on-error: true
timeout-minutes: 10
id: betagouv
uses: betagouv/dashlord-startup-action@main
with:
id: "${{ matrix.sites.betaId }}"
output: "scans/betagouv.json"

- name: Stats page
continue-on-error: true
timeout-minutes: 10
uses: "betagouv/check-url-action@main"
if: ${{ matrix.sites.tools.stats }}
with:
url: ${{ steps.betagouv.outputs.stats_url }}
output: scans/stats.json
minExpectedRegex: ^stat
exactExpectedRegex: ^stats$

- name: Budget page
continue-on-error: true
timeout-minutes: 10
uses: "betagouv/check-url-action@main"
if: ${{ matrix.sites.tools.budget_page }}
with:
url: ${{ steps.betagouv.outputs.budget_url }}
output: scans/budget_page.json

- name: Open Github repository
continue-on-error: true
timeout-minutes: 10
uses: "betagouv/check-url-action@main"
if: ${{ matrix.sites.tools.betagouv }}
with:
url: ${{ steps.betagouv.outputs.github_repository }}
output: scans/github_repository.json

- name: Dependabot vulnerabilities alerts
continue-on-error: true
timeout-minutes: 10
if: ${{ matrix.sites.tools.dependabot && matrix.sites.repositories }}
uses: "MTES-MCT/dependabotalerts-action@main"
with:
token: ${{ secrets.DEPENDABOTALERTS_TOKEN }}
repositories: ${{ join(matrix.sites.repositories) }}
output: scans/dependabotalerts.json

- name: Code quality alerts
if: ${{ matrix.sites.tools.codescan && matrix.sites.repositories }}
continue-on-error: true
timeout-minutes: 10
uses: "MTES-MCT/codescanalerts-action@main"
with:
token: ${{ secrets.CODESCANALERTS_TOKEN }}
repositories: ${{ join(matrix.sites.repositories) }}
output: scans/codescanalerts.json

- uses: SocialGouv/dashlord-actions/save@v1
with:
url: ${{ matrix.sites.url }}
# only clean up previous stats when all tools runned
cleanup: ${{ github.event.inputs.tool == 'all' && true || false }}

- uses: EndBug/add-and-commit@v7
with:
add: '["results"]'
author_name: "DashlordBetaGouvBot "
author_email: "[email protected]"
message: "update: ${{ matrix.sites.url }}"
35 changes: 35 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
# DashLord

Tableau de bord des bonnes pratiques techniques : https://dashlord.incubateur.net

## Usage

### Ajouter une URL dans le dashlord

Vous devez éditer le fichier [./dashlord.yml](./dashlord.yaml) et ajouter une entrée pour votre URL.

💡 Bonne pratique : enlever les slashs à la fin des urls

Exemple d'entrée pour une URL :

```yml
- url: https://www.free.fr
title: Homepage free.fr
betaId: free # optionnel, id de la startup sur beta.gouv.fr
tags: # optionnel
- telecom
- provider
repositories: # optionnel, pour récupérer les alertes de sécu de ces repos
- free/free-ui
- free/free-css
docker: # optionnel, pour scanner les images avec trivy
- ghcr.io/socialgouv/fabrique/frontend
- ghcr.io/socialgouv/fabrique/backend
tools: # optionnel, pour desactiver certains outils
nmap: false
pages: # optionnel, pour lancer lighthouse sur des pages supplémentaires
- /profil
- /mentions
```
Pour la documentation de DashLord lui-même : https://github.com/SocialGouv/dashlord
Loading

0 comments on commit 73ff95b

Please sign in to comment.