forked from Templum/govulncheck-action
-
Notifications
You must be signed in to change notification settings - Fork 0
/
main.go
97 lines (77 loc) · 2.64 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
package main
import (
"os"
"github.com/Templum/govulncheck-action/pkg/action"
"github.com/Templum/govulncheck-action/pkg/github"
"github.com/Templum/govulncheck-action/pkg/sarif"
"github.com/Templum/govulncheck-action/pkg/vulncheck"
"github.com/rs/zerolog"
)
func main() {
zerolog.SetGlobalLevel(zerolog.InfoLevel)
logger := zerolog.New(zerolog.ConsoleWriter{Out: os.Stdout, TimeFormat: zerolog.TimeFormatUnix}).
With().
Timestamp().
Logger() // Main Logger
workDir, _ := os.Getwd()
inLocalMode := os.Getenv("LOCAL") == "true"
github := github.NewSarifUploader(logger)
reporter := sarif.NewSarifReporter(logger, workDir)
scanner := vulncheck.NewScanner(logger, workDir, inLocalMode)
if os.Getenv("DEBUG") == "true" {
zerolog.SetGlobalLevel(zerolog.DebugLevel)
logger.Debug().Msg("Enabled Debug Level logs")
}
info := action.ReadRuntimeInfoFromEnv()
logger.Info().
Str("Go-Version", info.Version).
Str("Go-Os", info.Os).
Str("Go-Arch", info.Arch).
Str("GOPRIVATE", os.Getenv("GOPRIVATE")).
Msg("GoEnvironment Details:")
logger.Debug().
Str("Package", os.Getenv("PACKAGE")).
Str("Skip Upload", os.Getenv("SKIP_UPLOAD")).
Str("Fail on Vulnerabilities", os.Getenv("STRICT")).
Msg("Action Inputs:")
findings, err := scanner.Scan()
if err != nil {
logger.Error().Err(err).Msg("Scanning yielded error")
os.Exit(2)
}
err = reporter.Convert(findings)
if err != nil {
logger.Error().Err(err).Msg("Conversion of Scan yielded error")
os.Exit(2)
}
if os.Getenv("SKIP_UPLOAD") == "true" {
logger.Info().Msg("Action is configured to skip upload instead will write to disk")
fileName := "govulncheck-report.sarif"
reportFile, err := os.Create(fileName)
if err != nil {
logger.Error().Err(err).Msg("Failed to create report file")
os.Exit(2)
}
defer reportFile.Close()
err = reporter.Write(reportFile)
if err != nil {
logger.Error().Err(err).Msg("Writing report to file yielded error")
os.Exit(2)
}
logger.Info().Msgf("Successfully wrote sarif report to file %s", fileName)
} else {
err := github.UploadReport(reporter)
if err != nil {
logger.Error().Err(err).Msg("Upload of Sarif Report GitHub yielded error")
os.Exit(2)
}
logger.Info().Msg("Successfully uploaded Sarif Report to Github, it will be available after processing")
}
if os.Getenv("STRICT") == "true" {
logger.Debug().Msg("Action is running in strict mode")
if len(findings) > 0 {
logger.Info().Msg("Encountered at least one vulnerability while running in strict mode, will mark outcome as failed")
os.Exit(2)
}
}
}