Skip to content

Commit a435ad5

Browse files
author
Gaurav Patil
committed
added code
1 parent 55a8321 commit a435ad5

1 file changed

Lines changed: 21 additions & 19 deletions

File tree

.github/workflows/security-scan.yml

Lines changed: 21 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -41,16 +41,16 @@ jobs:
4141
continue-on-error: true
4242
run: |
4343
mkdir -p security-reports
44-
44+
4545
if ./scan.sh; then
4646
echo "scan_status=success" >> $GITHUB_OUTPUT
47-
echo "scan_result=PASSED" >> $GITHUB_OUTPUT
47+
echo "scan_result=PASSED" >> $GITHUB_OUTPUT
4848
else
4949
echo "scan_status=failure" >> $GITHUB_OUTPUT
50-
echo "scan_result=FAILED" >> $GITHUB_OUTPUT
50+
echo "scan_result=FAILED" >> $GITHUB_OUTPUT
5151
fi
5252
53-
- name: Upload HTML Report
53+
- name: Upload Reports as Artifact
5454
if: always()
5555
uses: actions/upload-artifact@v4
5656
with:
@@ -70,43 +70,46 @@ jobs:
7070
if: github.event_name == 'pull_request' && always()
7171
uses: actions/github-script@v7
7272
with:
73-
github-token: ${{secrets.GITHUB_TOKEN}}
73+
github-token: ${{ secrets.GITHUB_TOKEN }}
7474
script: |
7575
const fs = require('fs');
7676
const path = require('path');
77-
77+
7878
const reportsDir = 'security-reports';
7979
const summaryPath = path.join(reportsDir, 'SECURITY-SUMMARY.md');
8080
81-
let commentBody;
81+
let commentBody = "";
8282
83+
// Build comment body
8384
if (fs.existsSync(summaryPath)) {
8485
const summary = fs.readFileSync(summaryPath, 'utf8');
85-
commentBody = `${summary}
86+
commentBody = summary + `
8687
8788
---
8889
📥 **Download detailed reports:**
89-
https://github.com/${context.repo.owner}/${context.repo.repo}/actions/runs/${context.runId}`;
90+
https://github.com/${context.repo.owner}/${context.repo.repo}/actions/runs/${context.runId}
91+
`;
9092
} else {
91-
commentBody = `⚠️ Security scan completed, but no summary file was generated.`;
93+
commentBody = "⚠️ Security scan completed, but no SECURITY-SUMMARY.md was found.";
9294
}
9395
96+
// Fetch existing comments
9497
const { data: comments } = await github.rest.issues.listComments({
9598
owner: context.repo.owner,
9699
repo: context.repo.repo,
97-
issue_number: context.issue.number,
100+
issue_number: context.issue.number
98101
});
99102
100-
const botComment = comments.find(comment =>
101-
comment.user.type === 'Bot' &&
102-
comment.body.includes('Security Scan')
103+
const existing = comments.find(c =>
104+
c.user.type === "Bot" &&
105+
c.body.includes("Download detailed reports")
103106
);
104107
105-
if (botComment) {
108+
if (existing) {
106109
await github.rest.issues.updateComment({
107110
owner: context.repo.owner,
108111
repo: context.repo.repo,
109-
comment_id: botComment.id,
112+
comment_id: existing.id,
110113
body: commentBody
111114
});
112115
} else {
@@ -117,7 +120,7 @@ https://github.com/${context.repo.owner}/${context.repo.repo}/actions/runs/${con
117120
body: commentBody
118121
});
119122
}
120-
123+
121124
- name: Set job summary
122125
if: always()
123126
run: |
@@ -128,6 +131,5 @@ https://github.com/${context.repo.owner}/${context.repo.repo}/actions/runs/${con
128131
- name: Fail if security issues found
129132
if: steps.scan.outputs.scan_status == 'failure'
130133
run: |
131-
echo "::error::❌ Security scan failed - critical issues detected"
132-
echo "::error::View the Security tab or download artifacts for details"
134+
echo "::error::❌ Security scan failed - vulnerabilities detected"
133135
exit 1

0 commit comments

Comments
 (0)