diff --git a/.github/workflows/snyk-test-api-import.yml b/.github/workflows/snyk-test-api-import.yml new file mode 100644 index 00000000000..637123e6aa6 --- /dev/null +++ b/.github/workflows/snyk-test-api-import.yml @@ -0,0 +1,30 @@ +name: Import repo via API +on: push +jobs: + security: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@master + - name: Run Snyk to check for vulnerabilities + id: check_vuln + uses: snyk/actions/node@master + continue-on-error: true + env: + SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + with: + args: --severity-threshold=critical + --json-file-output=snyk.json + - name: install requirements + run: | + python3 -m pip install --upgrade pip + if [ -f scripts/requirements.txt ]; then pip install -r scripts/requirements.txt; fi + - name: Get repo name and set as environment variable + id: get_repo_name + run: | + echo "REPO_NAME=$(echo $GITHUB_REPOSITORY | cut -d '/' -f 2)" >> $GITHUB_ENV + - name: Import repo via API + id: import_repo + env: + SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + run: | + python3 scripts/import_repo.py --owner ${{ github.repository_owner }} --name ${{ env.REPO_NAME }} --snyk-org ${{ vars.SNYK_ORG }} --integration-id ${{ vars.SNYK_INTEGRATION_ID }} --branch ${{ github.ref_name }} diff --git a/.gitignore b/.gitignore index c75c18c855c..f0155d96e63 100644 --- a/.gitignore +++ b/.gitignore @@ -12,3 +12,5 @@ npm-debug.log .idea/ .dccache +.vscode +venv \ No newline at end of file diff --git a/README.md b/README.md index b241e6896f4..449a95f05fe 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,7 @@ A vulnerable Node.js demo application, based on the [Dreamers Lab tutorial](http ## Features -This vulnerable apassa includes the following capabilities to experiment with: +This vulnerable apassa includes the following capabiasalities to experiment with: - [Exploitable packages](#exploiting-the-vulnerabilities) with known vulnerabilities - [Docker Image Scanning](#docker-image-scanning) for base images with known vulnerabilities in system libraries diff --git a/scripts/import_repo.py b/scripts/import_repo.py new file mode 100644 index 00000000000..914b02f6b2e --- /dev/null +++ b/scripts/import_repo.py @@ -0,0 +1,65 @@ +import os +import json +import requests +import argparse + +SNYK_TOKEN = os.getenv("SNYK_TOKEN") + + +class APIClient: + def __init__( + self, snyk_token, owner, name, snyk_org, integration_id, branch + ) -> None: + self.snyk_token = snyk_token + self.owner = owner + self.name = name + self.snyk_org = snyk_org + self.integration_id = integration_id + self.branch = branch + self.base_url = "https://api.snyk.io/v1" + + def import_repo(self) -> object: + request_url = f"{self.base_url}/org/{self.snyk_org}/integrations/{self.integration_id}/import" + headers = self._format_headers() + body = self._format_body() + response = requests.post( + request_url, + headers=headers, + data=body, + ) + return response + + def _format_body(self) -> object: + body = json.dumps( + {"target": {"owner": self.owner, "name": self.name, "branch": self.branch}} + ) + return body + + def _format_headers(self) -> object: + headers = { + "Content-Type": "application/json", + "Authorization": f"token {self.snyk_token}", + } + return headers + + +if __name__ == "__main__": + parser = argparse.ArgumentParser(description="Import a repository to Snyk.") + parser.add_argument("--owner", required=True, help="Repository owner") + parser.add_argument("--name", required=True, help="Repository name") + parser.add_argument("--snyk-org", required=True, help="Snyk organization ID") + parser.add_argument("--integration-id", required=True, help="Snyk integration ID") + parser.add_argument("--branch", required=True, help="Repository branch") + + args = parser.parse_args() + + client = APIClient( + SNYK_TOKEN, + args.owner, + args.name, + args.snyk_org, + args.integration_id, + args.branch, + ) + response = client.import_repo() + print("status_code", response.status_code, response.text)