diff --git a/mint.json b/mint.json index b9fa61f8..bbcab6e0 100644 --- a/mint.json +++ b/mint.json @@ -227,6 +227,7 @@ "opensource/nuclei/overview", "opensource/nuclei/install", "opensource/nuclei/running", + "opensource/nuclei/ci-cd", "opensource/nuclei/input-formats", "opensource/nuclei/authenticated-scans", "opensource/nuclei/mass-scanning-cli", diff --git a/opensource/nuclei/ci-cd.mdx b/opensource/nuclei/ci-cd.mdx new file mode 100644 index 00000000..f1605eb8 --- /dev/null +++ b/opensource/nuclei/ci-cd.mdx @@ -0,0 +1,137 @@ +--- +title: 'Running Nuclei in CI/CD' +description: 'Automate Nuclei scans in CI/CD pipelines with GitHub Actions' +sidebarTitle: 'CI/CD' +--- + +## Why run Nuclei in CI/CD? + +Adding Nuclei to CI/CD helps catch regressions earlier and keeps security checks close to code changes. + +Common patterns: + +- Scan staging endpoints on every push. +- Run template-based regression checks for known issues. +- Export SARIF and publish findings in GitHub Code Scanning. + +## GitHub Actions with `nuclei-action` + +Use [projectdiscovery/nuclei-action](https://github.com/projectdiscovery/nuclei-action) to install and run Nuclei directly in a workflow. + +### Minimal scan example + +```yaml +name: nuclei-scan + +on: + push: {} + pull_request: {} + +jobs: + scan: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + - name: Run Nuclei + uses: projectdiscovery/nuclei-action@v3 + with: + args: -u https://example.com +``` + +### Install only + run manually + +```yaml +name: nuclei-install-only + +on: + workflow_dispatch: {} + +jobs: + scan: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + - name: Install Nuclei + uses: projectdiscovery/nuclei-action@v3 + with: + version: latest + install-only: true + + - name: Verify install + run: nuclei -version +``` + +### Use config file from repository + +```yaml +name: nuclei-config-scan + +on: + push: {} + +jobs: + scan: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + - name: Run Nuclei with config + uses: projectdiscovery/nuclei-action@v3 + with: + config-path: .github/nuclei/nuclei.yaml +``` + +## Upload SARIF to GitHub Code Scanning + +Nuclei can export SARIF and upload it to GitHub Code Scanning. + +```yaml +name: nuclei-sarif + +on: + push: {} + pull_request: {} + +jobs: + scan: + runs-on: ubuntu-latest + permissions: + security-events: write + contents: read + steps: + - uses: actions/checkout@v4 + + - name: Run Nuclei and export SARIF + uses: projectdiscovery/nuclei-action@v3 + with: + config: | + target: + - https://example.com + sarif-export: results.sarif + + - name: Upload SARIF + uses: github/codeql-action/upload-sarif@v3 + if: success() + with: + sarif_file: results.sarif + category: nuclei-results +``` + +## Inputs and precedence + +* `args` passes CLI flags directly to Nuclei. +* `config` passes inline Nuclei config. +* `config-path` points to a config file in the repository. +* Do not set `config` and `config-path` together. +* If `args` is set, it takes precedence over `config` and `config-path`. + +## Best practices + +* Pin `nuclei-action` to `@v3`. +* Store sensitive values in GitHub Secrets. +* Keep custom templates/config in the repository for reproducibility. +* Use SARIF upload when your team relies on GitHub-native triage. + +For the full action interface and examples, see the official repository: [github.com/projectdiscovery/nuclei-action](https://github.com/projectdiscovery/nuclei-action). diff --git a/opensource/nuclei/overview.mdx b/opensource/nuclei/overview.mdx index 2822f81b..caf86bdf 100644 --- a/opensource/nuclei/overview.mdx +++ b/opensource/nuclei/overview.mdx @@ -16,23 +16,23 @@ New to scanners and Nuclei? Try it out today with a quick example through our [G ## What are Nuclei's features? -| Feature | Description | -| ----------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| [Extensive Template Library](#) | Nuclei offers a vast collection of community-powered templates for targeted scans of various vulnerabilities and attack vectors. | -| [Versatile Target Specification](#) | Support for various target specification options, such as URLs, IP ranges, ASN range, and file input, allowing flexibility in defining the scanning scope. | -| [Bulk Scanning](#) | Perform bulk scanning by specifying multiple targets at once, enabling efficient scanning of a large number of assets or websites. | -| [Flexible Customization](#) | Customize scanning templates to fit specific needs, allowing tailored scanning and focusing on relevant security checks. | -| [Parallel Scanning](#) | Supports parallel scanning, reducing scanning time and improving efficiency, especially for large-scale targets. | -| [Comprehensive Reporting `cloud`](#) | Generates detailed reports with actionable insights, including vulnerability details, severity levels, affected endpoints, and suggested remediation steps. | -| [Integration with CI/CD Pipelines](#) | Seamlessly integrate Nuclei into CI/CD pipelines for automated security testing as part of the development and deployment process. | -| [CI/CD Integration `cloud`](#) | Actively maintained and developed by the ProjectDiscovery team, introducing new features, bug fixes, and enhancements to provide an up-to-date scanning framework. | -| [Ticketing integration `cloud`](#) | Two-way ticketing integration with Jira, Splunk, and many others to easily remediate and retest vulnerabilities. | -| [Customizable Output Format](#) | Configure the output format of Nuclei's scan results to suit your needs, including options for JSON, YAML, and more. | -| [Dynamic Variables](#) | Utilize dynamic variables in templates to perform parameterized scanning, enabling versatile and flexible scanning configurations. | -| [Inclusion and Exclusion Filters](#) | Apply inclusion and exclusion filters to specify targets, reducing scanning scope and focusing on specific areas of interest. | -| [Authentication Support](/opensource/nuclei/authenticated-scans) | Nuclei supports various authentication mechanisms, including HTTP basic authentication, JWT token authentication, and more. | -| [Embedding custom code in templates](#) | Execute custom code within Nuclei templates to incorporate user-defined logic, perform advanced scanning actions, and more. | -| [AI-Powered Template Generation](#) | Generate and run vulnerability templates on-the-fly using natural language descriptions powered by ProjectDiscovery's AI capabilities. | +| Feature | Description | +| --------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| [Extensive Template Library](#) | Nuclei offers a vast collection of community-powered templates for targeted scans of various vulnerabilities and attack vectors. | +| [Versatile Target Specification](#) | Support for various target specification options, such as URLs, IP ranges, ASN range, and file input, allowing flexibility in defining the scanning scope. | +| [Bulk Scanning](#) | Perform bulk scanning by specifying multiple targets at once, enabling efficient scanning of a large number of assets or websites. | +| [Flexible Customization](#) | Customize scanning templates to fit specific needs, allowing tailored scanning and focusing on relevant security checks. | +| [Parallel Scanning](#) | Supports parallel scanning, reducing scanning time and improving efficiency, especially for large-scale targets. | +| [Comprehensive Reporting `cloud`](#) | Generates detailed reports with actionable insights, including vulnerability details, severity levels, affected endpoints, and suggested remediation steps. | +| [Integration with CI/CD Pipelines](/opensource/nuclei/ci-cd) | Seamlessly integrate Nuclei into CI/CD pipelines for automated security testing as part of the development and deployment process. | +| [CI/CD Integration `cloud`](#) | Actively maintained and developed by the ProjectDiscovery team, introducing new features, bug fixes, and enhancements to provide an up-to-date scanning framework. | +| [Ticketing integration `cloud`](#) | Two-way ticketing integration with Jira, Splunk, and many others to easily remediate and retest vulnerabilities. | +| [Customizable Output Format](#) | Configure the output format of Nuclei's scan results to suit your needs, including options for JSON, YAML, and more. | +| [Dynamic Variables](#) | Utilize dynamic variables in templates to perform parameterized scanning, enabling versatile and flexible scanning configurations. | +| [Inclusion and Exclusion Filters](#) | Apply inclusion and exclusion filters to specify targets, reducing scanning scope and focusing on specific areas of interest. | +| [Authentication Support](/opensource/nuclei/authenticated-scans) | Nuclei supports various authentication mechanisms, including HTTP basic authentication, JWT token authentication, and more. | +| [Embedding custom code in templates](#) | Execute custom code within Nuclei templates to incorporate user-defined logic, perform advanced scanning actions, and more. | +| [AI-Powered Template Generation](#) | Generate and run vulnerability templates on-the-fly using natural language descriptions powered by ProjectDiscovery's AI capabilities. | ## How can I use Nuclei? diff --git a/opensource/nuclei/resources.mdx b/opensource/nuclei/resources.mdx index 48e02276..a3238e7f 100644 --- a/opensource/nuclei/resources.mdx +++ b/opensource/nuclei/resources.mdx @@ -5,6 +5,7 @@ sidebarTitle: 'Resources' --- - [Finding bugs with Nuclei with PinkDraconian (Robbe Van Roey)](https://www.youtube.com/watch?v=ewP0xVPW-Pk) by **[@PinkDraconian](https://twitter.com/PinkDraconian)** +- [Running Nuclei in CI/CD (GitHub Actions)](/opensource/nuclei/ci-cd) - [Nuclei: Packing a Punch with Vulnerability Scanning](https://bishopfox.com/blog/nuclei-vulnerability-scan) by **Bishopfox** - [The WAF efficacy framework](https://www.fastly.com/blog/the-waf-efficacy-framework-measuring-the-effectiveness-of-your-waf) by **Fastly** - [Scanning Live Web Applications with Nuclei in CI/CD Pipeline](https://blog.escape.tech/devsecops-part-iii-scanning-live-web-applications/) by **[@TristanKalos](https://twitter.com/TristanKalos)** diff --git a/opensource/nuclei/running.mdx b/opensource/nuclei/running.mdx index 765a8d79..c7ab6b29 100644 --- a/opensource/nuclei/running.mdx +++ b/opensource/nuclei/running.mdx @@ -14,6 +14,8 @@ Nuclei templates offer two primary execution methods: ### Supported Input Formats +For automation in pipelines, see [Running Nuclei in CI/CD](/opensource/nuclei/ci-cd). + Nuclei supports various input formats to run template against, including urls, hosts, ips, cidrs, asn, openapi, swagger, proxify, burpsuite exported data and more. To learn more on using input specify options, you can refer [nuclei input formats](/opensource/nuclei/input-formats). These inputs can be given to nuclei using `-l` and `-input-mode` flags.