-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathaction.yml
More file actions
83 lines (77 loc) · 2.78 KB
/
action.yml
File metadata and controls
83 lines (77 loc) · 2.78 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
name: 'SpiderShield Scan'
description: 'Security scanner & runtime guard for MCP servers -- static analysis, policy enforcement, DLP'
author: 'TeehooAI'
branding:
icon: 'shield'
color: 'blue'
inputs:
target:
description: 'Path to MCP server directory'
required: true
default: '.'
fail-below:
description: 'Fail if overall score is below this threshold (0-10)'
required: false
default: '0'
format:
description: 'Output format (table or json)'
required: false
default: 'table'
outputs:
score:
description: 'Overall scan score (0-10)'
value: ${{ steps.scan.outputs.score }}
rating:
description: 'Rating (F/C/B/A/A+)'
value: ${{ steps.scan.outputs.rating }}
tool-count:
description: 'Number of tools detected'
value: ${{ steps.scan.outputs.tool_count }}
runs:
using: 'composite'
steps:
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.12'
- name: Install SpiderShield
shell: bash
run: pip install spidershield==0.3.4
- name: Run scan
id: scan
shell: bash
env:
TARGET: ${{ inputs.target }}
FORMAT: ${{ inputs.format }}
run: |
# Single scan in JSON, then display summary and extract outputs
REPORT=$(spidershield scan "$TARGET" --format json 2>/dev/null)
python3 -c "
import json, sys
report = json.loads('''$REPORT''', strict=False) if '''$REPORT'''.strip() else {}
# Display summary
if '$FORMAT' == 'table':
score = report.get('overall_score', 'N/A')
rating = report.get('rating', 'N/A')
tools = report.get('tool_count', 0)
print(f'SpiderShield Scan Results')
print(f' Score: {score}/10')
print(f' Rating: {rating}')
print(f' Tools: {tools}')
else:
print(json.dumps(report, indent=2))
"
echo "score=$(echo "$REPORT" | python3 -c 'import sys,json; print(json.loads(sys.stdin.read(), strict=False).get("overall_score","0"))')" >> $GITHUB_OUTPUT
echo "rating=$(echo "$REPORT" | python3 -c 'import sys,json; print(json.loads(sys.stdin.read(), strict=False).get("rating",""))')" >> $GITHUB_OUTPUT
echo "tool_count=$(echo "$REPORT" | python3 -c 'import sys,json; print(json.loads(sys.stdin.read(), strict=False).get("tool_count","0"))')" >> $GITHUB_OUTPUT
- name: Check threshold
if: inputs.fail-below != '0'
shell: bash
env:
SCORE: ${{ steps.scan.outputs.score }}
THRESHOLD: ${{ inputs.fail-below }}
run: |
python3 -c "import sys; sys.exit(0 if float('$SCORE') >= float('$THRESHOLD') else 1)" || {
echo "::error::SpiderShield score $SCORE is below threshold $THRESHOLD"
exit 1
}