update sarif workflow

RamanaReddy0M · Jul 11, 2024 · 9e17e9e · 9e17e9e
1 parent 93ecf27
commit 9e17e9e
Show file tree

Hide file tree

Showing 3 changed files with 43 additions and 9 deletions.
diff --git a/.github/workflows/nuclei-sarif-test.yaml b/.github/workflows/nuclei-sarif-test.yaml
@@ -13,23 +13,39 @@ jobs:
     steps:
       - uses: actions/checkout@v4
 
-      - name: Nuclei - Vulnerability Scan
-        id: nuclei_scan
+      - name: Nuclei - Vulnerability Scan 1
+        id: nuclei_scan_1
         uses: projectdiscovery/nuclei-action@issue-85-sarif-file-not-exist
         with:
           target: https://example.com
           flags: "-v -debug"
-          templates: custom-templates/test.yaml
+          templates: custom-templates/no-match-test.yaml
           report-config: github-report.yml
           github-token: ${{ secrets.GITHUB_TOKEN }}
 
-    #   - name: Debug with tmate session
-    #     uses: mxschmitt/action-tmate@v3
-
-      - name: GitHub Security Dashboard Alerts update
-        if: steps.nuclei_scan.outputs.sarif_exists == 'true'
+      - name: GitHub Security Dashboard Alerts update for scan 1
+        if: steps.nuclei_scan_1.outputs.sarif_exists == 'true'
         uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: nuclei.sarif
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Nuclei - Vulnerability Scan 2
+        id: nuclei_scan_2
+        uses: projectdiscovery/nuclei-action@issue-85-sarif-file-not-exist
+        with:
+            target: https://example.com
+            flags: "-v -debug"
+            templates: custom-templates/test.yaml
+            report-config: github-report.yml
+            github-token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: GitHub Security Dashboard Alerts update for scan 2
+        if: steps.nuclei_scan_2.outputs.sarif_exists == 'true'
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+            sarif_file: nuclei.sarif
+        env:
+            GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
diff --git a/custom-templates/no-match-test.yaml b/custom-templates/no-match-test.yaml
@@ -0,0 +1,18 @@
+id: basic-200-status-check
+
+info:
+  name: Check for 200 OK status
+  author: ramana
+  severity: info
+  description: Checks if the target returns a 200 OK status code.
+  tags: status
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}"
+
+    matchers:
+      - type: status
+        status:
+          - 400
diff --git a/custom-templates/test.yaml b/custom-templates/test.yaml
@@ -15,4 +15,4 @@ http:
     matchers:
       - type: status
         status:
-          - 400
+          - 200
-Original file line number
+Diff line change
@@ Expand Up / @@ -15,4 +15,4 @@ http: @@
         matchers:
           - type: status
             status:
-              - 400
+              - 200