cds-snc / scan-websites

On-demand scanning of websites for accessibility and security vulnerabilities/compliance / Analyse à la demande des sites Web pour les vulnérabilités/conformité en matière d'accessibilité et de sécurité
https://scan-websites.alpha.canada.ca
MIT License
12 stars 1 forks source link

Scan Websites

On-demand scanning of websites for accessibility and security vulnerabilities/compliance / Analyse à la demande des sites Web pour les vulnérabilités/conformité en matière d'accessibilité et de sécurité

Adding new scanner

Adding new scan

on: schedule:

jobs: security-scan: name: Run scan websites (security) uses: cds-snc/scan-websites/.github/workflows/start_scan.yml@main with: dynamic: true secrets: scan_websites_key: ${{ secrets.SCAN_WEBSITES_KEY }} scan_websites_template: ${{ secrets.SCAN_WEBSITES_TEMPLATE }}

-  You can also trigger a scan directly in a workflow with:
```sh
curl -X GET -H 'X-API-KEY: ${{ secrets.SCAN_WEBSITES_KEY }}' -H 'X-TEMPLATE-TOKEN: ${{ secrets.SCAN_WEBSITES_TEMPLATE }}' https://scan-websites.alpha.canada.ca/scans/start

Run Locally

Run this in a dev container.

To interact with aws localstack use laws

Initial Run Reqs

make install && make install-dev

Seed local database

cd api && make seed

Example - List buckets

laws s3api list-buckets
laws s3api list-objects --bucket oswasp-zap-report-data --prefix Reports

Example - Create folder, copy file, and delete file

laws s3api put-object --bucket owasp-zap-report-data --key Reports/
laws s3 cp zap_report.json s3://owasp-zap-report-data/Reports/
laws s3 rm s3://owasp-zap-report-data/Reports/zap_report.json

Example - View SNS messages as they get posted

docker ps
docker logs --follow [localstack CONTAINER_ID]