Customized Vulnerability Alerts delivered to your Slack Channel using GitHub Actions

Yash Mehta — Mon, 13 Jan 2020 19:07:00 +0000

With the increasing complexity of technology stack, managing endless threats and maintaining the security of your Infrastructure can be a significant challenge — and a time-consuming one. As a Developer and Security Engineer, I have to keep an eye on recent vulnerabilities related to technology stack so that vulnerabilities can be patched asap.

NVD provides us Multiple Feeds containing vulnerabilities according to CVE specification but those feeds aren't human-readable and it requires manual efforts to check whether the products we're using are affected. There are multiple solutions available in the market but those are mainly commercial or require configuring one or another infrastructure. So, I built a simple GitHub action that can be used easily and doesn't require any maintenance.

Why GitHub Actions?

GitHub Actions enables you to create custom software development life cycle (SDLC) workflows directly in your GitHub repository. GitHub Actions are complete free for open-source repositories and allow 3000 minutes per month free usage for Private Repositories. Also, GitHub WorkFlows can be triggered based on scheduled events.

What you'll need?

A Slack Incoming Webhook
CPE ID of products that you want to monitor
Public/Private GitHub Repository

y-mehta / vulnalerts

Get new vulnerability alerts daily straight to your slack channel using GitHub Actions for Free.

VulnAlerts - Customized CVE Alerts straight to your Slack Channel

How to Use?

Create an Incoming Webhook on Slack
Goto Repository Settings -> Secrets -> Add a New Secret
Enter SLACK_WEBHOOK in the Secret Name and your slack webhook in the value.
Add CPEs of the products that you want to monitor for vulnerabilities in the cpe.txt file. NVD CPE Search
Create new workflow in .github/workflows/alerts.yml

name: VulnAlerts
on
  schedule
    - cron:  '15 * */1 * *'

jobs:
  alert:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@master
    - uses: y-mehta/vulnalerts@master
      env:
        SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
    - name: done
      run: echo 'done'

That's it. You'll receive daily alerts on the selected slack channel.

Note: No need to enter full CPE unless you want to monitor specific version. apple:icloud or atlassian:sourcetree will do the job.

Action Schedule can be changed in .github/workflows/alerts.yml if needed. Follow crontab format(@daily,@monthly etc. aren't supported by Github Actions)

How

…

View on GitHub

Sample Alert:

How to Use?

Step 1:

Goto Repository Settings -> Secrets -> Add a New Secret
Enter SLACK_WEBHOOK in the Secret Name and your slack webhook in the value.

Step 2:

Add CPEs of the products that you want to monitor for vulnerabilities in the cpe.txt file. [Each CPE on new line]

Step 3:

Create new workflow in .github/workflows/alerts.yml

name: VulnAlerts

on: 
  schedule:
    - cron:  '15 * */1 * *'

jobs:
  alert:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@master
    - uses: y-mehta/vulnalerts@master
      env:
        SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
    - name: done
      run: echo 'done'

That's it. You'll receive daily alerts on the selected slack channel.

I would love feedback from other people working on similar things.

Forem: Yash Mehta

Customized Vulnerability Alerts delivered to your Slack Channel using GitHub Actions

Why GitHub Actions?

What you'll need?

y-mehta / vulnalerts

Get new vulnerability alerts daily straight to your slack channel using GitHub Actions for Free.

VulnAlerts - Customized CVE Alerts straight to your Slack Channel

How to Use?

How

Sample Alert:

How to Use?