advanced-security-demo
diff --git a/‎.env.sample‎
Lines changed: 8 additions & 4 deletions b/‎.env.sample‎
Lines changed: 8 additions & 4 deletions
diff --git a/‎.gitignore‎
Lines changed: 2 additions & 0 deletions b/‎.gitignore‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎CODEOWNERS‎
Lines changed: 1 addition & 1 deletion b/‎CODEOWNERS‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎README.md‎
Lines changed: 81 additions & 81 deletions b/‎README.md‎
Lines changed: 81 additions & 81 deletions
diff --git a/‎__tests__/inputs.test.ts‎
Lines changed: 60 additions & 0 deletions b/‎__tests__/inputs.test.ts‎
Lines changed: 60 additions & 0 deletions
diff --git a/‎__tests__/main.test.ts‎
Lines changed: 0 additions & 8 deletions b/‎__tests__/main.test.ts‎
Lines changed: 0 additions & 8 deletions
@@ -1,7 +1,11 @@
 FREQUENCY=24
 SCOPE=repository
-GITHUB_TOKEN=xxxx
+GITHUB_TOKEN=ghp_xxx
 GITHUB_API_URL=https://api.github.com
-REPO=xxxx
-ORG=xxxx
-LOCAL_DEV=true
+GITHUB_REPOSITORY=repo
+GITHUB_OWNER=org
+GITHUB_ENTERPRISE=enterprise
+LOCAL_DEV=true
+CREATED_ALERTS_FILEPATH=new-alerts.json
+CLOSED_ALERTS_FILEPATH=resolved-alerts.json
+GITHUB_ACTION=true
@@ -9,6 +9,8 @@ npm-debug.log*
 yarn-debug.log*
 yarn-error.log*
 lerna-debug.log*
+new-alerts.json
+resolved-alerts.json
 
 # Diagnostic reports (https://nodejs.org/api/report.html)
 report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json
 
@@ -1 +1 @@
-* @actions/actions-runtime
+* @ps-advanced-security
@@ -1,105 +1,105 @@
-<p align="center">
-  <a href="https://github.com/actions/typescript-action/actions"><img alt="typescript-action status" src="https://github.com/actions/typescript-action/workflows/build-test/badge.svg"></a>
-</p>
+# Secret Scanning Alerts GitHub Action
 
-# Create a JavaScript Action using TypeScript
+This GitHub Action retrieves secret scanning alerts from GitHub and filters them based on a specified date range. It then saves the filtered alerts to files and outputs a summary of the new and resolved alerts.
 
-Use this template to bootstrap the creation of a TypeScript action.:rocket:
+You can use the ouput to create a GitHub issue or send a notification to Email, Slack, Teams, etc.
 
-This template includes compilation support, tests, a validation workflow, publishing, and versioning guidance.  
 
-If you are new, there's also a simpler introduction.  See the [Hello World JavaScript Action](https://github.com/actions/hello-world-javascript-action)
+## How does it work?
 
-## Create an action from this template
+The code is realitvely simple. The flow is defined in `src/main.ts` and is as follows:
 
-Click the `Use this Template` and provide the new repo details for your action
+1. Parse inputs using the `getInput()` function.
+2. Calculate the minimum date for the alert scan using the `calculateDateRange()` function.
+3. Retrieve secret scanning alerts for the specified scope by calling the GitHub Secret Scanning REST API.
+4. Filter the alerts based on the minimum date using the `filterAlerts()` function.
+5. Write the new alerts and resolved alerts to json files.
+6. Print the results as GitHub Actions summary.
+7. Set the `summary-markdown` output to make it available to other steps in the workflow.
 
-## Code in Main
+## Usage
 
-> First, you'll need to have a reasonably modern version of `node` handy. This won't work with versions older than 9, for instance.
+To use this action, add the following step to your workflow:
 
-Install the dependencies  
-```bash
-$ npm install
-```
-
-Build the typescript and package it for distribution
-```bash
-$ npm run build && npm run package
-```
-
-Run the tests :heavy_check_mark:  
-```bash
-$ npm test
-
- PASS  ./index.test.js
-  ✓ throws invalid number (3ms)
-  ✓ wait 500 ms (504ms)
-  ✓ test runs (95ms)
-
-...
-```
-
-## Change action.yml
-
-The action.yml defines the inputs and output for your action.
-
-Update the action.yml with your name, description, inputs and outputs for your action.
-
-See the [documentation](https://help.github.com/en/articles/metadata-syntax-for-github-actions)
-
-## Change the Code
-
-Most toolkit and CI/CD operations involve async operations so the action is run in an async function.
-
-```javascript
-import * as core from '@actions/core';
-...
-
-async function run() {
-  try { 
-      ...
-  } 
-  catch (error) {
-    core.setFailed(error.message);
-  }
-}
-
-run()
+```yaml
+- name: Secret Scanning Alerts
+  uses: advanced-security/secret-scanning-custom-notifications/@v1
+  with:
+    frequency: 24 # hours
+    scope: 'repository'
+    repository: 'repo-name'
+    new_alerts_filepath: 'new_alerts.json'
+    closed_alerts_filepath: 'closed_alerts.json'
 ```
 
-See the [toolkit documentation](https://github.com/actions/toolkit/blob/master/README.md#packages) for the various packages.
+## Inputs
+This action requires the following inputs:
 
-## Publish to a distribution branch
+- `frequency`: The frequency of the action. Valid values are daily, weekly, and monthly. Required.
+- `scope`: The scope of the action. Valid values are repo, org, and enterprise. Required.
+- `token`: The GitHub API token to use for the action. Required.
+- `new_alerts_filepath`: The path to the file where the new alerts should be stored for email attachment. Required.
+- `closed_alerts_filepath`: The path to the file where the closed alerts should be stored for email attachment. Required.
+- `api_url`: The GitHub API URL to use for the action. Needed only if you are using GitHub Enterprise Server. Optional.
+- `repo`: The repo to run the action on. Needed only if scope is repo and you intend to fetch alerts from other repos than the one where the action is running. Optional.
+- `org`: The org to run the action on. Needed only if scope is org and you intend to fetch alerts from other repos than the one where the action is running. Optional.
+- `enterprise`: The enterprise to run the action on. Required if you run it on the enterprise level. Optional.
 
-Actions are run from GitHub repos so we will checkin the packed dist folder. 
-
-Then run [ncc](https://github.com/zeit/ncc) and push the results:
-```bash
-$ npm run package
-$ git add dist
-$ git commit -a -m "prod dependencies"
-$ git push origin releases/v1
-```
 
-Note: We recommend using the `--license` option for ncc, which will create a license file for all of the production node modules used in your project.
+## Outputs
+This action has the following outputs:
 
-Your action is now published! :rocket: 
+- `summary-markdown`: A markdown formatted summary of the new and resolved alerts.
 
-See the [versioning documentation](https://github.com/actions/toolkit/blob/master/docs/action-versioning.md)
 
-## Validate
+## Example Workflow
 
-You can now validate the action by referencing `./` in a workflow in your repo (see [test.yml](.github/workflows/test.yml))
+Run the action every 4 hours and upload the new and resolved alerts to an artifact if there are any new or resolved alerts.
 
 ```yaml
-uses: ./
-with:
-  milliseconds: 1000
+name: Secret Scanning Alerts
+
+on:
+  schedule:
+    - cron: '0 */6 * * 0' # Run every 4 hours
+jobs:
+  secret-scanning-alerts:
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Secret Scanning Alerts
+      uses: advanced-security/secret-scanning-custom-notifications/@v1
+      with:
+        frequency: 3000
+        scope: 'repository'
+        new_alerts_filepath: 'created_alerts.json'
+        closed_alerts_filepath: 'closed_alerts.json'
+        token: ${{ secrets.TOKEN }}
+
+    - name: Count the number of entries in the alert files
+      id: count_alerts
+      run: |
+        created_alerts_count=$(jq '. | length' created_alerts.json)
+        closed_alerts_count=$(jq '. | length' closed_alerts.json)
+        echo "created_alerts_count=$created_alerts_count" >> $GITHUB_OUTPUT
+        echo "closed_alerts_count=$closed_alerts_count" >> $GITHUB_OUTPUT
+    
+    - name: Upload artifact
+      if: steps.count_alerts.outputs.created_alerts_count > 0 || steps.count_alerts.outputs.closed_alerts_count > 0
+      uses: actions/upload-artifact@v3
+      with:
+        name: my-artifact
+        path: |
+          created_alerts.json
+          closed_alerts.json
 ```
 
-See the [actions tab](https://github.com/actions/typescript-action/actions) for runs of this action! :rocket:
 
-## Usage:
+    
+## License
+This project is distributed under the [MIT license](LICENSE.md).
 
-After testing you can [create a v1 tag](https://github.com/actions/toolkit/blob/master/docs/action-versioning.md) to reference the stable and latest V1 action
+## Contributing
+- Fork this repo 
+- Work on your new feature
+- Create new Pull Request
@@ -0,0 +1,60 @@
+import { inputs } from "../src/utils/inputs";
+
+describe("inputs", () => {
+  it("should return an object with inputs when all environment variables are set", async () => {
+    process.env.LOCAL_DEV = "true";
+    process.env.FREQUENCY = "30";
+    process.env.SCOPE = "org";
+    process.env.GITHUB_TOKEN = "test-token";
+    process.env.GITHUB_API_URL = "https://test-api-url.com";
+    process.env.GITHUB_REPOSITORY = "test-repo";
+    process.env.GITHUB_OWNER = "test-owner";
+    process.env.GITHUB_ENTERPRISE = "test-enterprise";
+    process.env.CREATED_ALERTS_FILEPATH = "test-new-alerts-filepath";
+    process.env.CLOSED_ALERTS_FILEPATH = "test-closed-alerts-filepath";
+
+    const result = await inputs();
+    expect(result).toHaveProperty("scope", "org");
+    expect(result).toHaveProperty("frequency", 30);
+    expect(result).toHaveProperty("api_token", "test-token");
+    expect(result).toHaveProperty("apiURL", "https://test-api-url.com");
+    expect(result).toHaveProperty("repo", "test-repo");
+    expect(result).toHaveProperty("owner", "test-owner");
+    expect(result).toHaveProperty("enterprise", "test-enterprise");
+    expect(result).toHaveProperty("new_alerts_filepath", "test-new-alerts-filepath");
+    expect(result).toHaveProperty("closed_alerts_filepath", "test-closed-alerts-filepath");
+
+    delete process.env.LOCAL_DEV;
+    delete process.env.FREQUENCY;
+    delete process.env.SCOPE;
+    delete process.env.GITHUB_TOKEN;
+    delete process.env.GITHUB_API_URL;
+    delete process.env.GITHUB_REPOSITORY;
+    delete process.env.GITHUB_ACTOR;
+    delete process.env.GITHUB_ENTERPRISE;
+    delete process.env.CREATED_ALERTS_FILEPATH;
+    delete process.env.CLOSED_ALERTS_FILEPATH;
+  });
+
+  it("should throw an error if frequency is not a number", async () => {
+    process.env.FREQUENCY = "invalid-frequency";
+
+    await expect(inputs()).rejects.toThrowError("context.repo requires a GITHUB_REPOSITORY environment variable like 'owner/repo'");
+
+    delete process.env.FREQUENCY;
+  });
+
+  it("should throw an error if scope is not 'repo' or 'org'", async () => {
+    process.env.SCOPE = "invalid-scope";
+
+    await expect(inputs()).rejects.toThrowError("context.repo requires a GITHUB_REPOSITORY environment variable like 'owner/repo'");
+
+    delete process.env.SCOPE;
+  });
+
+  it("should throw an error if GITHUB_TOKEN is not set", async () => {
+    delete process.env.GITHUB_TOKEN;
+
+    await expect(inputs()).rejects.toThrowError("context.repo requires a GITHUB_REPOSITORY environment variable like 'owner/repo'");
+  });
+});
Original file line number	Diff line number	Diff line change
`@@ -1 +1 @@`
`1`		`-* @actions/actions-runtime`
	`1`	`+* @ps-advanced-security`