From e876982ab00fb7f941a5034a61f05078d4c2dea3 Mon Sep 17 00:00:00 2001 From: deadly-panda Date: Thu, 24 Mar 2022 10:31:17 +0100 Subject: [PATCH 1/5] switch action.yml to scan profile. --- action.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/action.yml b/action.yml index 985c8e0..9fe05db 100644 --- a/action.yml +++ b/action.yml @@ -1,10 +1,10 @@ name: Ostorlab Security Scanner description: Scan mobile apps for outdated dependencies, hardcoded secrets, privacy leakages, and insecure code (Signup at ostorlab.co). inputs: - plan: - description: Specifies your scan plan ( free (rapid_static) for community scans and static_dynamic_backend for full analysis) + scan_profile: + description: Specifies your scan profile ( free "fast_scan" for community scans and "full_scan" for full analysis) required: true - default: rapid_static + default: fast_scan asset_type: description: Type of asset to scan. (['android-apk', 'android-aab', 'ios-ipa']) required: true From 564ac7d71fc25da13b87e7cd025b25b506268ced Mon Sep 17 00:00:00 2001 From: deadly-panda Date: Thu, 24 Mar 2022 10:31:32 +0100 Subject: [PATCH 2/5] switch scan cli command to scan profile. --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 391cd5a..fb2c10b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,3 +1,3 @@ FROM python:3.8-alpine RUN pip install ostorlab -CMD ostorlab --api-key="$INPUT_OSTORLAB_API_KEY" ci-scan run --log-flavor=github --title="$INPUT_SCAN_TITLE" --plan="$INPUT_PLAN" --break-on-risk-rating="$INPUT_BREAK_ON_RISK_RATING" --max-wait-minutes="$INPUT_MAX_WAIT_MINUTES" $INPUT_ASSET_TYPE $INPUT_TARGET +CMD ostorlab --api-key="$INPUT_OSTORLAB_API_KEY" ci-scan run --log-flavor=github --title="$INPUT_SCAN_TITLE" --scan-profile="$INPUT_SCAN_PROFILE" --break-on-risk-rating="$INPUT_BREAK_ON_RISK_RATING" --max-wait-minutes="$INPUT_MAX_WAIT_MINUTES" $INPUT_ASSET_TYPE $INPUT_TARGET From b93af5b8d7a8d73a1acac68ea9d5c72bc7d54ede Mon Sep 17 00:00:00 2001 From: deadly-panda Date: Thu, 24 Mar 2022 10:31:52 +0100 Subject: [PATCH 3/5] Update readme. --- .github/workflows/action.yaml | 2 +- README.md | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/action.yaml b/.github/workflows/action.yaml index 77a0b9d..002f6b3 100644 --- a/.github/workflows/action.yaml +++ b/.github/workflows/action.yaml @@ -11,7 +11,7 @@ jobs: id: start_scan uses: ./ with: - plan: rapid_static # Specify which plan to use for the scan (check plan section). + scan_profile: fast_scan # Specify which scan profile to use for the scan (check scan section). asset_type: android-apk # type of asset to scan. target: ostorlab.apk # path for target tto scan. scan_title: title_scan_ci # type a title for your scan. diff --git a/README.md b/README.md index 3a5f441..8c439a5 100644 --- a/README.md +++ b/README.md @@ -42,7 +42,7 @@ jobs: id: start_scan uses: actions/ostorlab_actions@v1 with: - plan: rapid_static + scan_profile: fast_scan asset_type: android-apk target: andoird_apk.apk can_title: title_scan_ci @@ -55,7 +55,7 @@ jobs: The Github actions the following options: - - **`plan`** *(['rapid_static', 'static_dynamic_backend'])*: [Required] - Specifies the scan plan ( `rapid_static` for fast static only analysis and `full analysis` for full static, dynamic and backend coverage). + - **`scan_profile`** *(['fast_scan', 'full_scan'])*: [Required] - Specifies the scan profile ( `fast_scan` for fast static only analysis and `full_scan` for full static, dynamic and backend coverage). - **`asset_type`** *(['android-apk', 'android-aab', 'ios-ipa'])*: [Required] - Target asset, Ostorlab supports APK, AAB and IPA. - **`target`**: [Required] - target file to scan. - **`ostorlab_api_key`**: [Required] - API Key from Ostorlab portal. From c2d3685def4e0cdf9be428c308aa786f23626c5c Mon Sep 17 00:00:00 2001 From: deadly-panda Date: Thu, 24 Mar 2022 10:53:26 +0100 Subject: [PATCH 4/5] fix ruaml dependency and optimize image. --- Dockerfile | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index fb2c10b..7e82e30 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,3 +1,8 @@ -FROM python:3.8-alpine +FROM python:3-slim-buster as base +FROM base as builder +RUN mkdir /install +WORKDIR /install RUN pip install ostorlab +FROM base +COPY --from=builder /install /usr/local CMD ostorlab --api-key="$INPUT_OSTORLAB_API_KEY" ci-scan run --log-flavor=github --title="$INPUT_SCAN_TITLE" --scan-profile="$INPUT_SCAN_PROFILE" --break-on-risk-rating="$INPUT_BREAK_ON_RISK_RATING" --max-wait-minutes="$INPUT_MAX_WAIT_MINUTES" $INPUT_ASSET_TYPE $INPUT_TARGET From 8441804c8a0b2e24a92c9a8ac1f09c2d92b5cb0d Mon Sep 17 00:00:00 2001 From: deadly-panda Date: Thu, 24 Mar 2022 11:14:12 +0100 Subject: [PATCH 5/5] multi stage building. --- Dockerfile | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 7e82e30..014265b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,8 +1,9 @@ -FROM python:3-slim-buster as base +FROM python:3.8-slim-buster as base FROM base as builder RUN mkdir /install WORKDIR /install -RUN pip install ostorlab +RUN pip install --prefix=/install ostorlab FROM base +WORKDIR /root/ COPY --from=builder /install /usr/local -CMD ostorlab --api-key="$INPUT_OSTORLAB_API_KEY" ci-scan run --log-flavor=github --title="$INPUT_SCAN_TITLE" --scan-profile="$INPUT_SCAN_PROFILE" --break-on-risk-rating="$INPUT_BREAK_ON_RISK_RATING" --max-wait-minutes="$INPUT_MAX_WAIT_MINUTES" $INPUT_ASSET_TYPE $INPUT_TARGET +CMD ostorlab --api-key="$INPUT_OSTORLAB_API_KEY" ci-scan run --log-flavor=github --title="$INPUT_SCAN_TITLE" --scan-profile="$INPUT_SCAN_PROFILE" --break-on-risk-rating="$INPUT_BREAK_ON_RISK_RATING" --max-wait-minutes="$INPUT_MAX_WAIT_MINUTES" $INPUT_ASSET_TYPE $INPUT_TARGET