Skip to content

Get new vulnerability alerts daily straight to your slack channel using GitHub Actions.

License

Notifications You must be signed in to change notification settings

y-mehta/vulnalerts

Use this GitHub action with your project
Add this Action to an existing workflow or create a new one
View on Marketplace

Repository files navigation

VulnAlerts - Customized CVE Alerts straight to your Slack Channel

How to Use?

  • Create an Incoming Webhook on Slack
  • Goto Repository Settings -> Secrets -> Add a New Secret
  • Enter SLACK_WEBHOOK in the Secret Name and your slack webhook in the value.
  • Add CPEs of the products that you want to monitor for vulnerabilities in the cpe.txt file. NVD CPE Search
  • Create new workflow in .github/workflows/alerts.yml
name: VulnAlerts

on: 
  schedule:
    - cron:  '15 * */1 * *'

jobs:
  alert:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@master
    - uses: y-mehta/vulnalerts@master
      env:
        SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
    - name: done
      run: echo 'done'
  • That's it. You'll receive daily alerts on the selected slack channel.

Note: No need to enter full CPE unless you want to monitor specific version. apple:icloud or atlassian:sourcetree will do the job.

  • Action Schedule can be changed in .github/workflows/alerts.yml if needed. Follow crontab format(@daily,@monthly etc. aren't supported by Github Actions)

How it Works?

  • GitHub Actions WorkFlow is automatically triggered based on schedule.
  • CVE-Recent JSON Vulnerability Feed is fetched from the NVD.
  • The JSON feed is processed to check if any CPEs mentioned in cpe.txt are present in the Feed.
  • After processing is done, It'll send the message to Slack Incoming Webhook.

Sample Alert:

image

Security Warning

  • Don't hardcode your Slack Incoming Webhook URL into the python file.

References