Skip to content

API caller for AquaSec full repository scan #89

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
tmikula-dev wants to merge 14 commits into
base: master
Choose a base branch
from
Open

API caller for AquaSec full repository scan #89

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
14 commits
Select commit Hold shift + click to select a range
cc490bf
Test of AquaSec API
tmikula-dev Nov 27, 2025
345b1af
Test of AquaSec API
tmikula-dev Nov 27, 2025
10807d7
Test of AquaSec API
tmikula-dev Nov 27, 2025
66f5c89
AquaSec workflow fix
tmikula-dev Nov 27, 2025
77f0e24
AquaSec workflow fix
tmikula-dev Nov 27, 2025
2713be6
AquaSec workflow fix
tmikula-dev Nov 27, 2025
8330826
AquaSec workflow fix
tmikula-dev Nov 27, 2025
8d1b523
AquaSec workflow fix
tmikula-dev Nov 27, 2025
371f052
AquaSec Scan update
tmikula-dev Dec 10, 2025
057d3f8
AquaSec Scan update
tmikula-dev Dec 10, 2025
0d3ff0e
AquaSec Scan update
tmikula-dev Dec 10, 2025
c099d52
AquaSec Scan update
tmikula-dev Dec 10, 2025
445a2d4
AquaSec Scan update
tmikula-dev Dec 10, 2025
a661cb0
AquaSec Scan update
tmikula-dev Dec 10, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
71 changes: 71 additions & 0 deletions .github/workflows/aquasec_repository_scan.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,71 @@
name: AquaSec Full Repository Scan

on:
workflow_dispatch:
pull_request:
types: [ opened, synchronize ]

permissions:
contents: read
issues: write
pull-requests: write
security-events: write

jobs:
aquasec:
name: AquaSec Full Repository Scan
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v6
with:
persist-credentials: false
fetch-depth: 0

- name: Retrieve AquaSec Scan Results
env:
AQUA_KEY: ${{ secrets.AQUA_KEY }}
AQUA_SECRET: ${{ secrets.AQUA_SECRET }}
REPOSITORY_ID: ${{ secrets.AQUA_REPOSITORY_ID }}
run: |
set -euo pipefail

echo "=== Authenticating with AquaSec ==="
METHOD="POST"
AUTH_ENDPOINT="https://eu-1.api.cloudsploit.com/v2/tokens"
TIMESTAMP=$(date -u +%s)
POST_BODY='{"group_id":1228,"allowed_endpoints":["GET"],"validity":240}'
STRING_TO_SIGN="${TIMESTAMP}${METHOD}/v2/tokens${POST_BODY}"
SIGNATURE=$(echo -n "$STRING_TO_SIGN" | openssl dgst -sha256 -hmac "${AQUA_SECRET}" -hex | sed 's/.*= //g')

AUTH_RESPONSE=$(curl -s -X $METHOD "$AUTH_ENDPOINT" \
-H "Content-Type: application/json" \
-H "X-API-Key: $AQUA_KEY" \
-H "X-Timestamp: $TIMESTAMP" \
-H "X-Signature: $SIGNATURE" \
-d "$POST_BODY")

RESPONSE_STATUS=$(echo "$AUTH_RESPONSE" | jq -r '.status')

if [ "$RESPONSE_STATUS" = "200" ]; then
echo "Login successful."
BEARER_TOKEN=$(echo "$AUTH_RESPONSE" | jq -r '.data')
else
echo "Login failed with error message: $(echo "$AUTH_RESPONSE" | jq -r '.errors')"
exit 1
fi

echo "=== Receiving AquaSec Scan Results ==="

SCAN_RESULTS_ENDPOINT="https://eu-1.codesec.aquasec.com/api/v1/scans/results"
SCAN_RESULTS=$(curl -s -X GET "$SCAN_RESULTS_ENDPOINT?repositoryIds=${REPOSITORY_ID}" \
-H "Authorization: Bearer $BEARER_TOKEN" \
-H "Accept: application/json")

if [ -z "$SCAN_RESULTS" ]; then
echo "Failed to retrieve scan results"
exit 1
fi

echo "=== Scan Results ==="
echo "$SCAN_RESULTS"
143 changes: 0 additions & 143 deletions .github/workflows/trivy_repository_scan.yml
View file
Open in desktop

This file was deleted.

Loading