Security Gate
Simple and pratical security gate for Github Security Alerts
Summary
This is a project that allows you to use a Security Gate within Github, using Actions and your project's Security Alerts as an information base. Currently only Dependabot Alerts are supported, soon we will have support for Secrets and Security Advisories Alerts.
You can define a vulnerability policy based on impact i.e. the number of vulnerabilities per threat, and automatically block your CI/CD pipeline if these policies are not met. This ensures that your application has greater protection, preventing codes that contain known threats from being deployed in production.
Github Actions
You need to create a token with read access to Security Alerts and configure it within the Secrets resource of your repository, then:
In your repository, create a YAML file at: .github/workflows/security-gate.yml
with this content:
name: Security Gate - Instriq
on:
push:
branches:
- main
pull_request:
branches:
- main
jobs:
build:
runs-on: ubuntu-latest
env:
MAX_CRITICAL: 1
MAX_HIGH: 2
MAX_MEDIUM: 3
MAX_LOW: 4
GITHUB_TOKEN: ${{ secrets.TOKEN }}
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Pull Docker image from GitHub Container Registry
run: docker pull ghcr.io/instriq/security-gate/security-gate:latest
- name: Verify security alerts from dependabot
run: |
docker run ghcr.io/instriq/security-gate/security-gate:latest \
-t $GITHUB_TOKEN \
-r ${{ github.repository }} \
--critical $MAX_CRITICAL \
--high $MAX_HIGH \
--medium $MAX_MEDIUM \
--low $MAX_LOW
If you want to use local
# Download
$ git clone https://github.com/instriq/security-gate && cd security-gate
# Install libs dependencies
$ sudo cpanm --installdeps .
# Basic usage
$ perl security-gate.pl --help
Security Gate v0.0.3
Core Commands
==============
Command Description
------- -----------
-t, --token GitHub token
-r, --repo GitHub repository
-c, --critical Critical severity limit
-h, --high High severity limit
-m, --medium Medium severity limit
-l, --low Low severity limit
Docker container
$ docker build -t security-gate .
$ docker run -ti --rm security-gate -t <GITHUB_TOKEN> -r <organization/repository> --critical 1 --high 2 --medium 3 --low 5
Contribution
Your contributions and suggestions are heartily ♥ welcome. See here the contribution guidelines. Please, report bugs via issues page and for security issues, see here the security policy. (✿ ◕‿◕)
License
This work is licensed under MIT License.