-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
4 changed files
with
89 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
.vscode |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
FROM ubuntu:jammy | ||
|
||
# Install dependencies | ||
RUN apt-get update && apt-get install -y \ | ||
curl \ | ||
libicu70 | ||
|
||
# Install opalopc http://opalopc.com/docs/get-started/install | ||
RUN curl -LO "https://dl.opalopc.com/release/$(curl -L -s https://dl.opalopc.com/release/stable.txt)/bin/linux/amd64/opalopc" \ | ||
&& install -o root -g root -m 0755 opalopc /usr/local/bin/opalopc |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1,50 @@ | ||
# opalopc-scan-action | ||
# OpalOPC Scan Action | ||
|
||
This action runs a OpalOPC vulnerability scan against a target server. On completion, an HTML and a SARIF report is generated containing information about the vulnerabilities found, where | ||
they were located, additional information about the vulnerability and links to our learning resources with suggestions on how to fix them. | ||
|
||
## About OpalOPC | ||
|
||
- [OpalOPC](https://opalopc.com/) is a OPC UA security scanner. | ||
- It is designed to be run manually by security testers, or via a CI/CD pipeline by developers | ||
- It checks your OPC UA server for [various security issues](https://opalopc.com/docs/category/plugins) that are likely to interest you during software development, as well as attackers during a cyberattack. | ||
|
||
For full documentation on using OpalOPC, please consult the [Documentation](https://opalopc.com/docs/). | ||
|
||
## Inputs | ||
|
||
## `target-url` | ||
|
||
**Required** The full URL (including scheme) of the server to scan. | ||
|
||
## `license-key` | ||
|
||
**Required** OpalOPC license key. | ||
|
||
## `output-base-filename` | ||
|
||
**Optional** The base filename used for the scan report. This will be stored in the GITHUB_WORKSPACE (/github/workspace) directory. The resulting reports have suffixes `.html` and `.sarif`. | ||
|
||
**Default** `opalopc-report` | ||
|
||
## Examples | ||
|
||
Below are some examples of how to use the action by running a OpalOPC scan against our very own [Practice target](https://opalopc.com/docs/get-started/test-drive) site. This is a deliberately | ||
vulnerable OPC UA server setup for testing vulnerability scanners. | ||
|
||
## Basic Usage | ||
|
||
```yaml | ||
steps: | ||
- name: Run OpalOPC Action Step | ||
uses: Molemmat-Oy/opalopc-scan-action@main | ||
with: | ||
target-url: 'opc.tcp://scanme.opalopc.com:53530' | ||
license-key: ${{ secrets.opalopc-license-key }} | ||
``` | ||
## Suggested Usage | ||
OpalOPC produces an HTML and a SARIF report of the scan on completion. This report will only include vulnerability details if vulnerabilities were found by the scanner. | ||
By default, this action will not fail a workflow build even if vulnerabilities are found. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
name: 'OpalOPC Scan Action' | ||
description: 'Runs a OpalOPC scan against a target site' | ||
author: 'Molemmat Oy' | ||
inputs: | ||
target: | ||
description: 'The full url (including scheme) of the server to scan' | ||
required: true | ||
license-key: | ||
description: 'OpalOPC license key' | ||
required: true | ||
output-base-filename: | ||
description: 'The base filename used for the scan report. This filepath relates to the opalopc container, and will exist in the github workspace (/github/workspace)' | ||
required: false | ||
default: opalopc-report | ||
runs: | ||
using: 'docker' | ||
image: 'Dockerfile' | ||
entrypoint: 'sh -c' | ||
env: | ||
OPALOPC_LICENSE_KEY: ${{ inputs.license-key }} | ||
args: | ||
- opalopc | ||
- -vv | ||
- ${{ inputs.target }} | ||
- -o ${{ inputs.output-base-filename }} | ||
branding: | ||
icon: 'activity' | ||
color: 'blue' |