Merge pull request #56 from cidersage/self_hosted_windows_agent

Add example workflows for running vuln_node_express in Azure Pipelines and CircleCI
kaakaww · Jun 15, 2023 · 0330176 · 0330176
2 parents b12e7fa + 81e570c
commit 0330176
Show file tree

Hide file tree

Showing 3 changed files with 67 additions and 0 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -0,0 +1,24 @@
+#Example configuration below for a machine executor workflow within CircleCI; see https://docs.stackhawk.com/continuous-integration/circleci.html
+version: 2.1
+orbs:
+  node: circleci/[email protected]
+jobs:
+  build-and-test:
+    machine: # executor type
+      image: ubuntu-2004:202010-01 
+    steps:
+      - checkout
+      - run:
+          command: |
+            echo 'export HAWK_VERSION=$(curl -o- https://api.stackhawk.com/hawkscan/version)' >> "$BASH_ENV"
+            echo 'export PATH="hawk-${HAWK_VERSION}:${PATH}"' >> "$BASH_ENV"
+      - run: curl -v https://download.stackhawk.com/hawk/cli/hawk-"${HAWK_VERSION}".zip -o hawk.zip
+      - run: unzip hawk.zip
+      - run: npm install
+      - run: nohup npm run start &
+      - run: hawk --api-key="${HAWK_API_KEY}" scan --env CIRCLE_SHA1="$CIRCLE_SHA1" --env CIRCLE_BRANCH="$CIRCLE_BRANCH" --debug stackhawk.yml
+
+workflows:
+  sample:
+    jobs:
+      - build-and-test
diff --git a/azure-pipelines.yml b/azure-pipelines.yml
@@ -0,0 +1,26 @@
+# Example YAML pipeline for running vuln_node_express within Azure Pipelines
+# This example uses a self-hosted agent, locally installed on a Windows system that also has Docker Desktop installed
+# Usage: 
+# -create self-hosted agent pool in Project Settings
+# -download/install/configure a Windows agent which is part of that pool
+# -clone the vuln_node_express repo locally
+# -substitute your user name for [User] below
+# adjust $Env:PATH section as needed to populate the docker executable into the path
+trigger:
+  - main
+pool:
+  name: self-hosted
+steps:
+  - powershell: |
+      cd C:\Users\[User]\projects\vuln_node_express
+      $Env:PATH = "C:\Program Files\Docker\Docker\resources\bin;$Env:PATH"
+      docker run --rm --publish 3000:3000 --detach --name nodeexpressvulny stackhawk/nodeexpressvulny
+  - task: HawkScanInstall@1
+    inputs:
+      version: latest
+  - task: RunHawkScan@1
+    inputs:
+      configFile: "stackhawk.yml"
+      version: "latest"
+    env:
+      HAWK_API_KEY: $(hawk_api_key)
diff --git a/stackhawk.yml b/stackhawk.yml
@@ -0,0 +1,17 @@
+app:
+  applicationId: ${APP_ID}
+  env: Development
+  host: http://localhost:3000
+  #see below for scanner retry behavior(optional); this allows the application to fully deploy before the scan starts
+  #see https://docs.stackhawk.com/hawkscan/configuration/#appwaitforapptarget
+  waitForAppTarget:
+    path: /
+    pollDelay: 1000
+    waitTimeoutMillis: 300000
+#Tag scans with branch and commit info(optional)
+#CircleCI example below; see https://docs.stackhawk.com/workflow-integrations/github-app/github-pr-checks.html for others
+tags:
+  - name: _STACKHAWK_GIT_COMMIT_SHA
+    value: ${CIRCLE_SHA1}
+  - name: _STACKHAWK_GIT_BRANCH
+    value: ${CIRCLE_BRANCH}