Adding Reversing Labs Scanner

kishore7snehil · kishore7snehil · commit 3462ec05500e · 2024-10-22T16:23:50.000+05:30
diff --git a/.github/workflows/rl-scanner.yml b/.github/workflows/rl-scanner.yml
@@ -0,0 +1,91 @@
+name: RL-Secure
+run-name: rl-scanner
+
+on:
+  merge_group:
+  workflow_dispatch:
+  push:
+    branches: ["main"]
+  pull_request:
+    types:
+      - opened
+      - synchronize
+
+jobs:
+  rl-scanner:
+    if: github.event_name == 'workflow_dispatch' || (github.event_name == 'pull_request')
+    runs-on: ubuntu-latest
+
+    environment: security
+
+    permissions:
+      pull-requests: write
+      id-token: write # This is required for requesting the JWT
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.pull_request.head.sha || github.sha || github.ref }}
+
+      - name: Setup PHP
+        uses: shivammathur/setup-php@4bd44f22a98a19e0950cbad5f31095157cc9621b # pin@2.25.4
+        with:
+          php-version: 8.1
+
+      - name: Install dependencies
+        shell: bash
+        run: |
+          composer install --prefer-dist
+
+      - name: Build PHP Package
+        shell: bash
+        run: |
+          zip -r auth0-php-package.zip src composer.json README.md LICENSE.txt
+
+      - name: Get Artifact Version
+        id: get_version
+        run: |
+          version=$(cat .version)
+          echo "version=$version" >> $GITHUB_OUTPUT
+
+      - name: Output build artifact
+        id: output_build_artifact
+        run: |
+          echo "scanfile=$(ls auth0-php-package.zip)" >> $GITHUB_OUTPUT
+
+      - name: Set up Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: "3.10"
+
+      - name: Install Python dependencies
+        run: |
+          pip install --upgrade pip
+          pip install boto3 requests
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          role-to-assume: ${{ secrets.PRODSEC_TOOLS_ARN }}
+          aws-region: us-east-1
+          mask-aws-account-id: true
+
+      - name: Run Reversing Labs Wrapper Scanner
+        env:
+          RLSECURE_LICENSE: ${{ secrets.RLSECURE_LICENSE }}
+          RLSECURE_SITE_KEY: ${{ secrets.RLSECURE_SITE_KEY }}
+          SIGNAL_HANDLER_TOKEN: ${{ secrets.SIGNAL_HANDLER_TOKEN }}
+          WRAPPER_INDEX_URL: "https://${{ secrets.PRODSEC_TOOLS_USER }}:${{ secrets.PRODSEC_TOOLS_TOKEN }}@a0us.jfrog.io/artifactory/api/pypi/python-local/simple"
+          PYTHONUNBUFFERED: 1
+        run: |
+          pip install rl-wrapper --index-url "$WRAPPER_INDEX_URL" && \
+          rl-wrapper \
+            --artifact "${{ steps.output_build_artifact.outputs.scanfile }}" \
+            --version "${{ steps.get_version.outputs.version }}" \
+            --name "${{ github.event.repository.name }}" \
+            --repository "${{ github.repository }}" \
+            --commit "${{ github.sha }}" \
+            --build-env "github_actions" \
+            --suppress_output
+        continue-on-error: true
