action.yaml

name: 'Qualys GitHub actions for Web Application Scanning'

description: 'This plugin allows DevOps teams to build application vulnerability scans into their existing CI/CD processes.'

branding:
  icon: 'shield'
  color: 'red'

inputs:
  QUALYS_USERNAME:
    description: "Qualys Username"
    required: true
  QUALYS_PASSWORD:
    description: "Qualys Password"
    required: true
  API_SERVER:
    description: "API Server URL"
    required: true
  SCAN_NAME:
    description: "Scan Name"
    required: true
  SCAN_TYPE:
    description: "Scan Type"
    required: true
  WEBAPP_ID:
    description: "Webapp ID"
    required: true
  AUTH_RECORD:
    description: "Authentication Record"
    required: false
  AUTH_RECORD_ID:
    description: "Authentication Record ID"
    required: false
  OPTION_PROFILE:
    description: "Option Profile"
    required: false
  OPTION_PROFILE_ID:
    description: "Option Profile ID"
    required: false
  CANCEL_OPTION:
    description: "Cancel Option"
    required: false
  CANCEL_HOURS:
    description: "Cancel Hours"
    required: false
  SEVERITY_CHECK:
    description: "Severity Check"
    required: false
  SEVERITY_LEVEL:
    description: "Severity Level"
    required: false
  EXCLUDE:
    description: "Exclude"
    required: false
  FAIL_ON_SCAN_ERROR:
    description: "Fail on Scan Error"
    required: false
  WAIT_FOR_RESULT:
    description: "Wait for Result"
    required: false
  INTERVAL:
    description: "Interval"
    required: false
  TIMEOUT:
    description: "Timeout"
    required: false

runs:
  using: composite
  steps:
    - name: Setting up GitHub Repository
      uses: actions/checkout@v3
      with:
        repository: Qualys/github-action-qwas
        ref: main
        path: ./
        
    - name: Setting up Maven Wrapper
      if: runner.os != 'Windows'
      run: chmod +x ./mvnw
      shell: bash
    
    - name: Setting up Java Environment
      uses: actions/setup-java@v3
      with:
        java-version: '17'
        distribution: 'oracle'
    
    - name: Caching Maven dependencies
      uses: actions/cache@v3
      with:
        path: ~/.m2/repository
        key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
        restore-keys: |
          ${{ runner.os }}-maven-
    
    - name: Building plugin with Maven
      run: ./mvnw clean package
      shell: bash
    
    - name: Storing Maven dependencies in cache
      uses: actions/cache@v3
      with:
        path: ~/.m2/repository
        key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
    
    - name: Spinning up Qualys WAS Scan Plugin
      run: java -jar target/GitHubActionsQWas-0.0.1-SNAPSHOT.jar
      id: run-app
      env:
        API_SERVER: ${{ inputs.API_SERVER }}
        QUALYS_USERNAME: ${{ inputs.QUALYS_USERNAME }}
        QUALYS_PASSWORD: ${{ inputs.QUALYS_PASSWORD }}
        WEBAPP_ID: ${{ inputs.WEBAPP_ID }}
        SCAN_NAME: ${{ inputs.SCAN_NAME }}
        SCAN_TYPE: ${{ inputs.SCAN_TYPE }}
        AUTH_RECORD: ${{ inputs.AUTH_RECORD }}
        AUTH_RECORD_ID: ${{ inputs.AUTH_RECORD_ID }}
        OPTION_PROFILE: ${{ inputs.OPTION_PROFILE }}
        OPTION_PROFILE_ID: ${{ inputs.OPTION_PROFILE_ID }}
        CANCEL_OPTION: ${{ inputs.CANCEL_OPTION }}
        CANCEL_HOURS: ${{ inputs.CANCEL_HOURS }}
        SEVERITY_CHECK: ${{ inputs.SEVERITY_CHECK }}
        SEVERITY_LEVEL: ${{ inputs.SEVERITY_LEVEL }}
        EXCLUDE: ${{ inputs.EXCLUDE }}
        FAIL_ON_SCAN_ERROR: ${{ inputs.FAIL_ON_SCAN_ERROR }}
        WAIT_FOR_RESULT: ${{ inputs.WAIT_FOR_RESULT }}
        INTERVAL: ${{ inputs.INTERVAL }}
        TIMEOUT: ${{ inputs.TIMEOUT }}
      continue-on-error: true
      shell: bash
    
    - name: Uploading Qualys WAS Scan Result
      uses: actions/upload-artifact@v3
      with:
        name: Qualys_WAS_Scan_Result
        path: ./outputs
    
    - name: Checking for Qualys WAS Scan Plugin Failure
      if: steps.run-app.outcome != 'success'
      run: exit 1
      shell: bash