Home / Python / Deep Learning

A GitHub Action that scans your public web applications after every deployment. Add this to your dev, staging and prod steps and SecureStack will make sure that what you've just deployed is secure and meets your requirements.

SecureStack Web Vulnerability Analysis GitHub Action A GitHub Action that analyses your web application for security and availability issues. When you
Information
Category: Python / Deep Learning
Watchers: 4
Star: 8
Fork: 1
Last update: Dec 7, 2021
Resource links
https://github.com/SecureStackCo/actions-exposure

SecureStack Web Vulnerability Analysis GitHub Action

A GitHub Action that analyses your web application for security and availability issues. When you add this to GitHub Actions we will analyze your web app everytime you deploy to a public endpoint and let you know if what you've just deployed is secure and meets your requirements. See below for what types of issues this action scans for.

name: Example Workflow Using SecureStack Web Vulnerability Exposure Action
on: push
jobs:
  security:
    runs-on: ubuntu-latest
    steps:
      - name: Web Vulnerability Exposure Analysis Step
        id: exposure
        uses: SecureStackCo/[email protected]
        with:
          securestack_api_key: ${{ secrets.SECURESTACK_API_KEY_SECRET }}
          securestack_app_id: <put your application id here>
          severity: critical
          flags: '--dom -r'

NOTE - to understand possible values for the action input flags, run the SecureStack cli locally:

$ bloodhound-cli recon --help

Create your SecureStack API Key and save as GitHub Secret

  1. Log in to SecureStack and go to the Profile -> GENERATE KEY screen.
  2. Generate an API key and copy the value.
  3. Go to Settings for your GitHub repository and click on Secrets at the bottom left.
  4. Create a new secret named SECURESTACK_API_KEY_SECRET and paste the value from step 2 into the field.

Retreiving your SecureStack Application ID

  1. Log in to SecureStack.
  2. Open the application you wish to analyse.
  3. Copy the value of the application id on the View Application screen.
  4. Paste into the value of the securestack_app_id action input for the step using the SecureStack action in your workflow.

What vulnerabilities do we find?

  1. Scans web application for out of date and vulnerable applicaiton components
  2. Identifies whether basic security controls like WAF, firewalls, and security headers are being used
  3. Finds all public facing assets & helps you understand your application attack surface
  4. Identifies misconfigurations in existing WAF or CDN
  5. Identifies if app is using CSP or security headers and whether they're working
  6. Finds WAF bypass attacks for Akamai, Cloudflare & Imperva

Made with 💜 by SecureStack

v0.1.3(Feb 14, 2022)

Full Changelog: https://github.com/SecureStackCo/actions-exposure/compare/v0.1.2...v0.1.3

v0.1.2(Dec 3, 2021)

This GitHub Action scans your public-facing web application for API keys, secrets, cloud misconfigurations, and vulnerabilities in the application itself. This analysis is best run AFTER you have deployed to your new test, staging or prod public endpoint. With each iteration of this analysis, you will gain insight into the state of the application and SecureStack will let you know if you just deployed something that isn't secure!

Full Changelog: https://github.com/SecureStackCo/actions-exposure/commits/v0.1.2

v0.1.1(Dec 3, 2021)

v0.1.0(Dec 3, 2021)

Contents

    SecureStackCo SecureStack Application Composition Analysis GitHub Action
    lede-project Mirror of https://git.lede-project.org/?p=source.git Please send your PRs against this tree. They will be merged via staging trees and appear in this tree once the staging trees get merged back into source.git
    similarweb Kubernetes deployment visibility like a pro
    abdulrahmanabdulazeez Port-Fin(port finder) is a tool which scans for open and closed port on a website/host. This tool scans the state of the well known/common ports.
    jessfraz A GitHub action to automatically delete the branch after a pull request has been merged.
    pwshMgr Microsoft Deployment Toolkit Auto-Deployment PowerShell script
    SunYanCN BANDïžšBERT Application aNd Deployment, A simple and efficient BERT model training and deployment framework.
    huseinzol05 Gathers scalable tensorflow and infrastructure deployment
    pratik-276 This repository contains Machine Learning projects that involve the steps starting from data collection to deployment
    kittupriyatham This is a machine learning model deployment project of Iris classification model in a minimal UI using flask web framework and deployed it in Azure cloud using Azure app service. We initially made this project as a requirement for an internship at Indian Servers. We are now making it open to contribution.
    ahmadawais DevOps free Continuous-Deployment pipeline for WordPress plugins with GitHub Actions
    zhenyingfang Temporal Action Detection & Weakly Supervised Temporal Action Detection & Temporal Action Proposal Generation
    bitcoin Bitcoin Core integration/staging tree
    unipiazza An Android library that helps you to make a cool two steps login in Material Design way. Such as Google web login.
    derailed 👀 A Kubernetes cluster resource sanitizer
    dscottboggs Perform an action every so often (in Crystal code)
    chmike Fast, secure and efficient secure cookie encoder/decoder
    poppinss A simple UI only module to display animated steps on terminal. We all âĪïļ emojis
    oasis-sh 🏆 Discuss and Discover. The newest home for developers.
    thomasvm Powershell-based deployment solution for .net web applications
    vn7n24fzkq A tool to generate you github summary card for profile README
    Share this repo

    Related Repos


    Deep Learning
    837
    An implementation of chunked, compressed, N-dimensional arrays for Python.
    zarr-developers Zarr Latest Release Package Status License Build Status Coverage Downloads Gitter Citation What is it? Zarr is a Python package providing an implement
     
    Deep Learning
    317
    Serverless proxy for Spark cluster
    Hydrospheredata Hydrosphere Mist Hydrosphere Mist is a serverless proxy for Spark cluster. Mist provides a new functional programming framework and deployment model f
     
    Deep Learning
    2.5k
    Distributed Tensorflow, Keras and PyTorch on Apache Spark/Flink & Ray
    intel-analytics Distributed TensorFlow, PyTorch, Keras and BigDL on Apache Spark & Ray Analytics Zoo is an open source Big Data AI platform, and includes the followin
     
    Deep Learning
    10
    Black-Scholes StarkNet Library
    araghava Cairo Black-Scholes Library Black-Scholes library implemented as a Cairo smart contract. All inputs, outputs, and internal calculations use 27-digit f
     
    Deep Learning
    5
    Motoko library to help create an append-only logger actor
    ninegua IC Logger This motoko library provides a module to help create an append-only logger actor. Usage You can use this library with the vessel package man
     
    Deep Learning
    4
    LeetCode_Solution
    ashishpatel26 LeetCode_Solution LeetCode: https://leetcode.com/problemset/all/ # Title Difficulty Colab Code 1 Two Sum Easy 2 Add Two Numbers Medium 3 Longest Subst
     
    Deep Learning
    4
    OCR-D wrapper for detectron2 based segmentation models
    bertsky ocrd_detectron2 OCR-D wrapper for detectron2 based segmentation models Introduction Installation Usage OCR-D processor interface ocrd-detectron2-segm
     
    Deep Learning
    134
    Check for LDAP protections regarding the relay of NTLM authentication
    zyn3rgy LDAP Relay Scan A tool to check Domain Controllers for LDAP server protections regarding the relay of NTLM authentication. If you're interested in the
     
    Deep Learning
    66
    Fuzzware's main repository. Start here to install.
    fuzzware-fuzzer Fuzzware Fuzzware is a project for automated, self-configuring fuzzing of firmware images. The idea of this project is to configure the memory ranges
     
    Deep Learning
    35
    Time Weighted Asset Mints
    abigger87 TWAM â€Ē Time Weighted Asset Mints A minting harness enabling time-weighted assets to determine minting prices. How it works Requirements: maxMintingAmo
     
    Deep Learning
    33
    A complete, self-contained example for training ImageNet at state-of-the-art speed with FF...
    libffcv ffcv ImageNet Training A minimal, single-file PyTorch ImageNet training script designed for hackability. Run train_imagenet.py to get... ...high accur
     
    Deep Learning
    33
    āđ€āļ­āļāļŠāļēāļĢāļ›āļĢāļ°āļāļ­āļšāļāļēāļĢāļŠāļ­āļ™āļ—āļļāļāđ€āļ™āļ·āđ‰āļ­āļŦāļēāđƒāļ™āļŠāđˆāļ­āļ‡āļĒāļđāļ—āļđāļ› KongRuksiam Official
    kongruksiamza 📖 āđ€āļ­āļāļŠāļēāļĢāļ›āļĢāļ°āļāļ­āļšāļāļēāļĢāļŠāļ­āļ™ (PDF) 🔏 Blockchain & Smart Contract Blockchain āđ€āļšāļ·āđ‰āļ­āļ‡āļ•āđ‰āļ™ Smart Contract & Solidity āđ€āļšāļ·āđ‰āļ­āļ‡āļ•āđ‰āļ™ ðŸ’ŧ Programming āđ€āļ‚āļĩāļĒāļ™āđ‚āļ›āļĢāđāļāļĢāļĄāļ āļēāļĐāļē Ja
     
    Deep Learning
    34
    Omnivore A Single Model for Many Visual Modalities
    facebookresearch Omnivore: A Single Model for Many Visual Modalities [paper][website] OMNIVORE is a single vision model for many different visual modalities. It learns
     
    Deep Learning
    30
    Python implementation of the Lox language from Robert Nystrom's Crafting Interpreters
    dabeaz pylox Python implementation of the Lox language from Robert Nystrom's Crafting Interpreters. https://craftinginterpreters.com. This only implements th
     
    Deep Learning
    29
    ParaGen is a PyTorch deep learning framework for parallel sequence generation.
    bytedance ParaGen ParaGen is a PyTorch deep learning framework for parallel sequence generation. Apart from sequence generation, ParaGen also enhances various N