You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Adds a new GitHub Actions workflow to run a NeuraLegion (Nexploit) DAST security scan on pushes, pull requests, and a weekly cron schedule against a specified target URL using a NeuraLegion API token secret.
Sequence diagram for NeuraLegion DAST scan workflow execution
sequenceDiagram
actor Developer
participant GitHubRepo
participant GitHubActions
participant Workflow_neuralegion
participant Job_neuralegion_scan
participant Action_checkout
participant Action_run_scan
participant Nexploit_API
participant Target_Application
Developer->>GitHubRepo: Push or open pull request to master
GitHubRepo->>GitHubActions: Emit push/pull_request event
GitHubActions->>Workflow_neuralegion: Trigger workflow neuralegion.yml
Workflow_neuralegion->>Job_neuralegion_scan: Start job on ubuntu-18.04
Job_neuralegion_scan->>Action_checkout: Run actions/checkout@v4
Action_checkout-->>Job_neuralegion_scan: Repository code checked out
Job_neuralegion_scan->>Action_run_scan: Run NeuraLegion/run-scan with NEURALEGION_TOKEN
Action_run_scan->>Nexploit_API: Authenticate using api_token
Action_run_scan->>Nexploit_API: Request new scan with discovery_types=crawler and crawler_urls
Nexploit_API-->>Action_run_scan: Respond with scan id and url
Nexploit_API->>Target_Application: Perform DAST scan via crawler
Target_Application-->>Nexploit_API: Application responses during scan
Nexploit_API-->>Action_run_scan: Update scan status and findings
Action_run_scan-->>Job_neuralegion_scan: Expose outputs url, id
Job_neuralegion_scan-->>GitHubActions: Job completes with scan metadata
GitHubActions-->>Developer: Workflow run visible with scan outputs
Loading
File-Level Changes
Change
Details
Files
Introduce a NeuraLegion/Nexploit DAST GitHub Actions workflow that runs on master pushes, pull requests, and a weekly cron schedule.
Create a new workflow definition named "NeuraLegion" under .github/workflows.
Configure triggers for push and pull_request events on the master branch plus a scheduled cron run.
Define a neuralegion_scan job running on ubuntu-18.04 that checks out the repo and invokes the NeuraLegion/run-scan GitHub Action.
Pass the NEURALEGION_TOKEN secret as api_token and configure a crawler-based discovery scan against https://brokencrystals.com with the scan name including the Git commit SHA.
.github/workflows/neuralegion.yml
Tips and commands
Interacting with Sourcery
Trigger a new review: Comment @sourcery-ai review on the pull request.
Continue discussions: Reply directly to Sourcery's review comments.
Generate a GitHub issue from a review comment: Ask Sourcery to create an
issue from a review comment by replying to it. You can also reply to a
review comment with @sourcery-ai issue to create an issue from it.
Generate a pull request title: Write @sourcery-ai anywhere in the pull
request title to generate a title at any time. You can also comment @sourcery-ai title on the pull request to (re-)generate the title at any time.
Generate a pull request summary: Write @sourcery-ai summary anywhere in
the pull request body to generate a PR summary at any time exactly where you
want it. You can also comment @sourcery-ai summary on the pull request to
(re-)generate the summary at any time.
Generate reviewer's guide: Comment @sourcery-ai guide on the pull
request to (re-)generate the reviewer's guide at any time.
Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
pull request to resolve all Sourcery comments. Useful if you've already
addressed all the comments and don't want to see them anymore.
Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
request to dismiss all existing Sourcery reviews. Especially useful if you
want to start fresh with a new review - don't forget to comment @sourcery-ai review to trigger a new review!
Reviewer's Guide
Adds a new GitHub Actions workflow to run a NeuraLegion (Nexploit) DAST security scan on pushes, pull requests, and a weekly cron schedule against a specified target URL using a NeuraLegion API token secret.
Sequence diagram for NeuraLegion DAST scan workflow execution
sequenceDiagram actor Developer participant GitHubRepo participant GitHubActions participant Workflow_neuralegion participant Job_neuralegion_scan participant Action_checkout participant Action_run_scan participant Nexploit_API participant Target_Application Developer->>GitHubRepo: Push or open pull request to master GitHubRepo->>GitHubActions: Emit push/pull_request event GitHubActions->>Workflow_neuralegion: Trigger workflow neuralegion.yml Workflow_neuralegion->>Job_neuralegion_scan: Start job on ubuntu-18.04 Job_neuralegion_scan->>Action_checkout: Run actions/checkout@v4 Action_checkout-->>Job_neuralegion_scan: Repository code checked out Job_neuralegion_scan->>Action_run_scan: Run NeuraLegion/run-scan with NEURALEGION_TOKEN Action_run_scan->>Nexploit_API: Authenticate using api_token Action_run_scan->>Nexploit_API: Request new scan with discovery_types=crawler and crawler_urls Nexploit_API-->>Action_run_scan: Respond with scan id and url Nexploit_API->>Target_Application: Perform DAST scan via crawler Target_Application-->>Nexploit_API: Application responses during scan Nexploit_API-->>Action_run_scan: Update scan status and findings Action_run_scan-->>Job_neuralegion_scan: Expose outputs url, id Job_neuralegion_scan-->>GitHubActions: Job completes with scan metadata GitHubActions-->>Developer: Workflow run visible with scan outputsFile-Level Changes
.github/workflows/neuralegion.ymlTips and commands
Interacting with Sourcery
@sourcery-ai reviewon the pull request.issue from a review comment by replying to it. You can also reply to a
review comment with
@sourcery-ai issueto create an issue from it.@sourcery-aianywhere in the pullrequest title to generate a title at any time. You can also comment
@sourcery-ai titleon the pull request to (re-)generate the title at any time.@sourcery-ai summaryanywhere inthe pull request body to generate a PR summary at any time exactly where you
want it. You can also comment
@sourcery-ai summaryon the pull request to(re-)generate the summary at any time.
@sourcery-ai guideon the pullrequest to (re-)generate the reviewer's guide at any time.
@sourcery-ai resolveon thepull request to resolve all Sourcery comments. Useful if you've already
addressed all the comments and don't want to see them anymore.
@sourcery-ai dismisson the pullrequest to dismiss all existing Sourcery reviews. Especially useful if you
want to start fresh with a new review - don't forget to comment
@sourcery-ai reviewto trigger a new review!Customizing Your Experience
Access your dashboard to:
summary, the reviewer's guide, and others.
Getting Help
Originally posted by @sourcery-ai[bot] in #297 (comment)