Skip to content

CVE Update

CVE Update #119785

Workflow file for this run

# Github Action for updates to this repository
name: CVE Update
on:
# run every 5~10 minutes (min Github scheduling allowed)
# note this may not complete when the hourly "CVE Release" workflow starts,
# so that the updates in this task may not be reflected
# in the CVE Release artifacts running in a separate workflow
# note also that if this job runs longer than 5 minutes,
# the next job will run 5 minutes after this completes
schedule:
- cron: '*/5 * * * *'
# Enables manual runs of this workflow from the Actions tab
workflow_dispatch:
inputs:
# logLevel:
# description: 'Log level'
# required: false
# default: 'debug'
params:
description: 'command line arguments to update'
required: false
default: ''
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
jobs:
update-cves:
environment: deployment
runs-on: ubuntu-latest
env:
CVE_SERVICES_URL: https://cveawg.mitre.org
CVE_SERVICES_RECORDS_PER_PAGE: 500
CVE_ORG_URL: https://www.cve.org
CVES_BASE_DIRECTORY: cves
CVES_RECENT_ACTIVITIES_FILENAME: recent_activities.json
CVES_DEFAULT_UPDATE_LOOKBACK_IN_MINS: 180
CVES_DEFAULT_DELTA_LOG_HISTORY_IN_DAYS: 30
CVE_API_ORG: ${{secrets.CVE_API_ORG}}
CVE_API_USER: ${{secrets.CVE_API_USER}}
CVE_API_KEY: ${{secrets.CVE_API_KEY}}
steps:
- name: Checkout repository
uses: actions/checkout@v3
with:
fetch-depth: 1
- name: Setup Node to specific version
uses: actions/setup-node@v3
with:
node-version: 18
- name: Update CVEs
run: |
export TEMP_TIMESTAMP=$(date '+%Y-%m-%d_%H%M_UTC')
echo "out=$TEMP_TIMESTAMP" >> $GITHUB_OUTPUT
git pull
git config --global user.email "github_action@example.com"
git config --global user.name "cvelistV5 Github Action"
git remote set-url origin https://${GITHUB_TOKEN}@github.com/${{github.repository}}.git
export PREV_TS=$(jq -c -r .[2].fetchTime < $CVES_BASE_DIRECTORY/deltaLog.json)
node ./.github/workflows/dist/index.js update ${{ github.event.inputs.params }} --start=$PREV_TS
git push
# - name: output
# uses: actions/github-script@v6
# with:
# script: |
# core.notice("this is a notice")