Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
StackHawk and Harness
#Docker Compose Install
sudo curl -L "$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose
sudo ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
docker-compose --version
sudo docker-compose up --build --detach
#Install Docker
sudo yum install -y yum-utils
sudo yum-config-manager \
--add-repo \
sudo yum install docker-ce docker-ce-cli
sudo systemctl start docker
#Change Folder
cd ~/stackhawk-scans
#Parse Results
export TotalHighViolations=$(grep -i '\<Risk' scanresults.txt | grep -c -i 'High')
echo "Total High Violations: " $TotalHighViolations
#Deployment Logic
#Exit if High Violations Match
if [[ $TotalHighViolations -gt 0 ]] ; then
echo "High Violations Preventing Deployment"
exit 1
echo "Moving Forward with Deployment"
exit 0
#Make DIR and CD
mkdir -p ~/stackhawk-scans
cd ~/stackhawk-scans
#Docker Run if Needed
sudo docker run --rm --publish 3000:3000 --name nodeexpressvulny rlachhman/demos:stackHawk
#Create StackHawk.yaml
cat > stackhawk.yml << 'EOF'
# stackhawk configuration for Node App
# An applicationId obtained from the StackHawk platform.
applicationId: ${workflow.variables.stackhawkappid} # (required)
# The environment for the applicationId defined in the StackHawk platform.
env: Production # (required)
# The url of your application to scan
host: ${workflow.variables.stackhawkhost} # (required)
#Run Scan
sudo docker run --rm -v $(pwd):/hawk:rw -e API_KEY=${secrets.getValue("stackhawkapikey")} -i stackhawk/hawkscan:latest stackhawk.yml 2>&1 | tee scanresults.txt
#Install SSH Delegate
tar xfvz harness*.tar.gz
cd harness-delegate
#Get Files
sudo yum install unzip
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment