Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
StackHawk and Harness
#Docker Compose Install
sudo curl -L "https://github.com/docker/compose/releases/download/1.29.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose
sudo ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
docker-compose --version
sudo docker-compose up --build --detach
#Install Docker
https://docs.docker.com/engine/install/centos/
sudo yum install -y yum-utils
sudo yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo
sudo yum install docker-ce docker-ce-cli containerd.io
sudo systemctl start docker
#Change Folder
cd ~/stackhawk-scans
#Parse Results
export TotalHighViolations=$(grep -i '\<Risk' scanresults.txt | grep -c -i 'High')
echo "Total High Violations: " $TotalHighViolations
#Deployment Logic
#Exit if High Violations Match
if [[ $TotalHighViolations -gt 0 ]] ; then
echo "High Violations Preventing Deployment"
exit 1
else
echo "Moving Forward with Deployment"
exit 0
fi
#Make DIR and CD
mkdir -p ~/stackhawk-scans
cd ~/stackhawk-scans
#Docker Run if Needed
sudo docker run --rm --publish 3000:3000 --name nodeexpressvulny rlachhman/demos:stackHawk
#Create StackHawk.yaml
cat > stackhawk.yml << 'EOF'
# stackhawk configuration for Node App
app:
# An applicationId obtained from the StackHawk platform.
applicationId: ${workflow.variables.stackhawkappid} # (required)
# The environment for the applicationId defined in the StackHawk platform.
env: Production # (required)
# The url of your application to scan
host: ${workflow.variables.stackhawkhost} # (required)
EOF
#Run Scan
sudo docker run --rm -v $(pwd):/hawk:rw -e API_KEY=${secrets.getValue("stackhawkapikey")} -i stackhawk/hawkscan:latest stackhawk.yml 2>&1 | tee scanresults.txt
#Install SSH Delegate
tar xfvz harness*.tar.gz
cd harness-delegate
./start.sh
#Get Files
sudo yum install unzip
wget https://github.com/ravilach/vuln_node_express/archive/refs/heads/main.zip
unzip main.zip
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment