-
Notifications
You must be signed in to change notification settings - Fork 1
122 lines (100 loc) · 4.26 KB
/
sync-nuclei-templates.yml
File metadata and controls
122 lines (100 loc) · 4.26 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
name: 🔄 Sync Nuclei CVE Templates
permissions:
contents: write
pull-requests: write
id-token: write
on:
schedule:
# Run every Monday at 9:00 AM UTC
- cron: '0 9 * * 1'
workflow_dispatch: # Allow manual trigger
jobs:
sync-templates:
name: Sync Nuclei CVE Templates
runs-on: ubuntu-latest
permissions:
contents: write
pull-requests: write
id-token: write
steps:
- name: Checkout webscan repository
uses: actions/checkout@v4
with:
token: ${{ secrets.GITHUB_TOKEN }}
fetch-depth: 0
- uses: tibdex/github-app-token@v1
id: generate-token
with:
app_id: ${{ secrets.APP_ID }}
private_key: ${{ secrets.APP_PRIVATE_KEY }}
- name: Clone nuclei-templates repository
run: |
git clone --depth 1 https://github.com/projectdiscovery/nuclei-templates.git /tmp/nuclei-templates
- name: Sync CVE templates
id: sync_templates
run: |
TARGET_DIR="utils/nuclei/templates/pentest/scan/cve"
SOURCE_DIR="/tmp/nuclei-templates/http/cves"
# Check if source directory exists
if [ ! -d "${SOURCE_DIR}" ]; then
echo "Error: Source directory ${SOURCE_DIR} does not exist in nuclei-templates repo"
exit 1
fi
# Remove existing templates in the target directory
rm -rf ${TARGET_DIR}/*
# Copy all CVE templates from nuclei-templates repo
cp -r ${SOURCE_DIR}/* ${TARGET_DIR}/
# Count the number of templates synced (all years)
TEMPLATE_COUNT=$(find ${TARGET_DIR} -type f -name "*.yaml" | wc -l)
# Count templates by year for reporting
YEAR_COUNTS=""
for year_dir in ${TARGET_DIR}/*/; do
if [ -d "$year_dir" ]; then
year=$(basename "$year_dir")
count=$(find "$year_dir" -type f -name "*.yaml" | wc -l)
YEAR_COUNTS="${YEAR_COUNTS}- ${year}: ${count} templates\n"
fi
done
echo "Synced ${TEMPLATE_COUNT} total CVE templates across all years"
echo "template_count=${TEMPLATE_COUNT}" >> $GITHUB_OUTPUT
echo "year_counts<<EOF" >> $GITHUB_OUTPUT
echo -e "${YEAR_COUNTS}" >> $GITHUB_OUTPUT
echo "EOF" >> $GITHUB_OUTPUT
- name: Check for changes
id: check_changes
run: |
git diff --quiet utils/nuclei/templates/pentest/scan/cve/ || echo "changes=true" >> $GITHUB_OUTPUT
- name: Create Pull Request
if: steps.check_changes.outputs.changes == 'true'
uses: peter-evans/create-pull-request@v6
with:
token: ${{ steps.generate-token.outputs.token }}
commit-message: |
Weekly sync for CVEs
Synced all CVE templates from projectdiscovery/nuclei-templates
Total templates: ${{ steps.sync_templates.outputs.template_count }}
branch: automated/sync-nuclei-cve-templates
delete-branch: true
title: 'Weekly Nuclei CVE Template Sync'
body: |
## Nuclei CVE Template Sync
This PR automatically syncs the latest CVE templates (all years) from the [projectdiscovery/nuclei-templates](https://github.com/projectdiscovery/nuclei-templates) repository.
### Changes
- **Total templates synced:** ${{ steps.sync_templates.outputs.template_count }}
- **Source:** https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves
- **Target:** `utils/nuclei/templates/pentest/scan/cve/`
### Templates by Year
${{ steps.sync_templates.outputs.year_counts }}
### Review Checklist
- [ ] Review new/updated CVE templates for relevance
- [ ] Verify template syntax is valid
- [ ] Ensure no sensitive data in templates
### Notes
This sync includes all CVE years to capture updates to older CVEs when new POCs become available.
---
*This PR was automatically generated by the [sync-nuclei-templates](.github/workflows/sync-nuclei-templates.yml) workflow*
labels: |
automated
nuclei-templates
dependencies
assignees: seanhacker