/ghaction-virustotal

:octocat: GitHub Action to upload and scan files with VirusTotal

Primary LanguageTypeScriptMIT LicenseMIT

GitHub release GitHub marketplace CI workflow Test workflow Codecov
Become a sponsor Donate Paypal

About

GitHub Action to upload and scan files with VirusTotal.

If you are interested, check out my other :octocat: GitHub Actions!


Usage

Scan local files

This action can be used to scan local files with VirusTotal:

VirusTotal GitHub Action

name: build

on:
  pull_request:
  push:

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
        uses: actions/checkout@v3
      -
        name: Set up Go
        uses: actions/setup-go@v3
      -
        name: Build
        run: |
          GOOS=windows GOARCH=386 go build -o ./ghaction-virustotal-win32.exe -v -ldflags "-s -w"
          GOOS=windows GOARCH=amd64 go build -o ./ghaction-virustotal-win64.exe -v -ldflags "-s -w"
      -
        name: VirusTotal Scan
        uses: crazy-max/ghaction-virustotal@v3
        with:
          vt_api_key: ${{ secrets.VT_API_KEY }}
          files: |
            ./ghaction-virustotal-win32.exe
            ./ghaction-virustotal-win64.exe

Scan assets of a published release

You can also use this action to scan assets of a published release on GitHub when a release event is triggered:

name: released

on:
  release:
    types: [published]

jobs:
  virustotal:
    runs-on: ubuntu-latest
    steps:
      -
        name: VirusTotal Scan
        uses: crazy-max/ghaction-virustotal@v3
        with:
          vt_api_key: ${{ secrets.VT_API_KEY }}
          files: |
            .exe$

If you set update_release_body: true input, analysis link(s) will be appended to the release body and will look like this:

VirusTotal GitHub Action update release body

Scan through VirusTotal Monitor

To scan your assets through VirusTotal Monitor you can use the following workflow:

name: build

on:
  pull_request:
  push:

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
        uses: actions/checkout@v3
      -
        name: Set up Go
        uses: actions/setup-go@v3
      -
        name: Build
        run: |
          GOOS=windows GOARCH=386 go build -o ./ghaction-virustotal-win32.exe -v -ldflags "-s -w"
          GOOS=windows GOARCH=amd64 go build -o ./ghaction-virustotal-win64.exe -v -ldflags "-s -w"
      -
        name: VirusTotal Monitor Scan
        uses: crazy-max/ghaction-virustotal@v3
        with:
          vt_api_key: ${{ secrets.VT_API_KEY }}
          vt_monitor: true
          monitor_path: /ghaction-virustotal
          files: |
            ./ghaction-virustotal-*.exe

Customizing

inputs

Following inputs can be used as step.with keys

Name Type Default Description
vt_api_key String VirusTotal API key to upload assets (required)
files String Newline-delimited list of path globs/patterns for asset files to upload for analysis (required)
vt_monitor Bool false If enabled, files will be uploaded to VirusTotal Monitor endpoint
monitor_path¹ String / A path relative to current monitor user root folder to upload files
update_release_body² Bool false If enabled, analysis link(s) will be appended to the release body
github_token³ String GitHub Token used to create an authenticated client for GitHub API as provided by secrets
request_rate Number 0 API request-rate in requests/minute. Set to 4 or lower when using the standard free public API. 0 to disable rate-limit.

outputs

Following outputs are available

Name Type Description
analysis String Analysis results formatted as <filename>=<analysisURL> (comma separated)

Contributing

Want to contribute? Awesome! The most basic way to show your support is to star the project, or to raise issues. If you want to open a pull request, please read the contributing guidelines.

You can also support this project by becoming a sponsor on GitHub or by making a Paypal donation to ensure this journey continues indefinitely!

Thanks again for your support, it is much appreciated! 🙏

License

MIT. See LICENSE for more details.