maintenance for this repository has ceased
Use AWS Lambda to regularly scan your repos for vulnerabilities
To deploy this, you will need to provide the following environment variables:
AWS_ACCESS_KEY_IDAWS_SECRET_ACCESS_KEYGITHUB_TOKENRESULTS_S3_BUCKET_PREFIX
In addition, you will need to provide EITHER...
GITHUB_ORG
... (to scan a GitHub organization) AND/OR...
BITBUCKET_USERNAMEBITBUCKET_APP_PASSWORDBITBUCKET_WORKSPACE
... (to scan a Bitbucket workspace).
If you also want to check the PHP versions used in the repos' Dockerfiles
(such as for use of End-Of-Life versions of PHP), also provide...
VERSIONS_CSV_URL
For details on what that CSV file needs to contain, see https://github.com/silinternational/vulnerability-scanner#checking-programming-language-versions
A CSV file of the results of the scan will be uploaded to an Amazon S3 bucket named using this template:
`${RESULTS_S3_BUCKET_PREFIX}-${STAGE}`
For example, if you use RESULTS_S3_BUCKET_PREFIX=scan-results and deploy a
production copy of this, the bucket will be named scan-results-prod.
The /terraform directory contains Terraform configuration to create an AWS IAM
user for Serverless deployment. If you prefer to create the user manually,
the /templates/iam-role-for-ci-cd.json file contains a template for what your
AWS IAM user's permission policy will probably need to be in order to
successfully deploy (serverless deploy) or remove (serverless remove) this
serverless application.
HOWEVER, you will need to replace every occurrence of
{RESULTS_S3_BUCKET_PREFIX} in that JSON file with the actual value you used
for that environment variable. After you do that replacement, you should be able
to create an AWS IAM user, add a custom policy to that user (using that JSON you
just assembled), and use that user's AWS key/secret as the values for the
AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY on your CI/CD platform.