Setup code analysis action

Author: Ben Sullivan

.github/workflows/main.yml

@@ -0,0 +1,20 @@
+name: Example Workflow Using SecureStack Action
+on: push
+jobs:
+  security:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repo for running code analysis within workflow
+        id: checkout
+        uses: actions/[email protected]
+        with:
+          fetch-depth: 0
+      - name: Code Analysis Step
+        id: code
+        uses: SecureStackCo/actions-code@main
+        with:
+          securestack_api_key: ${{ secrets.SECURESTACK_API_KEY_SECRET }}
+          securestack_app_id: 'a9ad205b-d519-4a95-833d-304b6e82be21'
+          severity: critical
+          language: node
+          flags: '--path . --debug'

README.md

@@ -1 +1,42 @@
-# actions-code
+# SecureStack GitHub Actions
+
+A GitHub Action to execute SecureStack application attack surface analysis an application.
+
+```
+name: Example Workflow Using SecureStack Action
+on: push
+jobs:
+  security:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repo for running code analysis within workflow
+        id: checkout
+        uses: actions/[email protected]
+        with:
+          fetch-depth: 0
+      - name: Code Analysis Step
+        id: code
+        uses: SecureStackCo/actions-code@main
+        with:
+          securestack_api_key: ${{ secrets.SECURESTACK_API_KEY_SECRET }}
+          securestack_app_id: 'a9ad205b-d519-4a95-833d-304b6e82be21'
+          severity: critical
+          language: node
+          flags: '--path . --debug'
+```
+
+## Getting your SecureStack API Key
+
+1. Log in to [SecureStack](https://app.securestack.com) and go to the Profile -> GENERATE KEY screen.
+2. Generate an API key and copy the value.
+3. Paste into the value of a secret called SECURESTACK_API_KEY_SECRET in the GitHub repo settings.
+
+## Getting your SecureStack Application ID
+
+1. Log in to [SecureStack](https://app.securestack.com).
+2. Open the application you wish to analyse.
+3. Copy the value of the application id on the View Application screen.
+4. Paste into the value of the `securestack_app_id` action input for the step using the SecureStack action in your workflow.
+
+
+Made with 💜 by SecureStack

action.yml

@@ -0,0 +1,32 @@
+name: 'SecureStack Code Analysis'
+description: 'Execute SecureStack Code Analysis'
+inputs:
+  securestack_api_key:
+    description: 'SecureStack API key - generate an API key at https://app.securestack.com'
+    required: true
+  securestack_app_id:
+    description: 'SecureStack Application ID - can be retrieved by accessing required application at https://app.securestack.com'
+    required: true
+  severity:
+    description: 'Severities lower than this value will be reported in the workflow console but will not cause an error for the action; value should be one of: critical | high | medium | low'
+    required: true
+  language:
+    description: 'Severities lower than this value will be reported in the workflow console but will not cause an error for the action; value should be one of: critical | high | medium | low'
+    required: true
+  flags:
+    description: 'Optional flags for the bloodhound-cli code command'
+    required: false
+    default: ''
+runs:
+  using: 'composite'
+  steps:
+    - name: Pull bloodhound-cli image
+      shell: bash
+      run: docker pull securestackau/bloodhound-cli
+    - name: Run bloodhound-cli
+      shell: bash
+      env:
+        BH_API_KEY: ${{ inputs.securestack_api_key }}
+        BH_APP_ID: ${{ inputs.securestack_app_id }}
+        BH_SEVERITY: ${{ inputs.severity }}
+      run: docker run -e BH_API_KEY -e BH_APP_ID -e BH_SEVERITY securestackau/bloodhound-cli code -t ${{ inputs.language }} ${{ inputs.flags }}; echo $?