From 1c1a33b16b929901d9564f23af9d8c80d8fec304 Mon Sep 17 00:00:00 2001 From: tw-brightsec <121874204+tw-brightsec@users.noreply.github.com> Date: Mon, 13 May 2024 11:07:20 +0400 Subject: [PATCH 1/8] Update README.md --- README.md | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/README.md b/README.md index 3a482ad..1809810 100644 --- a/README.md +++ b/README.md @@ -8,7 +8,7 @@ This action runs a new security scan in Bright, or reruns an existing one. ### Automatically Tests Every Aspect of Your Apps & APIs -Scans any target, whether Web Apps, APIs (REST. & SOAP, GraphQL & more), Web sockets or mobile, providing actionable reports +Scans any target, whether Web Apps, APIs (REST. & SOAP, GraphQL & more) or mobile, providing actionable reports ### Seamlessly integrates with the Tools and Workflows You Already Use @@ -25,7 +25,7 @@ Scans are fast as our AI-powered engine can understand application architecture ### No False Positives -Stop chasing ghosts and wasting time. Bright doesn’t return false positives, so you can focus on releasing code. +Bright keeps false positives to a minimum, letting you focus on real issues and release better code faster. ### Comprehensive Security Testing @@ -50,19 +50,19 @@ _Example:_ `name: GitHub scan ${{ github.sha }}` **Required**. Your Bright API authorization token (key). You can generate it in the **Organization** section in [the Bright app](https://app.neuralegion.com/login). Find more information [here](https://docs.brightsec.com/docs/manage-your-organization#manage-organization-apicli-authentication-tokens). -_Example:_ `api_token: ${{ secrets.NEURALEGION_TOKEN }}` +_Example:_ `api_token: ${{ secrets.BRIGHT_TOKEN }}` ### `restart_scan` -**Required** when restarting an existing scan by its ID. You can get the scan ID in the Scans section in [the Bright app](https://app.neuralegion.com/login). +**Required** when restarting an existing scan using its ID. You can get the scan ID in the Scans section in [the Bright app](https://app.brightsec.com/login). -Please make sure to only use the necessary parameters. Otherwise, you will get a response with the parameter usage requirements. +Please make sure only to use the necessary parameters. Otherwise, you will get a response with the parameter usage requirements. _Example:_ `restart_scan: ai3LG8DmVn9Rn1YeqCNRGQ)` ### `discovery_types` -**Required**. Array of discovery types. The following types are available: +**Required**. An array of discovery types. The following types are available: - `archive` - uses an uploaded HAR-file for a scan - `crawler` - uses a crawler to define the attack surface for a scan @@ -135,13 +135,13 @@ _Recommended tests:_ ### `file_id` -**Required** if the discovery type is set to `archive` or `oas`. ID of a HAR-file or an OpenAPI schema you want to use for a scan. You can get the ID of an uploaded HAR-file or an OpenAPI schema in the **Storage** section on [app.neuralegion.com](https://app.neuralegion.com/login). +**Required** if the discovery type is set to `archive` or `oas`. ID of a HAR-file or an OpenAPI schema you want to use for a scan. You can get the ID of an uploaded HAR-file or an OpenAPI schema in the **Storage** section on [app.neuralegion.com](https://app.brightsec.com/login). _Example:_ ``` -FILE_ID=$(nexploit-cli archive:upload \ ---token ${{ secrets.NEURALEGION_TOKEN }} \ +FILE_ID=$(bright-cli archive:upload \ +--token ${{ secrets.BRIGHT_TOKEN }} \ --discard true \ ./example.har) ``` @@ -218,11 +218,11 @@ ID of the created scan. This ID could then be used to restart the scan, or for t ```yaml steps: - - name: Start NeuraLegion Scan + - name: Start Bright Scan id: start uses: NeuraLegion/run-scan@v1.1 with: - api_token: ${{ secrets.NEURALEGION_TOKEN }} + api_token: ${{ secrets.BRIGHT_TOKEN }} name: GitHub scan ${{ github.sha }} discovery_types: | [ "crawler", "archive" ] @@ -237,11 +237,11 @@ steps: ```yaml steps: - - name: Start NeuraLegion Scan + - name: Start Bright Scan id: start uses: NeuraLegion/run-scan@v1.1 with: - api_token: ${{ secrets.NEURALEGION_TOKEN }} + api_token: ${{ secrets.BRIGHT_TOKEN }} name: GitHub scan ${{ github.sha }} restart_scan: ai3LG8DmVn9Rn1YeqCNRGQ - name: Get the output scan url From aacae005135aac55147d2b1461e7213f7714f14c Mon Sep 17 00:00:00 2001 From: tw-brightsec <121874204+tw-brightsec@users.noreply.github.com> Date: Mon, 13 May 2024 11:08:24 +0400 Subject: [PATCH 2/8] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 1809810..4075270 100644 --- a/README.md +++ b/README.md @@ -48,7 +48,7 @@ _Example:_ `name: GitHub scan ${{ github.sha }}` ### `api_token` -**Required**. Your Bright API authorization token (key). You can generate it in the **Organization** section in [the Bright app](https://app.neuralegion.com/login). Find more information [here](https://docs.brightsec.com/docs/manage-your-organization#manage-organization-apicli-authentication-tokens). +**Required**. Your Bright API authorization token (key). You can generate it in the **Organization** section in [the Bright app](https://app.brightsec.com/login). Find more information [here](https://docs.brightsec.com/docs/manage-your-organization#manage-organization-apicli-authentication-tokens). _Example:_ `api_token: ${{ secrets.BRIGHT_TOKEN }}` From c891e1f2987d02d3363701a6c700f386ac6c8441 Mon Sep 17 00:00:00 2001 From: tw-brightsec <121874204+tw-brightsec@users.noreply.github.com> Date: Mon, 13 May 2024 11:12:46 +0400 Subject: [PATCH 3/8] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 4075270..5cafd0f 100644 --- a/README.md +++ b/README.md @@ -135,7 +135,7 @@ _Recommended tests:_ ### `file_id` -**Required** if the discovery type is set to `archive` or `oas`. ID of a HAR-file or an OpenAPI schema you want to use for a scan. You can get the ID of an uploaded HAR-file or an OpenAPI schema in the **Storage** section on [app.neuralegion.com](https://app.brightsec.com/login). +**Required** if the discovery type is set to `archive` or `oas`. ID of a HAR-file or an OpenAPI schema you want to use for a scan. You can get the ID of an uploaded HAR-file or an OpenAPI schema in the **Storage** section on [app.brightsec.com](https://app.brightsec.com/login). _Example:_ From bf1f397d9cf7f2ba7a7ba12cb49c66d88f5fc7a4 Mon Sep 17 00:00:00 2001 From: tw-brightsec <121874204+tw-brightsec@users.noreply.github.com> Date: Mon, 20 May 2024 11:22:47 +0400 Subject: [PATCH 4/8] Update action.yml --- action.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/action.yml b/action.yml index 8b105aa..5d9fda5 100644 --- a/action.yml +++ b/action.yml @@ -1,5 +1,5 @@ -name: 'Run a NeuraLegion Scan' -description: 'Run a NeuraLegion scan right in GitHub Action' +name: 'Run a Bright Scan' +description: 'Run a Bright scan right in GitHub Action' branding: icon: 'upload-cloud' color: 'blue' From 47985240452e2938e52d57e8ee21381fa57dbb99 Mon Sep 17 00:00:00 2001 From: tw-brightsec <121874204+tw-brightsec@users.noreply.github.com> Date: Mon, 20 May 2024 11:23:29 +0400 Subject: [PATCH 5/8] Update package.json --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 0fd7a29..450eee7 100644 --- a/package.json +++ b/package.json @@ -1,7 +1,7 @@ { "name": "run-scan", "version": "0.1.0", - "description": "This action runs a new security scan in NeuraLegion, or reruns an existing one.", + "description": "This action runs a new security scan in Bright, or reruns an existing one.", "main": "index.js", "scripts": { "build": "tsc", From 737befc13bb2a0c7e1c4e130fed381a4d706819b Mon Sep 17 00:00:00 2001 From: tw-brightsec <121874204+tw-brightsec@users.noreply.github.com> Date: Mon, 20 May 2024 11:25:42 +0400 Subject: [PATCH 6/8] Update test.yml --- .github/workflows/test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 74614b5..86e33e2 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -22,7 +22,7 @@ jobs: cp README.md release/ cp action.yml release/ cp -R dist/ release/dist/ - - name: Start NeuraLegion Scan 🏁 + - name: Start BNright Scan 🏁 uses: ./release with: api_token: ${{ secrets.NEXPLOIT_TOKEN }} From e201a5a682cdce6a79e530ec57072261c2507993 Mon Sep 17 00:00:00 2001 From: tw-brightsec <121874204+tw-brightsec@users.noreply.github.com> Date: Mon, 20 May 2024 11:27:36 +0400 Subject: [PATCH 7/8] Update test.yml --- .github/workflows/test.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 86e33e2..779ec9a 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -22,10 +22,10 @@ jobs: cp README.md release/ cp action.yml release/ cp -R dist/ release/dist/ - - name: Start BNright Scan 🏁 + - name: Start Bright Scan 🏁 uses: ./release with: - api_token: ${{ secrets.NEXPLOIT_TOKEN }} + api_token: ${{ secrets.BRIGHT_TOKEN }} name: GitHub scan ${{ github.sha }} discovery_types: | [ "crawler" ] From e1f76062233061ed5e41b6c8b73ac0d7d4785e2f Mon Sep 17 00:00:00 2001 From: tw-brightsec <121874204+tw-brightsec@users.noreply.github.com> Date: Mon, 20 May 2024 11:33:12 +0400 Subject: [PATCH 8/8] Update action.yml --- action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/action.yml b/action.yml index 5d9fda5..4a4e2cd 100644 --- a/action.yml +++ b/action.yml @@ -5,7 +5,7 @@ branding: color: 'blue' inputs: api_token: - description: 'Api Token. You can generate it in Organization section' + description: 'Api Token. You can generate it in Organization section of the Project settings' required: true restart_scan: description: 'Scan ID to restart'