added pentest

cydigConfig.json

@@ -0,0 +1,41 @@
+{
+    "teamName": "name-of-your-team", 
+    "usingAzure": true,
+    "threatModeling": {
+        "date": "date-of-threat-modeling",
+        "boardsTag": "TM" 
+    },
+    "pentest": {
+        "date": "2023-09-07",
+        "boardsTag": "PT"
+    },
+    "githubDevOps": {
+        "usingRepos": true,
+        "repos": {
+            "username": "firstname.lastname (usually)"
+        },
+        "usingBoards": true,
+        "boards": {
+            "nameOfBoard": "name-of-boards (use 'not specified' for all boards in project)"
+        }
+    },
+    "scaTool": {
+        "nameOfTool": "name-of-tool", 
+        "owaspDependencyCheck": {
+            "reportPath": "Reports/dependency-check-report.csv",
+            "csvPath": "not specified"
+        }
+    },
+    "sastTool": {
+        "nameOfTool": "name-of-tool",
+        "semgrep": {
+            "reportPath": "semgrep-json.json"
+        }
+    },
+    "codeQualityTool": {
+        "nameOfTool": "name-of-tool"
+    },
+    "reposToExclude": {
+        "nameOfRepos": "not-specified"
+    }
+}

package.json

@@ -36,7 +36,8 @@
   "license": "MIT",
   "dependencies": {
     "@actions/core": "^1.10.0",
-    "@actions/github": "^5.1.1"
+    "@actions/github": "^5.1.1",
+    "joi": "^17.10.1"
   },
   "devDependencies": {
     "@types/node": "^20.5.7",

src/Pentest/PentestService.ts

@@ -0,0 +1,42 @@
+import * as core from '@actions/core';
+import * as github from '@actions/github';
+
+export class PentestService {
+    public static async getStateOfPentest(pentestDate: { 
+        date: string;
+        boardsTag: string;
+    }): Promise<void> {
+        console.log('Running Pentest Controls');
+
+        if(!pentestDate.date){
+            core.warning("Pentest Date is not set!");
+            return;
+        }
+        core.setOutput("pentestDate", pentestDate.date);
+
+
+
+        // const token = core.getInput('repo-token');
+        // console.log("Got the token");
+
+        // const octokit = github.getOctokit(token);
+        // console.log("octoKit authenticated");
+
+        // const { owner, repo } = github.context.repo;
+        // console.log(`Owner: ${owner}`);
+        // console.log(`Repo: ${repo}`);
+
+        // console.log("Going to get branch protection");
+        // await octokit.rest.repos.getBranchProtection({
+        // owner: owner,
+        // repo: repo,
+        // branch: 'main',
+        // }).then((response) => { 
+        //     console.log("Got the branch protection");
+        //     console.log(response.data);
+        // }).catch((error) => {
+        //     core.warning("Error getting branch protection!");
+        //     core.warning("Error: ", error.message);
+        // });
+    }
+}

src/helpfunctions/JsonService.ts

@@ -0,0 +1,66 @@
+import * as fs from 'fs';
+import * as path from 'path';
+import { CyDigConfig } from '../types/CyDigConfig';
+import Joi from 'joi';
+
+export function getContentOfFile(jsonPath: string): CyDigConfig {
+  const jsonFilePath: string = path.resolve(
+    __dirname,
+    path.relative(__dirname, path.normalize(jsonPath).replace(/^(\.\.(\/|\\|$))+/, ''))
+  );
+  const fileContent: string = fs.readFileSync(jsonFilePath, { encoding: 'utf-8' });
+
+  const cydigConfig: CyDigConfig = JSON.parse(fileContent);
+
+  validateConfig(cydigConfig);
+
+  return cydigConfig;
+}
+
+export function validateConfig(config: unknown): void {
+  const schema: Joi.ObjectSchema<CyDigConfig> = Joi.object({
+    teamName: Joi.string().required(),
+    usingAzure: Joi.boolean().required(),
+    threatModeling: Joi.object({
+      date: Joi.string().required(),
+      boardsTag: Joi.string().required(),
+    }).required(),
+    pentest: Joi.object({
+      date: Joi.string().required(),
+      boardsTag: Joi.string().required(),
+    }).required(),
+    githubDevOps: Joi.object({
+      usingRepos: Joi.boolean().required(),
+      repos: Joi.object({
+        username: Joi.string().required(),
+      }).required(),
+      usingBoards: Joi.boolean().required(),
+      boards: Joi.object({
+        nameOfBoard: Joi.string().required(),
+      }).required(),
+    }).required(),
+    scaTool: Joi.object({
+      nameOfTool: Joi.string().required(),
+      owaspDependencyCheck: Joi.object({
+        reportPath: Joi.string().required(),
+        csvPath: Joi.string().optional(),
+      }),
+    }).required(),
+    sastTool: Joi.object({
+      nameOfTool: Joi.string().required(),
+      semgrep: Joi.object({
+        reportPath: Joi.string().required(),
+      }).required(),
+    }).required(),
+    codeQualityTool: Joi.object({
+      nameOfTool: Joi.string().required(),
+    }).required(),
+    reposToExclude: Joi.object({
+      nameOfRepos: Joi.string().optional(),
+    }),
+  });
+
+  if (schema.validate(config).error) {
+    throw new Error(`${schema.validate(config).error.message} in your CyDig Config file`);
+  }
+}

src/index.ts

@@ -1,13 +1,18 @@
 import * as core from '@actions/core';
 import * as github from '@actions/github';
 import { BranchProtectionService } from './branchprotection/BranchProtectionService';
+import { CyDigConfig } from './types/CyDigConfig';
+import { getContentOfFile } from './helpfunctions/JsonService';
+import { PentestService } from './Pentest/PentestService';
 /**
  * The main function for the action.
  * @returns {Promise<void>} Resolves when the action is complete.
  */
 export async function run(): Promise<void> {
   try {
-
+    const cydigConfig: CyDigConfig = getContentOfFile("./cydigconfig.json");
+    await PentestService.getStateOfPentest(cydigConfig.pentest); 
+
     await BranchProtectionService.getStateOfBranchProtection();
 
 

src/types/CyDigConfig.ts

@@ -0,0 +1,41 @@
+export type CyDigConfig = {
+  teamName: string;
+  usingAzure: boolean;
+  threatModeling: {
+    date: string;
+    boardsTag: string;
+  };
+  pentest: {
+    date: string;
+    boardsTag: string;
+  };
+  githubDevOps: {
+    usingRepos: boolean;
+    repos: {
+      username: string;
+    };
+    usingBoards: boolean;
+    boards: {
+      nameOfBoard: string;
+    };
+  };
+  scaTool: {
+    nameOfTool: string;
+    owaspDependencyCheck: {
+      reportPath: string;
+      csvPath: string;
+    };
+  };
+  sastTool: {
+    nameOfTool: string;
+    semgrep: {
+      reportPath: string;
+    };
+  };
+  codeQualityTool: {
+    nameOfTool: string;
+  };
+  reposToExclude: {
+    nameOfRepos: string;
+  };
+};