feat(threat-modeler): add genAI threat modeling action #117
Conversation
|
|
|
@vsofronievk can you sign the CLA here |
| name: Threat Model | ||
|
|
||
| on: | ||
| pull_request: {} | ||
| push: | ||
| branches: | ||
| - master | ||
| - main | ||
| workflow_dispatch: {} | ||
|
|
||
| jobs: | ||
| threat-modeler: | ||
| name: ChatGPT Threat Model | ||
| runs-on: ubuntu-latest | ||
|
|
||
| if: (github.actor != 'dependabot[bot]') | ||
|
|
||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@v3 | ||
|
|
||
| - name: Run Threat-Modeler | ||
| id: threat-modeler | ||
| uses: Kong/public-shared-actions@91c2c6a12cc7baf69aea166f3ca9b3528ed018c9 | ||
| with: | ||
| docs-directory: 'docs' | ||
| application-description: 'application_description' | ||
| dry-run: 'false' | ||
| api-key: ${{ secrets.OPENAI_API_KEY}} | ||
|
|
||
| - name: Download artifacts | ||
| uses: actions/download-artifact@v4 | ||
| with: | ||
| name: threat-model | ||
| github-token: ${{ secrets.GITHUB_TOKEN }} | ||
|
|
||
|
|
There was a problem hiding this comment.
- Move usage example to
./security-actions/threat-modeler/readme.md- Something like this - Add
docs/and make a.github/workflows/threat-modeler-consumer.ymltopublic-shared-actionsto run as a test to avoid any breaking changes in downstream repos on releases / updates to this action.
There was a problem hiding this comment.
@vsofronievk can you address the Move usage example to ./security-actions/threat-modeler/readme.md - Something like [this](https://github.com/Kong/public-shared-actions/tree/main/security-actions/sca#usage-examples) so it can be run on this repo as a test workflow may be in dry-run mode.
| with: | ||
| name: threat-model | ||
| path: threat-modeler/threat-modeler/threat_model.json | ||
|
|
There was a problem hiding this comment.
Can this file be the main entrypoint instead of ./secuity-actions/threat-modeler/action.yml referencing this file internally? Is this auto-generated?
| "devDependencies": { | ||
| "@types/node": "^20.11.28" | ||
| } | ||
| } |
There was a problem hiding this comment.
Add security-actions/threat-modeler to .github/dependabot.yml - something like [this](https://github.com/Kong/public-shared-actions/blob/main/.github/dependabot.yml#L13- L19) with nodejs package manager for auto-updates.
vsofronievk
force-pushed
the
threat-modeler
branch
2 times, most recently
from
0e57185 to
5ae1cdc
Compare
vsofronievk
force-pushed
the
threat-modeler
branch
from
5ae1cdc to
a941a0f
Compare
A supporting automated threat modeling action that allows teams to develop threat model using ChatGPT based on mermaid.js DFDs and an application description.