Skip to content

Feature/update ci cd and docs #51

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
envrs wants to merge 15 commits into
base: master
Choose a base branch
from
Open

Feature/update ci cd and docs #51

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
15 commits
Select commit Hold shift + click to select a range
44f329d
chore: update CI/CD pipeline, add PR template, and improve documentation
Dec 3, 2025
e2e25cc
🔒 chore: update security configurations and tests
Dec 3, 2025
cdb134a
Delete .env.example
envrs Dec 3, 2025
891b327
Delete .eslintrc.json
envrs Dec 3, 2025
646e02f
Update .gitignore
envrs Dec 3, 2025
47bf133
Delete .prettierrc
envrs Dec 3, 2025
a3bd69e
Update package.json
envrs Dec 3, 2025
d6e3c8f
Update scans_ci.yml
envrs Dec 3, 2025
c37f18e
Merge branch 'master' into feature/update-ci-cd-and-docs
envrs Dec 3, 2025
e3ee95c
Update .github/workflows/scans_ci.yml
khulnasoft-bot Feb 16, 2026
7cc479d
Update helpers/asl/asl-1.js
khulnasoft-bot Feb 16, 2026
437fcd1
Update plugins/azure/cosmosdb/cosmosdbManagedIdentity.spec.js
khulnasoft-bot Feb 16, 2026
bd7fe91
Update helpers/asl/asl-1.js
khulnasoft-bot Feb 16, 2026
b5c4c87
Update plugins/azure/cosmosdb/cosmosdbManagedIdentity.spec.js
khulnasoft-bot Feb 16, 2026
e829544
Update helpers/asl/asl-1.js
khulnasoft-bot Feb 16, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
67 changes: 0 additions & 67 deletions .eslintrc.json
View file
Open in desktop

This file was deleted.

12 changes: 2 additions & 10 deletions .github/workflows/scans_ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,18 +8,10 @@ on:
schedule:
- cron: '0 0 * * 0' # Weekly run on Sunday at midnight

jobs:
test:
name: Test on Node.js ${{ matrix.node-version }}
runs-on: ubuntu-latest
strategy:
matrix:
node-version: [12.x, 14.x, 16.x] # Test on multiple Node.js versions
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v6
Copy link

@coderabbitai coderabbitai bot Feb 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Read the full file with line numbers to see actual structure
cat -n .github/workflows/scans_ci.yml

Repository: khulnasoft/cloudexploit

Length of output: 1452

🏁 Script executed:

#!/bin/bash
# Validate YAML syntax
pip install yamllint -q 2>/dev/null
yamllint .github/workflows/scans_ci.yml 2>&1 || true

Repository: khulnasoft/cloudexploit

Length of output: 917

The workflow file is missing the required jobs: block structure and will not execute.

The file jumps directly from the on: trigger block (lines 1–9) to step definitions (lines 11–36) without the required jobs: / build: / runs-on: / strategy: / steps: hierarchy. This breaks the GitHub Actions YAML schema entirely.

YAMLlint confirms the syntax error at line 11:7: expected <block end>, but found '-'. The workflow will fail to parse.

Required fix: Wrap all steps (lines 11–36) within a proper job structure:

jobs:
  build:
    runs-on: ubuntu-latest
    strategy:
      matrix:
        node-version: [18.x, 20.x]  # use supported LTS versions
    steps:
      - uses: actions/checkout@v6
      - name: Use Node.js ${{ matrix.node-version }}
        uses: actions/setup-node@v6
        ...

Also address yamllint errors: remove trailing spaces (lines 12, 18, 25, 28, 31, 34) and fix spacing in branch arrays (lines 5, 7).

🧰 Tools
🪛 YAMLlint (1.38.0)

[error] 11-11: syntax error: expected , but found '-'

(syntax)

🤖 Prompt for AI Agents 
In @.github/workflows/scans_ci.yml at line 11, The workflow is missing the
required GitHub Actions job hierarchy so the steps (including the
actions/checkout@v6 entry) are invalid; wrap the existing steps under a jobs
block (e.g., jobs: -> build: -> runs-on: ubuntu-latest -> strategy: matrix:
node-version: [18.x,20.x] -> steps:) so that actions/checkout@v6 and subsequent
step entries are nested under the steps: array, and remove trailing spaces and
fix spacing in branch arrays to satisfy yamllint; update any step names or uses
entries (like actions/setup-node@v6) as needed to fit under the new job
structure.


- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v2
uses: actions/setup-node@v6
with:
node-version: ${{ matrix.node-version }}
cache: 'npm'
Expand Down
31 changes: 30 additions & 1 deletion collectors/azure/collector.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -108,7 +108,36 @@ let collect = function(AzureConfig, settings, callback, fargateFlag) {
return retryAfter;
},
errorFilter: function(err) {
return err.includes('TooManyRequests');
const errorMessage = typeof err === 'string' ? err : err.message || err.toString();

// Azure throttling patterns
const throttlingPatterns = [
'TooManyRequests',
'RateLimitExceeded',
'Throttling',
'Throttled',
'RequestThrottled',
'RequestLimitExceeded',
'ServerBusy',
'ServiceBusy',
'toomanyrequests',
'ratelimitexceeded',
'throttling',
'throttled',
'requestthrottled',
'requestlimitexceeded',
'serverbusy',
'servicebusy',
'too many requests',
'rate limit',
'retry after',
'the request is being throttled',
'request rate is large',
'rate exceeded'
];

const errorMatch = throttlingPatterns.some(pattern => errorMessage.includes(pattern));
return errorMatch;
}
}, function(retryCallback) {
let localUrl = obj.nextUrl || obj.url.replace(/\{subscriptionId\}/g, AzureConfig.SubscriptionID);
Expand Down
39 changes: 26 additions & 13 deletions exports.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -243,6 +243,8 @@ module.exports = {
'openAllPortsProtocolsEgress' : require(__dirname + '/plugins/aws/ec2/openAllPortsProtocolsEgress.js'),
'defaultSecurityGroupInUse' : require(__dirname + '/plugins/aws/ec2/defaultSecurityGroupInUse.js'),
'ec2NetworkExposure' : require(__dirname + '/plugins/aws/ec2/ec2NetworkExposure.js'),
'ec2PrivilegeAnalysis' : require(__dirname + '/plugins/aws/ec2/ec2PrivilegeAnalysis.js'),


'efsCmkEncrypted' : require(__dirname + '/plugins/aws/efs/efsCmkEncrypted.js'),
'efsEncryptionEnabled' : require(__dirname + '/plugins/aws/efs/efsEncryptionEnabled.js'),
Expand All @@ -269,6 +271,8 @@ module.exports = {
'eksLatestPlatformVersion' : require(__dirname + '/plugins/aws/eks/eksLatestPlatformVersion.js'),
'eksClusterHasTags' : require(__dirname + '/plugins/aws/eks/eksClusterHasTags.js'),
'eksNetworkExposure' : require(__dirname + '/plugins/aws/eks/eksNetworkExposure.js'),
'eksPrivilegeAnalysis' : require(__dirname + '/plugins/aws/eks/eksPrivilegeAnalysis.js'),


'kendraIndexEncrypted' : require(__dirname + '/plugins/aws/kendra/kendraIndexEncrypted.js'),

Expand Down Expand Up @@ -514,6 +518,8 @@ module.exports = {
'lambdaDeadLetterQueue' : require(__dirname + '/plugins/aws/lambda/lambdaDeadLetterQueue.js'),
'lambdaEnhancedMonitoring' : require(__dirname + '/plugins/aws/lambda/lambdaEnhancedMonitoring.js'),
'lambdaUniqueExecutionRole' : require(__dirname + '/plugins/aws/lambda/lambdaUniqueExecutionRole.js'),
'lambdaNetworkExposure' : require(__dirname + '/plugins/aws/lambda/lambdaNetworkExposure.js'),
'lambdaPrivilegeAnalysis' : require(__dirname + '/plugins/aws/lambda/lambdaPrivilegeAnalysis.js'),

'webServerPublicAccess' : require(__dirname + '/plugins/aws/mwaa/webServerPublicAccess.js'),
'environmentAdminPrivileges' : require(__dirname + '/plugins/aws/mwaa/environmentAdminPrivileges.js'),
Expand Down Expand Up @@ -818,6 +824,7 @@ module.exports = {
'vmDiskCMKRotation' : require(__dirname + '/plugins/azure/virtualmachines/vmDiskCMKRotation.js'),
'vmDiskPublicAccess' : require(__dirname + '/plugins/azure/virtualmachines/vmDiskPublicAccess.js'),
'computeGalleryRbacSharing' : require(__dirname + '/plugins/azure/virtualmachines/computeGalleryRbacSharing.js'),
'vmPrivilegeAnalysis' : require(__dirname + '/plugins/azure/virtualmachines/vmPrivilegeAnalysis.js'),
'vmNetworkExposure' : require(__dirname + '/plugins/azure/virtualmachines/vmNetworkExposure.js'),

'bastionHostExists' : require(__dirname + '/plugins/azure/bastion/bastionHostExists.js'),
Expand Down Expand Up @@ -888,6 +895,8 @@ module.exports = {
'postgresqlPrivateEndpoints' : require(__dirname + '/plugins/azure/postgresqlserver/postgresqlPrivateEndpoints.js'),
'azureServicesAccessDisabled' : require(__dirname + '/plugins/azure/postgresqlserver/azureServicesAccessDisabled.js'),
'postgresqlTlsVersion' : require(__dirname + '/plugins/azure/postgresqlserver/postgresqlTlsVersion.js'),
'postgresqlServerPublicAccess' : require(__dirname + '/plugins/azure/postgresqlserver/postgresqlServerPublicAccess.js'),
'postgresqlFlexibleServerPublicAccess': require(__dirname + '/plugins/azure/postgresqlserver/postgresqlFlexibleServerPublicAccess.js'),
'flexibleServerPrivateAccess' : require(__dirname + '/plugins/azure/postgresqlserver/flexibleServerPrivateAccess'),
'diagnosticLoggingEnabled' : require(__dirname + '/plugins/azure/postgresqlserver/diagnosticLoggingEnabled.js'),
'flexibleServerLogDisconnections': require(__dirname + '/plugins/azure/postgresqlserver/flexibleServerLogDisconnections.js'),
Expand Down Expand Up @@ -1003,6 +1012,8 @@ module.exports = {
'disableFTPDeployments' : require(__dirname + '/plugins/azure/appservice/disableFTPDeployments.js'),
'accessControlAllowCredential' : require(__dirname + '/plugins/azure/appservice/accessControlAllowCredential.js'),
'appServiceDiagnosticLogs' : require(__dirname + '/plugins/azure/appservice/appServiceDiagnosticLogs.js'),
'functionPrivilegeAnalysis' : require(__dirname + '/plugins/azure/appservice/functionPrivilegeAnalysis.js'),
'functionAppNetworkExposure' : require(__dirname + '/plugins/azure/appservice/functionAppNetworkExposure.js'),

'rbacEnabled' : require(__dirname + '/plugins/azure/kubernetesservice/rbacEnabled.js'),
'aksManagedIdentity' : require(__dirname + '/plugins/azure/kubernetesservice/aksManagedIdentity.js'),
Expand All @@ -1015,6 +1026,7 @@ module.exports = {
'aksHostBasedEncryption' : require(__dirname + '/plugins/azure/kubernetesservice/aksHostBasedEncryption.js'),
'aksApiAuthorizedIpRanges' : require(__dirname + '/plugins/azure/kubernetesservice/aksApiAuthorizedIpRanges.js'),
'aksNetworkExposure' : require(__dirname + '/plugins/azure/kubernetesservice/aksNetworkExposure.js'),
'aksPrivilegeAnalysis' : require(__dirname + '/plugins/azure/kubernetesservice/aksPrivilegeAnalysis.js'),

'acrAdminUser' : require(__dirname + '/plugins/azure/containerregistry/acrAdminUser.js'),
'acrHasTags' : require(__dirname + '/plugins/azure/containerregistry/acrHasTags.js'),
Expand All @@ -1029,14 +1041,14 @@ module.exports = {
'endpointLoggingEnabled' : require(__dirname + '/plugins/azure/cdnprofiles/endpointLoggingEnabled.js'),
'detectInsecureCustomOrigin' : require(__dirname + '/plugins/azure/cdnprofiles/detectInsecureCustomOrigin.js'),

'passwordRequiresLowercase' : require(__dirname + '/plugins/azure/activedirectory/passwordRequiresLowercase.js'),
'passwordRequiresNumbers' : require(__dirname + '/plugins/azure/activedirectory/passwordRequiresNumbers.js'),
'passwordRequiresSymbols' : require(__dirname + '/plugins/azure/activedirectory/passwordRequiresSymbols.js'),
'passwordRequiresUppercase' : require(__dirname + '/plugins/azure/activedirectory/passwordRequiresUppercase.js'),
'minPasswordLength' : require(__dirname + '/plugins/azure/activedirectory/minPasswordLength.js'),
'ensureNoGuestUser' : require(__dirname + '/plugins/azure/activedirectory/ensureNoGuestUser.js'),
'noCustomOwnerRoles' : require(__dirname + '/plugins/azure/activedirectory/noCustomOwnerRoles.js'),
'appOrgnaizationalDirectoryAccess' : require(__dirname + '/plugins/azure/activedirectory/appOrgnaizationalDirectoryAccess.js'),
'passwordRequiresLowercase' : require(__dirname + '/plugins/azure/entraid/passwordRequiresLowercase.js'),
'passwordRequiresNumbers' : require(__dirname + '/plugins/azure/entraid/passwordRequiresNumbers.js'),
'passwordRequiresSymbols' : require(__dirname + '/plugins/azure/entraid/passwordRequiresSymbols.js'),
'passwordRequiresUppercase' : require(__dirname + '/plugins/azure/entraid/passwordRequiresUppercase.js'),
'minPasswordLength' : require(__dirname + '/plugins/azure/entraid/minPasswordLength.js'),
'ensureNoGuestUser' : require(__dirname + '/plugins/azure/entraid/ensureNoGuestUser.js'),
'noCustomOwnerRoles' : require(__dirname + '/plugins/azure/entraid/noCustomOwnerRoles.js'),
'appOrgnaizationalDirectoryAccess' : require(__dirname + '/plugins/azure/entraid/appOrgnaizationalDirectoryAccess.js'),

'dbAuditingEnabled' : require(__dirname + '/plugins/azure/sqldatabases/dbAuditingEnabled.js'),
'dbDataMaskingEnabled' : require(__dirname + '/plugins/azure/sqldatabases/dbDataMaskingEnabled.js'),
Expand Down Expand Up @@ -1076,6 +1088,7 @@ module.exports = {
'keyVaultHasTags' : require(__dirname + '/plugins/azure/keyvaults/keyVaultHasTags.js'),
'keyVaultsPrivateEndpoint' : require(__dirname + '/plugins/azure/keyvaults/keyVaultsPrivateEndpoint.js'),
'kvLogAnalyticsEnabled' : require(__dirname + '/plugins/azure/keyvaults/kvLogAnalyticsEnabled.js'),
'keyVaultPublicAccess' : require(__dirname + '/plugins/azure/keyvaults/keyVaultPublicAccess.js'),

'advancedThreatProtection' : require(__dirname + '/plugins/azure/cosmosdb/advancedThreatProtection.js'),
'cosmosdbDiagnosticLogs' : require(__dirname + '/plugins/azure/cosmosdb/cosmosdbDiagnosticLogs.js'),
Expand Down Expand Up @@ -1460,7 +1473,7 @@ module.exports = {
'imagesCMKEncrypted' : require(__dirname + '/plugins/google/compute/imagesCMKEncrypted.js'),
'snapshotEncryption' : require(__dirname + '/plugins/google/compute/snapshotEncryption.js'),
'instanceNetworkExposure' : require(__dirname + '/plugins/google/compute/instanceNetworkExposure.js'),

'computePrivilegeAnalysis' : require(__dirname + '/plugins/google/compute/computePrivilegeAnalysis.js'),
'keyRotation' : require(__dirname + '/plugins/google/cryptographickeys/keyRotation.js'),
'keyProtectionLevel' : require(__dirname + '/plugins/google/cryptographickeys/keyProtectionLevel.js'),
'kmsPublicAccess' : require(__dirname + '/plugins/google/cryptographickeys/kmsPublicAccess.js'),
Expand Down Expand Up @@ -1569,7 +1582,7 @@ module.exports = {
'binaryAuthorizationEnabled' : require(__dirname + '/plugins/google/kubernetes/binaryAuthorizationEnabled.js'),
'clientCertificateDisabled' : require(__dirname + '/plugins/google/kubernetes/clientCertificateDisabled.js'),
'clusterNetworkExposure' : require(__dirname + '/plugins/google/kubernetes/clusterNetworkExposure.js'),

'kubernetesPrivilegeAnalysis' : require(__dirname + '/plugins/google/kubernetes/kubernetesPrivilegeAnalysis.js'),
'dnsSecEnabled' : require(__dirname + '/plugins/google/dns/dnsSecEnabled.js'),
'dnsSecSigningAlgorithm' : require(__dirname + '/plugins/google/dns/dnsSecSigningAlgorithm.js'),
'dnsZoneLabelsAdded' : require(__dirname + '/plugins/google/dns/dnsZoneLabelsAdded.js'),
Expand Down Expand Up @@ -1608,9 +1621,9 @@ module.exports = {
'cloudFunctionLabelsAdded' : require(__dirname + '/plugins/google/cloudfunctions/cloudFunctionLabelsAdded.js'),
'cloudFunctionOldRuntime' : require(__dirname + '/plugins/google/cloudfunctions/cloudFunctionOldRuntime.js'),
'functionAllUsersPolicy' : require(__dirname + '/plugins/google/cloudfunctions/functionAllUsersPolicy.js'),

'serverlessVPCAccess' : require(__dirname + '/plugins/google/cloudfunctions/serverlessVPCAccess.js'),

'cloudFunctionNetworkExposure' : require(__dirname + '/plugins/google/cloudfunctions/cloudFunctionNetworkExposure.js'),
'cloudFunctionsPrivilegeAnalysis': require(__dirname + '/plugins/google/cloudfunctions/cloudFunctionsPrivilegeAnalysis.js'),
'computeAllowedExternalIPs' : require(__dirname + '/plugins/google/cloudresourcemanager/computeAllowedExternalIPs.js'),
'disableAutomaticIAMGrants' : require(__dirname + '/plugins/google/cloudresourcemanager/disableAutomaticIAMGrants.js'),
'disableGuestAttributes' : require(__dirname + '/plugins/google/cloudresourcemanager/disableGuestAttributes.js'),
Expand Down Expand Up @@ -1740,4 +1753,4 @@ module.exports = {
'securityNotificationsEnabled' : require(__dirname + '/plugins/alibaba/securitycenter/securityNotificationsEnabled.js'),
'vulnerabilityScanEnabled' : require(__dirname + '/plugins/alibaba/securitycenter/vulnerabilityScanEnabled.js')
}
};
};
Loading