☁️ CloudExploit by KhulnaSoft Security, Ltd. 🔐 Multi‑Cloud Security Auditing Platform 🚀 AWS • Azure • GCP • Oracle • GitHub

.github/CONTRIBUTING.md

@@ -5,7 +5,7 @@ Thank you for your interest in contributing to CloudExploit! We welcome your PRs
 The CloudExploit project, maintainers, and contributors are governed by the [CloudExploit Code of Conduct](CODE_OF_CONDUCT.md). By contributing, you are agreeing to uphold this code in your interactions with the CloudExploit community.
 
 ## License
-By contributing code to CloudExploit, you attest that you have the rights to all code and that you are assigning these rights to Khulnasoft Security, Ltd. for use within its projects.
+By contributing code to CloudExploit, you attest that you have the rights to all code and that you are assigning these rights to KhulnaSoft Security, Ltd. for use within its projects.
 
 ## Getting Started
 Please read our [README](../README.md#installation) for information on getting setup to use and develop CloudExploit scans locally. We also have a [guide for writing new plugins](../docs/writing-plugins.md).

.github/workflows/scans_ci.yml

@@ -1,44 +1,25 @@
-name: CI/CD Pipeline
-
-on:
-  push:
-    branches: [ main, master ]
-  pull_request:
-    branches: [ main, master ]
-  schedule:
-    - cron: '0 0 * * 0'  # Weekly run on Sunday at midnight
+name: 
+on: [push, pull_request, create, delete, issue_comment]
 
 jobs:
-  test:
-    name: Test on Node.js ${{ matrix.node-version }}
+  build:
     runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        node-version: [12.x, 14.x, 16.x]  # Test on multiple Node.js versions
+
     steps:
       - uses: actions/checkout@v2
-
-      - name: Use Node.js ${{ matrix.node-version }}
-        uses: actions/setup-node@v2
+      - name: Use Node.js
+        uses: actions/setup-node@v1
         with:
-          node-version: ${{ matrix.node-version }}
-          cache: 'npm'
-
-      - name: Check for common typos
-        uses: khulnasoft/codetypo-actions@master
+          node-version: '12.x'
+      - uses: codespell-project/actions-codespell@master
         with:
           check_filenames: true
           skip: ./.github/*,.git,./package.json,./package-lock.json,./node_modules,./tests,./config,*.png,Dockerfile,./scripts,*.spec.js,./plugins/azure/storageaccounts/storageAccountsAADEnabled.js,./plugins/aws/cloudtrail/cloudtrailBucketAccessLogging.js,./helpers/google/index.js,*zip
           ignore_words_list: iam,\"tRe\",AKS,aks,optin,callInt,callInt
-
-      - name: Install Dependencies
-        run: npm ci
-
+      - run: npm install
+
       - name: Lint
         run: npm run lint
-      
-      - name: Run Tests
+
+      - name: NPM Test
         run: npm test
-
-      - name: Build
-        run: npm run build --if-present

Dockerfile

@@ -9,21 +9,30 @@ FROM node:lts-alpine3.12
 # You could also use this to specify a particular version number.
 ARG PACKAGENAME=cloudexploit
 
+# Create a non-root user and group
+RUN addgroup -S cloudexploit && adduser -S cloudexploit -G cloudexploit
+
 COPY . /var/scan/cloudexploit/
 
+# Set the working directory to /var/scan
+WORKDIR /var/scan
+
 # Install cloudexploit/scan into the container using npm from NPM
-RUN cd /var/scan \
-&& npm init --yes \
+RUN npm init --yes \
 && npm install ${PACKAGENAME} \
-&& npm link /var/scan/cloudexploit
+&& npm link /var/scan/cloudexploit \
+&& chown -R cloudexploit:cloudexploit /var/scan
 
 # Setup the container's path so that you can run cloudexploit directly
 # in case someone wants to customize it when running the container.
 ENV PATH "$PATH:/var/scan/node_modules/.bin"
 
+# Switch to non-root user
+USER cloudexploit
+
 # By default, run the scan. CMD allows consumers of the container to supply
 # command line arguments to the run command to control how this executes.
 # Thus, you can use the parameters that you would normally give to index.js
 # when running in a container.
-ENTRYPOINT ["cloudexploitscan"]
+ENTRYPOINT ["cloudexploit"]
 CMD []