scanner-inc/sync-detection-rules

# Detection Rule Sync Action ## Usage name: Sync Detection Rules on: push: branches: [main] jobs: sync: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - uses: scanner-inc/sync-detection-rules@v0.1.0 with: scanner_api_url: "${{ vars.SCANNER_API_URL }}" scanner_api_key: "${{ secrets.SCANNER_API_KEY }}" push_key: "${{ vars.SCANNER_PUSH_KEY }}" ## Inputs | Input | Description | Required | Default | | ----------------- | ------------------------------------------------------------------------------------------------------------ | -------- | ------- | | `scanner_api_url` | The API URL of your Scanner instance | Yes | - | | `scanner_api_key` | Scanner API key | Yes | - | | `push_key` | Push key identifying the target push sync source on Scanner (Settings > Detection Rule Sync) | Yes | - | | `path` | Path inside the checkout to sync. `scanner-cli` resolves the enclosing git root and uploads the entire tree. | No | `.` | See the [Scanner.dev CLI documentation](https://docs.scanner.dev/scanner/using-scanner-complete-feature-reference/beta-features/detection-rules-as-code/cli#sync-an-entire-repository-sync-git-repo) for details on obtaining your API URL, API key, and push key. ## How it works The action installs the scanner-cli tool and runs `scanner-cli sync-git-repo --push-key ` against the checked-out repository. The current branch and commit SHA (with `+dirty` suffix if the working tree has uncommitted changes) are derived from the repo and uploaded alongside the zip. ## Development This repo uses Yarn 4 (managed via Corepack). To prepare a release: 1. Install dependencies: `yarn install` 2. Build the bundled distribution: `yarn build` 3. Commit the `dist/` folder: `git add dist && git commit -m "Build dist"` 4. Tag the release: `git tag v{$VERSION} && git push --tags` The bundled `dist/index.js` contains all dependencies, so users don't need to install anything. ### Regenerating the schema bundle To regenerate, install [`gh`](https://cli.github.com/) and authenticate it (`gh auth login`), then: yarn gen_schema

标签：自动化攻击