- TypeScript 82%
- Dockerfile 8.9%
- HCL 5.1%
- JavaScript 4%
|
|
||
|---|---|---|
| .github | ||
| dist | ||
| src | ||
| tests | ||
| .dockerignore | ||
| .editorconfig | ||
| .gitattributes | ||
| .gitignore | ||
| .prettierignore | ||
| .prettierrc.json | ||
| .yarnrc.yml | ||
| action.yml | ||
| codecov.yml | ||
| dev.Dockerfile | ||
| docker-bake.hcl | ||
| eslint.config.mjs | ||
| LICENSE | ||
| package.json | ||
| README.md | ||
| tsconfig.json | ||
| vitest.config.ts | ||
| vitest.setup.ts | ||
| yarn.lock | ||
About
GitHub Action to upload and scan files with VirusTotal.
Usage
Scan local files
This action can be used to scan local files with VirusTotal:
- name: VirusTotal Scan
uses: crazy-max/ghaction-virustotal@v5
with:
vt_api_key: ${{ secrets.VT_API_KEY }}
files: |
./foo-win32.exe
./foo-win64.exe
Scan through VirusTotal Monitor
To scan your assets through VirusTotal Monitor you can use the following workflow:
- name: VirusTotal Scan
uses: crazy-max/ghaction-virustotal@v5
with:
vt_api_key: ${{ secrets.VT_API_KEY }}
vt_monitor: true
monitor_path: /ghaction-virustotal
files: |
./foo-win32.exe
./foo-win64.exe
Scan assets of a published release
You can also use this action to scan assets of a published release on GitHub when a release event is triggered:
name: released
permissions:
contents: read
on:
release:
types:
- published
jobs:
virustotal:
runs-on: ubuntu-latest
steps:
-
name: VirusTotal Scan
uses: crazy-max/ghaction-virustotal@v5
with:
vt_api_key: ${{ secrets.VT_API_KEY }}
files: |
.exe$
If you set update_release_body: true input, analysis link(s) will be appended
to the release body:
name: released
permissions:
contents: read
on:
release:
types:
- published
jobs:
virustotal:
runs-on: ubuntu-latest
permissions:
# required to write GitHub Release body
contents: write
steps:
-
name: VirusTotal Scan
uses: crazy-max/ghaction-virustotal@v5
with:
vt_api_key: ${{ secrets.VT_API_KEY }}
update_release_body: true
files: |
.exe$
And will look like this:
Customizing
inputs
Following inputs can be used as step.with keys
| Name | Type | Default | Description |
|---|---|---|---|
vt_api_key |
String | VirusTotal API key to upload assets (required) | |
files |
String | Newline-delimited list of path globs/patterns for asset files to upload for analysis (required) | |
vt_monitor |
Bool | false |
If enabled, files will be uploaded to VirusTotal Monitor endpoint |
monitor_path¹ |
String | / |
A path relative to current monitor user root folder to upload files |
update_release_body² |
Bool | false |
If enabled, analysis link(s) will be appended to the release body |
github_token³ |
String | GitHub Token used to create an authenticated client for GitHub API as provided by secrets |
|
request_rate |
Number | 0 |
API request-rate in requests/minute. Set to 4 or lower when using the standard free public API. 0 to disable rate-limit. |
Note
- ¹ Only available if
vt_monitoris enabled.- ² Only available if release event is triggered in your workflow.
- ³ Required if release event is triggered in your workflow.
outputs
The following outputs are available
| Name | Type | Description |
|---|---|---|
analysis |
String | Analysis results formatted as <filename>=<analysisURL> (comma separated) |
Contributing
Want to contribute? Awesome! The most basic way to show your support is to star the project, or to raise issues. You can also support this project by becoming a sponsor on GitHub or by making a PayPal donation to ensure this journey continues indefinitely!
Thanks again for your support, it is much appreciated! 🙏
License
MIT. See LICENSE for more details.