Configure GitHub Actions
Click here to see this page in full context

Configure GitHub Actions

Qualys GitHub Actions for WAS allows you to configure the workflows as per your requirements. To configure the Qualys GitHub Actions for WAS, set the workflow and use that workflow to execute the scan. You can manage the scan by providing input parameters in the workflow.

To add the GitHub workflow to your repository:

  1. Navigate to your repository and click Actions.
  2. On the Actions page, click set up a workflow yourself. The Code page opens.
    Image shows GitHub workflow setup option.
  3. In the Code page, Marketplace pane, search Qualys and click Qualys GitHub actions for Web Application Scanning. The action steps are available here.
    Screenshot showing the action steps of the Qualys WAS Action.
  4. Copy the action steps from  Qualys GitHub actions for Web Application Scanning and paste them into the .yaml file in the Edit pane. Ensure that action/checkout steps are included before action steps in .yaml file. Refer to Trigger Scan for samples.
    Image shows how to edit action steps of your workflow.

  5. Click Commit changes.

  6. The newly added .yaml file is committed to your repository. You can view this file in the workflows tab of your repository.
    Image shows newly added workflow file in your repository.

Trigger Scan

Once you have configured the Qualys GitHub Action for WAS, you can launch the scan for your web application. Use the workflows available in your repository to launch the scan. These workflows act as trigger events and execute the scan. Also, you can manage these workflows and scans using input parameters.

 Ensure that you submit the mandatory parameters in the GitHub workflow otherwise, the scan is not executed.

Refer to the following workflow samples that can be used to launch the scan:

Scan Web Application on Push Event

Scan Web Application on Pull Event

Scan Web Application on Manual Trigger

Scan Web Application on Scheduled Trigger

For more workflow samples, refer to Trigger Workflows.

Scan Web Application on Push Event

This workflow (.yaml) launches the web application scan on a push request made to the GitHub repository.

name: Qualys WAS Scan

on:

push:

branches:

- main

jobs:

Qualys_was_scan:

runs-on: ubuntu-latest

name: Qualys WAS Scan

steps:

- name: Checkout

uses: actions/checkout@v3 

with:

fetch-depth: 0

- name: Qualys WAS scan action step

uses: Qualys/github_action_qwas@main

id: was

with:

API_SERVER: ${{ vars.API_SERVER }}

QUALYS_USERNAME: ${{ vars.QUALYS_USERNAME }}

QUALYS_PASSWORD: ${{ secrets.QUALYS_PASSWORD }}

WEBAPP_ID: ${{ vars.WEBAPP_ID }}

SCAN_NAME: ${{ vars.SCAN_NAME }}

SCAN_TYPE: ${{ vars.SCAN_TYPE }}

AUTH_RECORD: ${{ vars.AUTH_RECORD }}

AUTH_RECORD_ID: ${{ vars.AUTH_RECORD_ID }}

OPTION_PROFILE: ${{ vars.OPTION_PROFILE }}

OPTION_PROFILE_ID: ${{ vars.OPTION_PROFILE_ID }}

CANCEL_OPTION: ${{ vars.CANCEL_OPTION }}

CANCEL_HOURS: ${{ vars.CANCEL_HOURS }}

SEVERITY_CHECK: ${{ vars.SEVERITY_CHECK }}

SEVERITY_LEVEL: ${{ vars.SEVERITY_LEVEL }}

EXCLUDE: ${{ vars.EXCLUDE }}

FAIL_ON_SCAN_ERROR: ${{ vars.FAIL_ON_SCAN_ERROR }}

WAIT_FOR_RESULT: ${{ vars.WAIT_FOR_RESULT }}

INTERVAL: ${{ vars.INTERVAL }}

TIMEOUT: ${{ vars.TIMEOUT }}

FILE_TYPE: ${{ vars.FILE_TYPE }}

Scan Web Application on Pull Event

This workflow (.yaml) launches the web application scan on a pull request made to the GitHub repository.

name: Qualys WAS Scan 

on:

pull_request:

branches:

- main 

jobs:

Qualys_was_scan:

runs-on: ubuntu-latest

name: Qualys WAS Scan

steps:

- name: Checkout

uses: actions/checkout@v3

with:

fetch-depth: 0

- name: Qualys WAS scan action step

uses: Qualys/github_action_qwas@main

id: was

with:

API_SERVER: ${{ vars.API_SERVER }}

QUALYS_USERNAME: ${{ vars.QUALYS_USERNAME }}

QUALYS_PASSWORD: ${{ secrets.QUALYS_PASSWORD }}

WEBAPP_ID: ${{ vars.WEBAPP_ID }}

SCAN_NAME: ${{ vars.SCAN_NAME }}

SCAN_TYPE: ${{ vars.SCAN_TYPE }}

AUTH_RECORD: ${{ vars.AUTH_RECORD }}

AUTH_RECORD_ID: ${{ vars.AUTH_RECORD_ID }}

OPTION_PROFILE: ${{ vars.OPTION_PROFILE }}

OPTION_PROFILE_ID: ${{ vars.OPTION_PROFILE_ID }}

CANCEL_OPTION: ${{ vars.CANCEL_OPTION }}

CANCEL_HOURS: ${{ vars.CANCEL_HOURS }}

SEVERITY_CHECK: ${{ vars.SEVERITY_CHECK }}

SEVERITY_LEVEL: ${{ vars.SEVERITY_LEVEL }}

EXCLUDE: ${{ vars.EXCLUDE }}

FAIL_ON_SCAN_ERROR: ${{ vars.FAIL_ON_SCAN_ERROR }}

WAIT_FOR_RESULT: ${{ vars.WAIT_FOR_RESULT }}

INTERVAL: ${{ vars.INTERVAL }}

TIMEOUT: ${{ vars.TIMEOUT }}

FILE_TYPE: ${{ vars.FILE_TYPE }}

Scan Web Application with Manual Trigger Event

The following workflow sample is an example of manual trigger event. You have to run this workflow manually to launch the web application scan.

name: Qualys WAS Scan

on: workflow_dispatch

jobs:

Qualys_was_scan:

runs-on: ubuntu-latest

name: Qualys WAS Scan

steps:

- name: Checkout

uses: actions/checkout@v3

with:

fetch-depth: 0

- name: Qualys WAS scan action step

uses: Qualys/github_action_qwas@main

id: was

with:

API_SERVER: ${{ vars.API_SERVER }}

QUALYS_USERNAME: ${{ vars.QUALYS_USERNAME }}

QUALYS_PASSWORD: ${{ secrets.QUALYS_PASSWORD }}

WEBAPP_ID: ${{ vars.WEBAPP_ID }}

SCAN_NAME: ${{ vars.SCAN_NAME }}

SCAN_TYPE: ${{ vars.SCAN_TYPE }}

AUTH_RECORD: ${{ vars.AUTH_RECORD }}

AUTH_RECORD_ID: ${{ vars.AUTH_RECORD_ID }}

OPTION_PROFILE: ${{ vars.OPTION_PROFILE }}

OPTION_PROFILE_ID: ${{ vars.OPTION_PROFILE_ID }}

CANCEL_OPTION: ${{ vars.CANCEL_OPTION }}

CANCEL_HOURS: ${{ vars.CANCEL_HOURS }}

SEVERITY_CHECK: ${{ vars.SEVERITY_CHECK }}

SEVERITY_LEVEL: ${{ vars.SEVERITY_LEVEL }}

EXCLUDE: ${{ vars.EXCLUDE }}

FAIL_ON_SCAN_ERROR: ${{ vars.FAIL_ON_SCAN_ERROR }}

WAIT_FOR_RESULT: ${{ vars.WAIT_FOR_RESULT }}

INTERVAL: ${{ vars.INTERVAL }}

TIMEOUT: ${{ vars.TIMEOUT }}

FILE_TYPE: ${{ vars.FILE_TYPE }}

Scan Web Application with Scheduled Trigger Event

The following sample is an example of scheduled trigger event. This workflow runs on scheduled time.

name: Qualys WAS Scan

on:

  schedule:

    - cron: '30 5 * * 1,3'

jobs:

    Qualys_was_scan:

        runs-on: ubuntu-latest

        name: Qualys WAS Scan

        steps:

          - name: Checkout

            uses: actions/checkout@v3

            with:

                fetch-depth: 0

            - name: Qualys WAS scan action step

            uses: Qualys/github_action_qwas@main

            id: was

            with:

              API_SERVER: ${{ vars.API_SERVER }}

              QUALYS_USERNAME: ${{ vars.QUALYS_USERNAME }}

              QUALYS_PASSWORD: ${{ secrets.QUALYS_PASSWORD }}

              WEBAPP_ID: ${{ vars.WEBAPP_ID }}

              SCAN_NAME: ${{ vars.SCAN_NAME }}

              SCAN_TYPE: ${{ vars.SCAN_TYPE }}

              AUTH_RECORD: ${{ vars.AUTH_RECORD }}

              AUTH_RECORD_ID: ${{ vars.AUTH_RECORD_ID }}

              OPTION_PROFILE: ${{ vars.OPTION_PROFILE }}

              OPTION_PROFILE_ID: ${{ vars.OPTION_PROFILE_ID }}

              CANCEL_OPTION: ${{ vars.CANCEL_OPTION }}

              CANCEL_HOURS: ${{ vars.CANCEL_HOURS }}

              SEVERITY_CHECK: ${{ vars.SEVERITY_CHECK }}

              SEVERITY_LEVEL: ${{ vars.SEVERITY_LEVEL }}

              EXCLUDE: ${{ vars.EXCLUDE }}

              FAIL_ON_SCAN_ERROR: ${{ vars.FAIL_ON_SCAN_ERROR }}

              WAIT_FOR_RESULT: ${{ vars.WAIT_FOR_RESULT }}

              INTERVAL: ${{ vars.INTERVAL }}

              TIMEOUT: ${{ vars.TIMEOUT }}

              FILE_TYPE: ${{ vars.FILE_TYPE }}