#!/bin/bash ASTRA_SCAN_START_URL="https://api.getastra.com/webhooks/integrations/ci-cd" ASTRA_SCAN_STATUS_URL="https://api.getastra.com/webhooks/integrations/ci-cd/scan-status" ASTRA_AUDIT_MODE="${ASTRA_AUDIT_MODE:-automated}" ASTRA_SCAN_TYPE="${ASTRA_SCAN_TYPE:-lightning}" ASTRA_JOB_EXIT_STRATEGY="${ASTRA_JOB_EXIT_STRATEGY:-always_pass}" ASTRA_JOB_EXIT_REFETCH_INTERVAL="${ASTRA_JOB_EXIT_REFETCH_INTERVAL:-30}" ASTRA_JOB_EXIT_REFETCH_MAX_RETRIES="${ASTRA_JOB_EXIT_REFETCH_MAX_RETRIES:-20}" ASTRA_JOB_EXIT_CRITERION="${ASTRA_JOB_EXIT_CRITERION:-severityCount[\\\"high\\\"] > 0 or severityCount[\\\"critical\\\"] > 0}" if [[ "$ASTRA_JOB_EXIT_STRATEGY" == "wait_for_completion" ]]; then # Check if ASTRA_SCAN_TYPE is either 'lighting' or 'emerging' using case case "$ASTRA_SCAN_TYPE" in "lighting" | "emerging") # Valid scan types; do nothing ;; *) # Invalid scan type echo "Error: wait_for_completion exit job strategy only supports 'lighting' and 'emerging' scan types." exit 1 ;; esac # Set wait time to 15 minutes ASTRA_JOB_EXIT_REFETCH_INTERVAL=45 ASTRA_JOB_EXIT_REFETCH_MAX_RETRIES=20 fi response=$(curl -s -o response.txt -w "%{http_code}" --user-agent "Astra Pentest Trigger Script/1.1" --header "Content-Type: application/json" --header "Accept: application/json" --request POST --data "{\"accessToken\":\"$ASTRA_ACCESS_TOKEN\",\"projectId\":\"$ASTRA_PROJECT_ID\", \"mode\":\"$ASTRA_AUDIT_MODE\", \"automatedScanType\":\"$ASTRA_SCAN_TYPE\", \"targetScopeUri\":\"$ASTRA_TARGET_SCOPE_URI\"}" "$ASTRA_SCAN_START_URL") status_code=$(tail -n1 <<< "$response") if [[ "$status_code" == "200" ]]; then echo "✅ The Astra scan has been successfully initiated." audit_id=$(awk '/"auditId"/{print $2}' RS=, FS=: response.txt | tr -d '"' | cut -d'}' -f1) vulnerabilities_page_link=$(awk '/"vulnerabilitesPageLink"/{print $2}' RS=, FS=: response.txt | tr -d '"' | cut -d'}' -f1) echo "" echo "Webhook response:" echo "" cat response.txt echo "" else echo "🟡 Scan initiation failed. HTTP status code: $status_code" echo "" echo "Webhook response:" echo "" cat response.txt echo "" exit 1 fi if [[ "$ASTRA_JOB_EXIT_STRATEGY" == "always_pass" ]]; then echo "The scan is currently in progress, and you can review any detected vulnerabilities in the Astra dashboard. As the ASTRA_JOB_EXIT_STRATEGY is set to always_pass, this job will not be blocked." exit 0 fi json_data="{\"accessToken\":\"$ASTRA_ACCESS_TOKEN\",\"auditId\":\"$audit_id\",\"jobExitCriterion\":\"$ASTRA_JOB_EXIT_CRITERION\"}" for ((retry=0; retry