├── .github └── workflows │ ├── report.yml │ └── scans.yml ├── AUTHORS.md ├── CHANGELOG.md ├── CODE_OF_CONDUCT.md ├── CONTRIBUTING.md ├── LICENSE ├── README.md ├── dashlord.yml ├── lighthouserc.json ├── publiccode.yml ├── renovate.json ├── report.json ├── results ├── .gitkeep ├── aHR0cHM6Ly93d3cuZmFicmlxdWUuc29jaWFsLmdvdXYuZnI= │ ├── 404.json │ ├── declaration-a11y.json │ ├── dependabotalerts.json │ ├── ecoindex.json │ ├── http.json │ ├── lhr-aHR0cHM6Ly93d3cuZmFicmlxdWUuc29jaWFsLmdvdXYuZnIv.html │ ├── lhr.json │ ├── nmapvuln.gnmap │ ├── nmapvuln.html │ ├── nmapvuln.json │ ├── nmapvuln.nmap │ ├── nmapvuln.xml │ ├── screenshot.jpeg │ ├── testssl.csv │ ├── testssl.html │ ├── testssl.json │ ├── thirdparties.json │ ├── wappalyzer.json │ ├── zap.html │ └── zap.json ├── aHR0cHM6Ly9iZXRhLmdvdXYuZnI= │ ├── 404.json │ ├── declaration-a11y.json │ ├── ecoindex.json │ ├── http.json │ ├── lhr-aHR0cHM6Ly9iZXRhLmdvdXYuZnIv.html │ ├── lhr.json │ ├── nmapvuln.gnmap │ ├── nmapvuln.html │ ├── nmapvuln.json │ ├── nmapvuln.nmap │ ├── nmapvuln.xml │ ├── screenshot.jpeg │ ├── testssl.csv │ ├── testssl.html │ ├── testssl.json │ ├── thirdparties.json │ ├── wappalyzer.json │ ├── zap.html │ └── zap.json └── aHR0cHM6Ly9iZXRhLmdvdXYuZnIv │ ├── 20210425_233709 │ ├── http.json │ ├── lhr.html │ ├── lhr.json │ ├── nuclei.json │ ├── testssl.csv │ ├── testssl.html │ ├── testssl.json │ ├── thirdparties.json │ ├── wappalyzer.json │ ├── zap.html │ ├── zap.json │ └── zap.md │ └── 20210428_213635 │ ├── http.json │ ├── lhr.html │ ├── lhr.json │ ├── nuclei.json │ ├── testssl.csv │ ├── testssl.html │ ├── testssl.json │ ├── thirdparties.json │ ├── wappalyzer.json │ ├── zap.html │ ├── zap.json │ └── zap.md ├── schema.json └── zap-rules.tsv /.github/workflows/report.yml: -------------------------------------------------------------------------------- 1 | name: DashLord report 2 | 3 | on: 4 | workflow_dispatch: 5 | workflow_run: 6 | workflows: ["DashLord scans"] 7 | branches: [main] 8 | types: 9 | - completed 10 | 11 | # allow only one concurrent report action 12 | concurrency: 13 | cancel-in-progress: true 14 | group: report 15 | 16 | jobs: 17 | website: 18 | runs-on: ubuntu-latest 19 | name: Website 20 | steps: 21 | - uses: actions/checkout@v4 22 | with: 23 | fetch-depth: 0 24 | 25 | - uses: actions/cache@v4 26 | with: 27 | path: "**/node_modules" 28 | key: ${{ runner.os }}-modules-${{ hashFiles('**/yarn.lock') }} 29 | 30 | # build the report 31 | - id: dashlord-report 32 | uses: SocialGouv/dashlord-actions/report@v1 33 | with: 34 | base-path: /dashlord # adapt to your repo name 35 | 36 | # save full report for history 37 | - uses: EndBug/add-and-commit@v7 38 | with: 39 | add: '["report.json"]' 40 | default_author: "github_actions" 41 | message: "chore: report update" 42 | 43 | # deploy build to gh-pages 44 | - name: Deploy 🚀 45 | uses: JamesIves/github-pages-deploy-action@4.1.9 46 | with: 47 | branch: gh-pages 48 | folder: build 49 | -------------------------------------------------------------------------------- /.github/workflows/scans.yml: -------------------------------------------------------------------------------- 1 | name: DashLord scans 2 | 3 | on: 4 | workflow_dispatch: 5 | inputs: 6 | url: 7 | description: "Single url to scan or scan all urls" 8 | required: false 9 | default: "" 10 | tool: 11 | description: "Single tool to run or use all tools" 12 | type: choice 13 | default: all 14 | options: 15 | - all 16 | - codescan 17 | - dependabot 18 | - ecoindex 19 | - lighthouse 20 | - sonarcloud 21 | - trivy 22 | - zap 23 | - ecoindex 24 | - dsfr 25 | push: 26 | branches: 27 | - master 28 | - main 29 | paths: 30 | - "dashlord.yaml" 31 | - "dashlord.yml" 32 | - "urls.txt" 33 | schedule: 34 | - cron: "0 0 * * 0" # see https://crontab.guru 35 | 36 | # allow only one concurrent scan action 37 | concurrency: 38 | cancel-in-progress: true 39 | group: scans 40 | 41 | jobs: 42 | init: 43 | runs-on: ubuntu-latest 44 | name: Prepare 45 | outputs: 46 | sites: ${{ steps.init.outputs.sites }} 47 | config: ${{ steps.init.outputs.config }} 48 | steps: 49 | - uses: actions/checkout@v4 50 | - id: init 51 | uses: "SocialGouv/dashlord-actions/init@v1" 52 | with: 53 | url: ${{ github.event.inputs.url }} 54 | tool: ${{ github.event.inputs.tool }} 55 | # to create missing entries in updown.io 56 | - id: updown-init 57 | if: ${{ matrix.sites.tools.updownio }} 58 | uses: "SocialGouv/dashlord-actions/updown-init@v1" 59 | env: 60 | UPDOWNIO_API_KEY: ${{ secrets.UPDOWNIO_API_KEY }} 61 | scans: 62 | runs-on: ubuntu-latest 63 | name: Scan 64 | needs: init 65 | continue-on-error: true 66 | strategy: 67 | fail-fast: false 68 | max-parallel: 3 69 | matrix: 70 | sites: ${{ fromJson(needs.init.outputs.sites) }} 71 | steps: 72 | - uses: actions/checkout@v4 73 | with: 74 | ref: ${{ github.ref }} 75 | 76 | - run: | 77 | mkdir scans 78 | 79 | - uses: actions/cache@v4 80 | with: 81 | path: "**/node_modules" 82 | key: ${{ runner.os }}-modules-${{ hashFiles('**/yarn.lock') }} 83 | 84 | - name: dsfr 85 | continue-on-error: true 86 | timeout-minutes: 10 87 | uses: "socialgouv/dashlord-actions/dsfr@v1" 88 | if: ${{ matrix.sites.tools.dsfr }} 89 | with: 90 | url: ${{ matrix.sites.url }} 91 | output: scans/dsfr.json 92 | 93 | - name: sonarcloud scan 94 | if: ${{ matrix.sites.tools.sonarcloud }} 95 | id: sonarcloud 96 | continue-on-error: true 97 | timeout-minutes: 10 98 | uses: SocialGouv/dashlord-actions/sonarcloud@v1 99 | with: 100 | repos: ${{ join(matrix.sites.repositories) }} 101 | output: "scans/sonarcloud.json" 102 | 103 | - name: Third-party scripts scan 104 | if: ${{ matrix.sites.tools.thirdparties }} 105 | id: thirdparties 106 | continue-on-error: true 107 | timeout-minutes: 10 108 | uses: SocialGouv/thirdparties-action@master 109 | with: 110 | url: "${{ matrix.sites.url }}" 111 | output: "scans/thirdparties.json" 112 | 113 | - name: Déclaration a11y 114 | timeout-minutes: 10 115 | uses: "socialgouv/dashlord-actions/declaration-a11y@v1" 116 | if: ${{ matrix.sites.tools['declaration-a11y'] }} 117 | with: 118 | url: ${{ matrix.sites.url }} 119 | output: scans/declaration-a11y.json 120 | 121 | - name: eco-index 122 | continue-on-error: true 123 | timeout-minutes: 10 124 | uses: "socialgouv/dashlord-actions/ecoindex@v1" 125 | if: ${{ matrix.sites.tools.ecoindex }} 126 | with: 127 | url: ${{ matrix.sites.url }} 128 | output: scans/ecoindex.json 129 | 130 | - name: Déclaration RGPD 131 | timeout-minutes: 10 132 | uses: SocialGouv/dashlord-actions/declaration-rgpd@v1 133 | if: ${{ matrix.sites.tools['declaration-rgpd'] }} 134 | with: 135 | thirdparties: ${{ steps.thirdparties.outputs.json }} 136 | url: ${{ matrix.sites.url }} 137 | output: scans/declaration-rgpd.json 138 | 139 | - name: Trivy 140 | continue-on-error: true 141 | timeout-minutes: 20 142 | if: ${{ matrix.sites.tools.trivy && matrix.sites.docker }} 143 | uses: "socialgouv/dashlord-actions/trivy@v1" 144 | with: 145 | images: ${{ join(matrix.sites.docker) }} 146 | output: scans/trivy.json 147 | 148 | - name: Detect 404s 149 | continue-on-error: true 150 | timeout-minutes: 10 151 | uses: "socialgouv/detect-404-action@master" 152 | if: ${{ matrix.sites.tools['404'] }} 153 | with: 154 | url: ${{ matrix.sites.url }} 155 | output: scans/404.json 156 | 157 | - name: Betagouv API scan 158 | if: ${{ matrix.sites.tools.betagouv }} 159 | continue-on-error: true 160 | timeout-minutes: 10 161 | id: betagouv 162 | uses: betagouv/dashlord-startup-action@main 163 | with: 164 | id: "${{ matrix.sites.betaId }}" 165 | output: "scans/betagouv.json" 166 | 167 | - name: Stats page 168 | timeout-minutes: 10 169 | uses: "betagouv/check-url-action@main" 170 | if: ${{ matrix.sites.tools.stats }} 171 | with: 172 | url: ${{ steps.betagouv.outputs.stats_url || format('{0}/stats', matrix.sites.url) }} 173 | output: scans/stats.json 174 | minExpectedRegex: ^stat 175 | exactExpectedRegex: ^stats$ 176 | 177 | - name: Screenshot Website 178 | uses: swinton/screenshot-website@v1.x 179 | if: ${{ matrix.sites.tools.screenshot }} 180 | timeout-minutes: 5 181 | continue-on-error: true 182 | with: 183 | source: "${{ matrix.sites.url }}" 184 | type: jpeg 185 | destination: screenshot.jpeg 186 | width: 1280 187 | scaleFactor: 0.5 188 | 189 | - name: Wappalyzer scan 190 | if: ${{ matrix.sites.tools.wappalyzer }} 191 | uses: "socialgouv/wappalyzer-action@master" 192 | timeout-minutes: 10 193 | continue-on-error: true 194 | with: 195 | url: "${{ matrix.sites.url }}" 196 | output: scans/wappalyzer.json 197 | 198 | - name: ZAP Scan 199 | if: ${{ matrix.sites.tools.zap }} 200 | uses: zaproxy/action-baseline@v0.14.0 201 | continue-on-error: true 202 | timeout-minutes: 10 203 | with: 204 | token: "" # disable issue creation 205 | rules_file_name: "zap-rules.tsv" 206 | allow_issue_writing: false 207 | target: "${{ matrix.sites.url }}" 208 | cmd_options: "-a" 209 | 210 | # https://github.com/treosh/lighthouse-ci-action#inputs 211 | - name: Lighthouse scan 212 | if: ${{ matrix.sites.tools.lighthouse }} 213 | timeout-minutes: 10 214 | uses: socialgouv/dashlord-actions/lhci@v1 215 | with: 216 | url: "${{ join(matrix.sites.subpages, ',') }}" 217 | 218 | - name: Mozilla HTTP Observatory 219 | if: ${{ matrix.sites.tools.http }} 220 | timeout-minutes: 10 221 | id: http 222 | continue-on-error: true 223 | uses: SocialGouv/httpobs-action@master 224 | with: 225 | url: "${{ matrix.sites.url }}" 226 | output: "scans/http.json" 227 | 228 | - name: Mozilla HTTP Observatory retry 229 | if: steps.http.outcome=='failure' 230 | continue-on-error: true 231 | timeout-minutes: 10 232 | uses: SocialGouv/httpobs-action@master 233 | with: 234 | url: "${{ matrix.sites.url }}" 235 | output: "scans/http.json" 236 | 237 | # testssl.sh action needs an hostname to save its output so we build it here 238 | - name: Extract hostname 239 | id: hostname 240 | run: | 241 | HOSTNAME=$(echo "${{ matrix.sites.url }}" | sed -e 's/[^/]*\/\/\([^@]*@\)\?\([^:/]*\).*/\2/') 242 | echo "::set-output name=value::$HOSTNAME" 243 | 244 | - name: testssl.sh scan 245 | if: ${{ matrix.sites.tools.testssl }} 246 | timeout-minutes: 10 247 | continue-on-error: true 248 | uses: "mbogh/test-ssl-action@v1.1" 249 | with: 250 | host: ${{ steps.hostname.outputs.value }} 251 | output: scans 252 | grade: "F" 253 | options: "--fast" 254 | 255 | - name: Nuclei scan 256 | if: ${{ matrix.sites.tools.nuclei }} 257 | timeout-minutes: 10 258 | continue-on-error: true 259 | uses: "SocialGouv/dashlord-nuclei-action@master" 260 | with: 261 | url: ${{ matrix.sites.url }} 262 | output: "scans/nuclei.log" 263 | 264 | - name: Updown.io checks 265 | if: ${{ matrix.sites.tools.updownio }} 266 | continue-on-error: true 267 | uses: "MTES-MCT/updownio-action@main" 268 | with: 269 | apiKey: ${{ secrets.UPDOWNIO_API_KEY }} 270 | url: ${{ matrix.sites.url }} 271 | output: scans/updownio.json 272 | 273 | - name: Dependabot vulnerabilities alerts 274 | if: ${{ matrix.sites.tools.dependabot && matrix.sites.repositories }} 275 | continue-on-error: true 276 | uses: "MTES-MCT/dependabotalerts-action@main" 277 | with: 278 | token: ${{ secrets.DEPENDABOTALERTS_TOKEN }} 279 | repositories: ${{ join(matrix.sites.repositories) }} 280 | output: scans/dependabotalerts.json 281 | 282 | - name: Code quality alerts 283 | if: ${{ matrix.sites.tools.codescan && matrix.sites.repositories }} 284 | continue-on-error: true 285 | uses: "MTES-MCT/codescanalerts-action@main" 286 | with: 287 | token: ${{ secrets.CODESCANALERTS_TOKEN }} 288 | repositories: ${{ join(matrix.sites.repositories) }} 289 | output: scans/codescanalerts.json 290 | 291 | - uses: SocialGouv/dashlord-actions/save@v1 292 | with: 293 | url: ${{ matrix.sites.url }} 294 | # only clean up previous stats when all tools runned 295 | cleanup: ${{ github.event.inputs.tool == 'all' && true || false }} 296 | 297 | - name: "Commit" 298 | id: commit1 299 | continue-on-error: true 300 | run: | 301 | git config --global user.email 41898282+github-actions[bot]@users.noreply.github.com 302 | git config --global user.name GitHub 303 | git add "results" 304 | git commit -m "update: ${{ matrix.sites.url }}" 305 | git pull --rebase --no-ff origin ${{ github.ref }} 306 | git push 307 | 308 | - name: "Commit retry" 309 | if: steps.commit1.outcome=='failure' 310 | id: commit2 311 | continue-on-error: true 312 | run: | 313 | git config --global user.email 41898282+github-actions[bot]@users.noreply.github.com 314 | git config --global user.name GitHub 315 | git add "results" 316 | git commit -m "update: ${{ matrix.sites.url }}" 317 | git pull --rebase --no-ff origin ${{ github.ref }} 318 | git push 319 | 320 | - name: "Commit retry 2" 321 | if: steps.commit2.outcome=='failure' 322 | run: | 323 | git config --global user.email 41898282+github-actions[bot]@users.noreply.github.com 324 | git config --global user.name GitHub 325 | git add "results" 326 | git commit -m "update: ${{ matrix.sites.url }}" 327 | git pull --rebase --no-ff origin ${{ github.ref }} 328 | git push 329 | -------------------------------------------------------------------------------- /AUTHORS.md: -------------------------------------------------------------------------------- 1 | # This file lists all contributors to the repository. 2 | 3 | Julien Bouquillon 4 | Tristan Robert 5 | Clément Lelong 6 | Benoit Serrano 7 | Matéo Mévollon 8 | Erica Delagnier 9 | Lilian Saget-Lethias 10 | Xavier Desoindre 11 | Arthur Lutz 12 | -------------------------------------------------------------------------------- /CHANGELOG.md: -------------------------------------------------------------------------------- 1 | see https://github.com/SocialGouv/dashlord-actions/blob/main/CHANGELOG.md 2 | -------------------------------------------------------------------------------- /CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- 1 | # Contributor Covenant Code of Conduct 2 | 3 | ## Our Pledge 4 | 5 | We as members, contributors, and leaders pledge to make participation in our 6 | community a harassment-free experience for everyone, regardless of age, body 7 | size, visible or invisible disability, ethnicity, sex characteristics, gender 8 | identity and expression, level of experience, education, socio-economic status, 9 | nationality, personal appearance, race, religion, or sexual identity 10 | and orientation. 11 | 12 | We pledge to act and interact in ways that contribute to an open, welcoming, 13 | diverse, inclusive, and healthy community. 14 | 15 | ## Our Standards 16 | 17 | Examples of behavior that contributes to a positive environment for our 18 | community include: 19 | 20 | * Demonstrating empathy and kindness toward other people 21 | * Being respectful of differing opinions, viewpoints, and experiences 22 | * Giving and gracefully accepting constructive feedback 23 | * Accepting responsibility and apologizing to those affected by our mistakes, 24 | and learning from the experience 25 | * Focusing on what is best not just for us as individuals, but for the 26 | overall community 27 | 28 | Examples of unacceptable behavior include: 29 | 30 | * The use of sexualized language or imagery, and sexual attention or 31 | advances of any kind 32 | * Trolling, insulting or derogatory comments, and personal or political attacks 33 | * Public or private harassment 34 | * Publishing others' private information, such as a physical or email 35 | address, without their explicit permission 36 | * Other conduct which could reasonably be considered inappropriate in a 37 | professional setting 38 | 39 | ## Enforcement Responsibilities 40 | 41 | Community leaders are responsible for clarifying and enforcing our standards of 42 | acceptable behavior and will take appropriate and fair corrective action in 43 | response to any behavior that they deem inappropriate, threatening, offensive, 44 | or harmful. 45 | 46 | Community leaders have the right and responsibility to remove, edit, or reject 47 | comments, commits, code, wiki edits, issues, and other contributions that are 48 | not aligned to this Code of Conduct, and will communicate reasons for moderation 49 | decisions when appropriate. 50 | 51 | ## Scope 52 | 53 | This Code of Conduct applies within all community spaces, and also applies when 54 | an individual is officially representing the community in public spaces. 55 | Examples of representing our community include using an official e-mail address, 56 | posting via an official social media account, or acting as an appointed 57 | representative at an online or offline event. 58 | 59 | ## Enforcement 60 | 61 | Instances of abusive, harassing, or otherwise unacceptable behavior may be 62 | reported to the community leaders responsible for enforcement at 63 | . 64 | All complaints will be reviewed and investigated promptly and fairly. 65 | 66 | All community leaders are obligated to respect the privacy and security of the 67 | reporter of any incident. 68 | 69 | ## Enforcement Guidelines 70 | 71 | Community leaders will follow these Community Impact Guidelines in determining 72 | the consequences for any action they deem in violation of this Code of Conduct: 73 | 74 | ### 1. Correction 75 | 76 | **Community Impact**: Use of inappropriate language or other behavior deemed 77 | unprofessional or unwelcome in the community. 78 | 79 | **Consequence**: A private, written warning from community leaders, providing 80 | clarity around the nature of the violation and an explanation of why the 81 | behavior was inappropriate. A public apology may be requested. 82 | 83 | ### 2. Warning 84 | 85 | **Community Impact**: A violation through a single incident or series 86 | of actions. 87 | 88 | **Consequence**: A warning with consequences for continued behavior. No 89 | interaction with the people involved, including unsolicited interaction with 90 | those enforcing the Code of Conduct, for a specified period of time. This 91 | includes avoiding interactions in community spaces as well as external channels 92 | like social media. Violating these terms may lead to a temporary or 93 | permanent ban. 94 | 95 | ### 3. Temporary Ban 96 | 97 | **Community Impact**: A serious violation of community standards, including 98 | sustained inappropriate behavior. 99 | 100 | **Consequence**: A temporary ban from any sort of interaction or public 101 | communication with the community for a specified period of time. No public or 102 | private interaction with the people involved, including unsolicited interaction 103 | with those enforcing the Code of Conduct, is allowed during this period. 104 | Violating these terms may lead to a permanent ban. 105 | 106 | ### 4. Permanent Ban 107 | 108 | **Community Impact**: Demonstrating a pattern of violation of community 109 | standards, including sustained inappropriate behavior, harassment of an 110 | individual, or aggression toward or disparagement of classes of individuals. 111 | 112 | **Consequence**: A permanent ban from any sort of public interaction within 113 | the community. 114 | 115 | ## Attribution 116 | 117 | This Code of Conduct is adapted from the [Contributor Covenant][homepage], 118 | version 2.0, available at 119 | https://www.contributor-covenant.org/version/2/0/code_of_conduct.html. 120 | 121 | Community Impact Guidelines were inspired by [Mozilla's code of conduct 122 | enforcement ladder](https://github.com/mozilla/diversity). 123 | 124 | [homepage]: https://www.contributor-covenant.org 125 | 126 | For answers to common questions about this code of conduct, see the FAQ at 127 | https://www.contributor-covenant.org/faq. Translations are available at 128 | https://www.contributor-covenant.org/translations. 129 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contributing to DashLord 2 | 3 | Les contributions sont bienvenues. 4 | 5 | ## Comment modifier le rendu du rapport ? 6 | 7 | Le rapport est généré avec l'[action report](https://github.com/SocialGouv/dashlord-actions/tree/main/report). 8 | 9 | Pour développer en local, récupérer le code ici : https://github.com/SocialGouv/dashlord-actions/tree/main/report/www 10 | 11 | Pour l'utiliser dans votre dashlord hebergé sur GitHub, modifiez la source de cette action dans votre workflow `report.yml` pour pointer vers votre version (ex: `uses: "my-gh-org/dashlord-actions/report@master"`). 12 | 13 | ## Ajouter un scanner 14 | 15 | #### Etape 1 : Acquisition des données 16 | 17 | - créer un repo dédié à l'action et ses tests 18 | - Dans une branche d'un dashlord: 19 | - référencer l'action dans `.github/workflows/scan.yml` 20 | - activer le scan dans `dashlord.yml` 21 | - Faire tourner un scan d'URL sur cette branche. 22 | - Un fichier JSON produit par l'action doit se trouver dans `results/xxxxx/xxxx.json` à la fin du scan. 23 | 24 | :warning: L'action doit déposer son JSON dans le dossier `scans` pour qu'il soit automatiquement versionné dans GIT. 25 | 26 | #### Etape 2 : Ajout des données dans le rapport DashLord 27 | 28 | - cloner le repo `socialgouv/dashlord-actions` localement et créer une branche 29 | - dans `report/src/generateUrlReport` inclure le fichier JSON de l'action dans le rapport JSON généré pour l'URL : https://github.com/SocialGouv/dashlord-actions/blob/main/report/src/generateUrlReport.js#L117 30 | - si besoin, minimiser les données importées (elle seront servies au front) 31 | - si besoin de calculer une "note" pour ce scanner, ajouter une fonction dans `report/src/summary`. 32 | 33 | ##### Tester la generation du report.json : 34 | 35 | Pour tester la generation du rapport, il faut avoir en local un clone d'un dashlord avec les données de votre nouvelle action. (ex: branche de test qui a déjà reçu les résultat de la nouvelle action) 36 | 37 | ```sh 38 | cd report 39 | DASHLORD_REPO_PATH=$PWD/path/to/dashlord node src/index.js 40 | ``` 41 | 42 | Ceci produira un fichier général `report.json` qui contient les resultats de tous les scans de toutes les urls. Vérifiez que les résultats de votre action sont bien présentes pour l'URL de test. 43 | 44 | #### Etape 3 : Affichage des données dans l'UI DashLord 45 | 46 | Lancer le site localement : 47 | 48 | ```sh 49 | cd report/www 50 | yarn && yarn dev 51 | ``` 52 | 53 | NB : Les fichiers `report/www/src/report.json` et `report/www/src/config.json` doivent contenir les données que vous souhaitez afficher. 54 | 55 | Dans le fichier `report/www/src/components/Url.tsx`, logger les données de `report` qui doivent contenir toutes les données pour une URL donnée pour verifier que vous avez bien récupéré les données de votre action. 56 | 57 | Ajoutez vos composants qui consomment ces données and have a break :coffee: :v: 58 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "[]" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright 2019-present DSI des Ministères Sociaux 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # DashLord 2 | 3 | Tableau de bord des bonnes pratiques techniques 4 | 5 | Exemples : 6 | 7 | - https://dashlord.incubateur.net 8 | - https://socialgouv.github.io/dashlord-fabrique 9 | - https://mtes-mct.github.io/dashlord 10 | - https://socialgouv.github.io/dnum-dashboard 11 | 12 | ## Usage 13 | 14 | ### Ajouter une URL dans le dashlord 15 | 16 | Vous devez éditer le fichier [./dashlord.yml](./dashlord.yml) et ajouter une entrée pour votre URL. 17 | 18 | 💡 Bonne pratique : enlever les slashs à la fin des urls 19 | 20 | ### Déployer sa propre version de DashLord : 21 | 22 | - Créer un nouveau repository [**à partir du template dashlord**](https://github.com/SocialGouv/dashlord) 23 | - Éditer le fichier `dashlord.yml` 24 | - Éditer le fichier `.github/workflows/scans.yml` si nécessaire 25 | - Éditer le fichier `.github/workflows/report.yml` si nécessaire (vérifier le `base-path` où sera publié le site web, il s'agira du nom du repository) 26 | - Dans les settings du repository, dans "Actions", positionner "Workflows permissions" sur "Read and write" (si l'option n'est pas disponible pour le dépôt, activez la d'abord au niveau de l'organisation) 27 | - Dans les settings du repository, dans "Pages", selectionner `gh-pages` comme branche source (vous pouvez soit la créer en amont soit la selectionner après le premier scan qui la créera) 28 | - Lancer `DashLord scans` dans l'onglet `Actions` de votre projet GitHub 29 | 30 | Une fois les scans terminés, un rapport sera généré dans la branche `gh-pages` du repository, il sera disponible sur `https://[organisation].github.io/[repository]` (publiquement). 31 | 32 | #### Customisation 33 | 34 | - Le fichier [`dashlord.yml`](./dashlord.yml) permet de paramétrer les urls et quelques options du tableau de bord 35 | - Le workflow [DashLord scans `.github/workflows/scans.yml`](./.github/workflows/scans.yml) permet de customiser certains scanners, et régler la fréquence de scan (paramètre `schedule` positionné par défaut tous les dimanches à minuit) 36 | - Le workflow [DashLord report `.github/workflows/report.yml`](./.github/workflows/report.yml) génére automatiquement le rapport web en se basant sur [SocialGouv/dashlord-actions/report](https://github.com/SocialGouv/dashlord-actions) 37 | 38 | Ces workflows sont également déclenchables manuellement dans l'onglet "Actions" 39 | 40 | ## Outils 41 | 42 | Chaque outil peut être activé/désactivé dans le rapport avec la clé `tools` de dashlord.yml. 43 | 44 | | Repo | desc | 45 | | ----------------------------------------------------------------------------------------- | -------------------------------------- | 46 | | [SocialGouv/dashlord-actions](https://github.com/SocialGouv/dashlord-actions) | Dashlord specific actions | 47 | | [SocialGouv/dashlord-nuclei-action](https://github.com/SocialGouv/dashlord-nuclei-action) | Dump nuclei result | 48 | | [SocialGouv/httpobs-action](https://github.com/SocialGouv/httpobs-action) | Dump Mozilla HTTP Observatory result | 49 | | [SocialGouv/thirdparties-action](https://github.com/SocialGouv/thirdparties-action) | Dump third party scripts scan result | 50 | | [SocialGouv/wappalyzer-action](https://github.com/SocialGouv/wappalyzer-action) | Dump Wappalyzer scan result | 51 | | [MTES-MCT/dependabotalerts-action](https://github.com/MTES-MCT/dependabotalerts-action) | Dump Github dependabot security alerts | 52 | | [MTES-MCT/codescanalerts-action](https://github.com/MTES-MCT/codescanalerts-action) | Dump Github CodeQL security alerts | 53 | | [MTES-MCT/updownio-action](https://github.com/MTES-MCT/updownio-action) | Dump updown.io stats | 54 | | [MTES-MCT/nmap-action](https://github.com/MTES-MCT/nmap-action) | Dump nmap port scan stats | 55 | | [MTES-MCT/stats-action](https://github.com/MTES-MCT/stats-action) | Detect /stats page. | 56 | | [SocialGouv/thirdparties](https://github.com/SocialGouv/thirdparties) | thirdparty scripts database | 57 | | [swinton/screenshot-website](https://github.com/swinton/screenshot-website) | grab website screenshot | 58 | | [SocialGouv/detect-404-action](https://github.com/SocialGouv/detect-404-action) | detect 404 errors | 59 | | [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) | Scan docker images vulnerabilities | 60 | 61 | ## Configuration 62 | 63 | Certains outils nécessitent une configuration supplémentaire : 64 | 65 | ### dependabot (détection de vulnérabilités issues des dépendances du projet) 66 | 67 | ajouter un secret GitHub `DEPENDABOTALERTS_TOKEN` et lui donner pour valeur un [token d'accès personnel](https://github.com/settings/personal-access-tokens/new) ayant droit de lecture sur **"Dependabot alerts"** en sélectionnant les dépôts à scanner 68 | 69 | ### codescan (analyse statique de la qualité de code) 70 | 71 | ajouter un secret GitHub `CODESCANALERTS_TOKEN` et lui donner pour valeur un [token d'accès personnel](https://github.com/settings/personal-access-tokens/new) ayant droit de lecture sur **"Code scanning alerts"** en sélectionnant les dépôts à scanner 72 | 73 | ### updown.io (Mesures de disponibilité) 74 | 75 | DashLord peut monitorer le niveau de performance et de disponibilité de vos applications. (mise en place = 10mins) 76 | 77 | - Créez un compte sur [updown.io](https://updown.io) 78 | - Ajoutez-y les urls à monitorer (telles que définies dans dashlord.yml) 79 | - Activez l'outil avec `updownio: true` dans le fichier dashlord.yml 80 | - Ajouter votre clé d'API updown.io "readonly" dans un secret GitHub nommé `UPDOWNIO_API_KEY` (onglet settings/secrets) 81 | 82 | Si vous fournissez un token `write` à l'action [`init`](https://github.com/SocialGouv/dashlord/blob/48b9362391dc45cf604ceb9d91ee300a028a3021/.github/workflows/scans.yml#L55), les urls manquantes seront automatiquement ajoutées à votre compte updown.io. 83 | 84 | ▶ Au prochain scan, les informations updown.io seront remontées dans DashLord 85 | 86 | ### customCss : 87 | 88 | You can host the css file in your Dashlord repo but the link needs to point to a file with the correct Content-Type Header. See here for [details](https://www.twistblogg.com/2020/06/use-github-for-hosting-files.html) 89 | 90 | ## Contribute 91 | 92 | Vous pouvez contribuer en remontant des issues de qualité, en améliorant la documentation, ou en ajoutant du code. 93 | 94 | 🤗 Toutes les suggestions sont bienvenues. 95 | 96 | cf [CONTRIBUTING.md](./CONTRIBUTING.md) 97 | 98 | ### Dev 99 | 100 | DashLord fonctionne en deux étapes : 101 | 102 | 1. **Acquisition des données** : Pour chaque URL, chaque outil est executé et génère un fichier JSON qui sera versionné dans le repository 103 | 2. **Génération du rapport** : À partir des données existantes, l'action [report](https://github.com/SocialGouv/dashlord-actions) aggrège, compresse les résultats et produit un rapport web statique. 104 | 105 | Voir aussi : [SocialGouv/dashlord-actions](https://github.com/SocialGouv/dashlord-actions) 106 | -------------------------------------------------------------------------------- /dashlord.yml: -------------------------------------------------------------------------------- 1 | title: DashLord example 2 | description: Bonnes pratiques techniques 3 | entity: Votre entité 4 | footer: Powered by SocialGouv 5 | marianne: false 6 | tools: 7 | "404": true 8 | screenshot: true 9 | nmap: true 10 | zap: true 11 | wappalyzer: true 12 | http: true 13 | testssl: true 14 | lighthouse: true 15 | thirdparties: true 16 | nuclei: true 17 | updownio: false 18 | dependabot: true 19 | codescan: true 20 | stats: false 21 | declaration-a11y: true 22 | ecoindex: true 23 | dsfr: true 24 | betagouv: true 25 | columns: # pour masquer des colonnes 26 | zap: false 27 | updownioStatusPage: https://updown.io/status_pages 28 | updownioRecipients: 29 | - email:123456 30 | - email:789987 31 | urls: 32 | - url: https://www.fabrique.social.gouv.fr 33 | repositories: 34 | - socialgouv/www 35 | docker: 36 | - ghcr.io/socialgouv/fabrique/frontend 37 | - url: https://beta.gouv.fr 38 | -------------------------------------------------------------------------------- /lighthouserc.json: -------------------------------------------------------------------------------- 1 | { 2 | "ci": { 3 | "collect": { 4 | "numberOfRuns": 1, 5 | "settings": { 6 | "chromeFlags": ["--ignore-certificate-errors"] 7 | } 8 | } 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /publiccode.yml: -------------------------------------------------------------------------------- 1 | publiccodeYmlVersion: "0.2" 2 | name: DashLord 3 | url: https://github.com/SocialGouv/dashlord 4 | landingURL: https://github.com/SocialGouv/dashlord 5 | creationDate: 2021-04-04 6 | latestRelease: 7 | date: "2024-06-04" 8 | version: "1.40.1" 9 | logo: https://github.com/SocialGouv.png 10 | usedBy: 11 | - Ministères sociaux 12 | - beta.gouv.fr 13 | - MTES 14 | - ANS 15 | - ADEME 16 | - ANACT 17 | fundedBy: 18 | - name: Fabrique numérique des ministères sociaux 19 | url: https://www.fabrique.social.gouv.fr 20 | roadmap: "" 21 | softwareType: "" 22 | description: 23 | en: 24 | shortDescription: The best-practices Dashboard 25 | documentation: "" 26 | fr: 27 | shortDescription: Tableau de bord des bonnes pratiques techniques 28 | documentation: "" 29 | legal: 30 | license: apache-2.0 31 | authorsFile: "" 32 | maintenance: 33 | type: internal 34 | contacts: 35 | - name: "Julien Bouquillon" 36 | email: "julien.bouquillon@beta.gouv.fr" 37 | -------------------------------------------------------------------------------- /renovate.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://docs.renovatebot.com/renovate-schema.json", 3 | "extends": [ 4 | "local>SocialGouv/renovate-config:light" 5 | ] 6 | } 7 | -------------------------------------------------------------------------------- /results/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SocialGouv/dashlord/ab17bc2795d0841e4f230b6a9d24a57514732dd4/results/.gitkeep -------------------------------------------------------------------------------- /results/aHR0cHM6Ly93d3cuZmFicmlxdWUuc29jaWFsLmdvdXYuZnI=/declaration-a11y.json: -------------------------------------------------------------------------------- 1 | {"mention":"Accessibilité : non conforme","declarationUrl":"https://www.fabrique.social.gouv.fr/declaration-accessibilite"} 2 | -------------------------------------------------------------------------------- /results/aHR0cHM6Ly93d3cuZmFicmlxdWUuc29jaWFsLmdvdXYuZnI=/dependabotalerts.json: -------------------------------------------------------------------------------- 1 | {"totalCount":26,"grade":"E","repositories":[{"url":"https://github.com/SocialGouv/www","vulnerabilityAlerts":{"totalCount":26,"nodes":[{"dismissedAt":null,"createdAt":"2020-12-28T00:59:49Z","securityVulnerability":{"severity":"LOW","package":{"name":"node-fetch"},"advisory":{"identifiers":[{"type":"GHSA","value":"GHSA-w7rc-rwvf-8q5r"},{"type":"CVE","value":"CVE-2020-15168"}],"references":[{"url":"https://github.com/node-fetch/node-fetch/security/advisories/GHSA-w7rc-rwvf-8q5r"},{"url":"https://www.npmjs.com/package/node-fetch"},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15168"},{"url":"https://github.com/advisories/GHSA-w7rc-rwvf-8q5r"}]}}},{"dismissedAt":null,"createdAt":"2021-05-10T19:22:41Z","securityVulnerability":{"severity":"HIGH","package":{"name":"trim"},"advisory":{"identifiers":[{"type":"GHSA","value":"GHSA-w5p7-h5w8-2hfq"},{"type":"CVE","value":"CVE-2020-7753"}],"references":[{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-7753"},{"url":"https://github.com/component/trim/pull/8"},{"url":"https://github.com/component/trim/blob/master/index.js"},{"url":"https://github.com/component/trim/blob/master/index.js%23L6"},{"url":"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1022132"},{"url":"https://snyk.io/vuln/SNYK-JS-TRIM-1017038"},{"url":"https://lists.apache.org/thread.html/r10faad1ef9166d37a1a5c9142b1af7099b8ecdc5ad05c51b8ea993d9@%3Ccommits.airflow.apache.org%3E"},{"url":"https://lists.apache.org/thread.html/r51ff3c2a4c7b8402f321eae7e624672cc2295c7bc8c12c8b871f6b0b@%3Ccommits.airflow.apache.org%3E"},{"url":"https://lists.apache.org/thread.html/r75b8d0b88833d7d96afcdce3ead65e212572ead4e7a9f34d21040196@%3Ccommits.airflow.apache.org%3E"},{"url":"https://lists.apache.org/thread.html/rb8462df3b6484e778905c09cd49a8912e1a302659860017ebe36da03@%3Ccommits.airflow.apache.org%3E"},{"url":"https://lists.apache.org/thread.html/rcc7c2865a52b544a8e49386c6880e9b9ab29bfce1052b5569d09ee4a@%3Ccommits.airflow.apache.org%3E"},{"url":"https://github.com/advisories/GHSA-w5p7-h5w8-2hfq"}]}}},{"dismissedAt":null,"createdAt":"2021-09-20T23:47:06Z","securityVulnerability":{"severity":"HIGH","package":{"name":"tmpl"},"advisory":{"identifiers":[{"type":"GHSA","value":"GHSA-jgrx-mgxx-jf9v"},{"type":"CVE","value":"CVE-2021-3777"}],"references":[{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3777"},{"url":"https://github.com/daaku/nodejs-tmpl/commit/4c654e4d1542f329ed561fd95ccd80f30c6872d6"},{"url":"https://huntr.dev/bounties/a07b547a-f457-41c9-9d89-ee48bee8a4df"},{"url":"https://github.com/advisories/GHSA-jgrx-mgxx-jf9v"}]}}},{"dismissedAt":null,"createdAt":"2022-01-06T21:37:30Z","securityVulnerability":{"severity":"HIGH","package":{"name":"parse-link-header"},"advisory":{"identifiers":[{"type":"GHSA","value":"GHSA-q674-xm3x-2926"},{"type":"CVE","value":"CVE-2021-23490"}],"references":[{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-23490"},{"url":"https://github.com/thlorenz/parse-link-header/commit/72f05c717b3f129c5331a07bf300ed8886eb8ae1"},{"url":"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2321973"},{"url":"https://snyk.io/vuln/SNYK-JS-PARSELINKHEADER-1582783"},{"url":"https://github.com/advisories/GHSA-q674-xm3x-2926"}]}}},{"dismissedAt":null,"createdAt":"2022-01-24T23:47:02Z","securityVulnerability":{"severity":"HIGH","package":{"name":"node-fetch"},"advisory":{"identifiers":[{"type":"GHSA","value":"GHSA-r683-j2x4-v87g"},{"type":"CVE","value":"CVE-2022-0235"}],"references":[{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0235"},{"url":"https://github.com/node-fetch/node-fetch/commit/36e47e8a6406185921e4985dcbeff140d73eaa10"},{"url":"https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7"},{"url":"https://github.com/node-fetch/node-fetch/pull/1453"},{"url":"https://github.com/node-fetch/node-fetch/commit/5c32f002fdd65b1c6a8f1e3620210813d45c7e60"},{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf"},{"url":"https://lists.debian.org/debian-lts-announce/2022/12/msg00007.html"},{"url":"https://github.com/node-fetch/node-fetch/pull/1449/commits/5c32f002fdd65b1c6a8f1e3620210813d45c7e60"},{"url":"https://github.com/node-fetch/node-fetch/commit/1ef4b560a17e644a02a3bfdea7631ffeee578b35"},{"url":"https://github.com/advisories/GHSA-r683-j2x4-v87g"}]}}},{"dismissedAt":null,"createdAt":"2022-02-17T20:13:02Z","securityVulnerability":{"severity":"MODERATE","package":{"name":"url-parse"},"advisory":{"identifiers":[{"type":"GHSA","value":"GHSA-rqff-837h-mm52"},{"type":"CVE","value":"CVE-2022-0512"}],"references":[{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0512"},{"url":"https://github.com/unshiftio/url-parse/commit/9be7ee88afd2bb04e4d5a1a8da9a389ac13f8c40"},{"url":"https://huntr.dev/bounties/6d1bc51f-1876-4f5b-a2c2-734e09e8e05b"},{"url":"https://lists.debian.org/debian-lts-announce/2023/02/msg00030.html"},{"url":"https://github.com/advisories/GHSA-rqff-837h-mm52"}]}}},{"dismissedAt":null,"createdAt":"2022-02-17T20:46:13Z","securityVulnerability":{"severity":"MODERATE","package":{"name":"next"},"advisory":{"identifiers":[{"type":"GHSA","value":"GHSA-fmvm-x8mv-47mj"},{"type":"CVE","value":"CVE-2022-23646"}],"references":[{"url":"https://github.com/vercel/next.js/security/advisories/GHSA-fmvm-x8mv-47mj"},{"url":"https://github.com/vercel/next.js/releases/tag/v12.1.0"},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23646"},{"url":"https://github.com/vercel/next.js/pull/34075"},{"url":"https://github.com/advisories/GHSA-fmvm-x8mv-47mj"}]}}},{"dismissedAt":null,"createdAt":"2022-02-24T18:37:47Z","securityVulnerability":{"severity":"MODERATE","package":{"name":"postcss"},"advisory":{"identifiers":[{"type":"GHSA","value":"GHSA-566m-qj78-rww5"},{"type":"CVE","value":"CVE-2021-23382"}],"references":[{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-23382"},{"url":"https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956"},{"url":"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1255641"},{"url":"https://snyk.io/vuln/SNYK-JS-POSTCSS-1255640"},{"url":"https://github.com/postcss/postcss/releases/tag/7.0.36"},{"url":"https://github.com/advisories/GHSA-566m-qj78-rww5"}]}}},{"dismissedAt":null,"createdAt":"2022-02-26T07:44:20Z","securityVulnerability":{"severity":"MODERATE","package":{"name":"url-parse"},"advisory":{"identifiers":[{"type":"GHSA","value":"GHSA-8v38-pw62-9cw2"},{"type":"CVE","value":"CVE-2022-0639"}],"references":[{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0639"},{"url":"https://github.com/unshiftio/url-parse/commit/ef45a1355375a8244063793a19059b4f62fc8788"},{"url":"https://huntr.dev/bounties/83a6bc9a-b542-4a38-82cd-d995a1481155"},{"url":"https://lists.debian.org/debian-lts-announce/2023/02/msg00030.html"},{"url":"https://github.com/advisories/GHSA-8v38-pw62-9cw2"}]}}},{"dismissedAt":null,"createdAt":"2022-02-26T07:48:35Z","securityVulnerability":{"severity":"CRITICAL","package":{"name":"url-parse"},"advisory":{"identifiers":[{"type":"GHSA","value":"GHSA-hgjh-723h-mx2j"},{"type":"CVE","value":"CVE-2022-0686"}],"references":[{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0686"},{"url":"https://github.com/unshiftio/url-parse/commit/d5c64791ef496ca5459ae7f2176a31ea53b127e5"},{"url":"https://huntr.dev/bounties/55fd06cd-9054-4d80-83be-eb5a454be78c"},{"url":"https://security.netapp.com/advisory/ntap-20220325-0006/"},{"url":"https://lists.debian.org/debian-lts-announce/2023/02/msg00030.html"},{"url":"https://github.com/advisories/GHSA-hgjh-723h-mx2j"}]}}},{"dismissedAt":null,"createdAt":"2022-03-02T03:35:17Z","securityVulnerability":{"severity":"MODERATE","package":{"name":"url-parse"},"advisory":{"identifiers":[{"type":"GHSA","value":"GHSA-jf5r-8hm2-f872"},{"type":"CVE","value":"CVE-2022-0691"}],"references":[{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0691"},{"url":"https://github.com/unshiftio/url-parse/commit/0e3fb542d60ddbf6933f22eb9b1e06e25eaa5b63"},{"url":"https://huntr.dev/bounties/57124ed5-4b68-4934-8325-2c546257f2e4"},{"url":"https://security.netapp.com/advisory/ntap-20220325-0006/"},{"url":"https://lists.debian.org/debian-lts-announce/2023/02/msg00030.html"},{"url":"https://github.com/advisories/GHSA-jf5r-8hm2-f872"}]}}},{"dismissedAt":null,"createdAt":"2022-03-18T14:38:38Z","securityVulnerability":{"severity":"MODERATE","package":{"name":"nanoid"},"advisory":{"identifiers":[{"type":"GHSA","value":"GHSA-qrpm-p2h7-hrv2"},{"type":"CVE","value":"CVE-2021-23566"}],"references":[{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-23566"},{"url":"https://github.com/ai/nanoid/pull/328"},{"url":"https://github.com/ai/nanoid/commit/2b7bd9332bc49b6330c7ddb08e5c661833db2575"},{"url":"https://gist.github.com/artalar/bc6d1eb9a3477d15d2772e876169a444"},{"url":"https://snyk.io/vuln/SNYK-JS-NANOID-2332193"},{"url":"https://github.com/advisories/GHSA-qrpm-p2h7-hrv2"}]}}},{"dismissedAt":null,"createdAt":"2022-03-28T20:13:48Z","securityVulnerability":{"severity":"HIGH","package":{"name":"ansi-regex"},"advisory":{"identifiers":[{"type":"GHSA","value":"GHSA-93q8-gq69-wqmw"},{"type":"CVE","value":"CVE-2021-3807"}],"references":[{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3807"},{"url":"https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9"},{"url":"https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994"},{"url":"https://github.com/chalk/ansi-regex/issues/38#issuecomment-924086311"},{"url":"https://app.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908"},{"url":"https://github.com/chalk/ansi-regex/issues/38#issuecomment-925924774"},{"url":"https://github.com/chalk/ansi-regex/releases/tag/v6.0.1"},{"url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"url":"https://security.netapp.com/advisory/ntap-20221014-0002/"},{"url":"https://github.com/chalk/ansi-regex/commit/419250fa510bf31b4cc672e76537a64f9332e1f1"},{"url":"https://github.com/chalk/ansi-regex/commit/75a657da7af875b2e2724fd6331bf0a4b23d3c9a"},{"url":"https://github.com/chalk/ansi-regex/commit/c3c0b3f2736b9c01feec0fef33980c43720dcde8"},{"url":"https://github.com/advisories/GHSA-93q8-gq69-wqmw"}]}}},{"dismissedAt":null,"createdAt":"2022-06-22T03:42:26Z","securityVulnerability":{"severity":"CRITICAL","package":{"name":"shell-quote"},"advisory":{"identifiers":[{"type":"GHSA","value":"GHSA-g4rg-993r-mgx7"},{"type":"CVE","value":"CVE-2021-42740"}],"references":[{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-42740"},{"url":"https://www.npmjs.com/package/shell-quote"},{"url":"https://github.com/ljharb/shell-quote/commit/5799416ed454aa4ec9afafc895b4e31760ea1abe"},{"url":"https://github.com/ljharb/shell-quote/blob/master/CHANGELOG.md#173"},{"url":"https://github.com/advisories/GHSA-g4rg-993r-mgx7"}]}}},{"dismissedAt":null,"createdAt":"2022-10-24T23:58:49Z","securityVulnerability":{"severity":"HIGH","package":{"name":"minimatch"},"advisory":{"identifiers":[{"type":"GHSA","value":"GHSA-f8q6-p94x-37v3"},{"type":"CVE","value":"CVE-2022-3517"}],"references":[{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3517"},{"url":"https://github.com/grafana/grafana-image-renderer/issues/329"},{"url":"https://github.com/isaacs/minimatch/commit/a8763f4388e51956be62dc6025cec1126beeb5e6"},{"url":"https://github.com/nodejs/node/issues/42510"},{"url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00011.html"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MTEUUTNIEBHGKUKKLNUZSV7IEP6IP3Q3/"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UM6XJ73Q3NAM5KSGCOKJ2ZIA6GUWUJLK/"},{"url":"https://github.com/advisories/GHSA-f8q6-p94x-37v3"}]}}},{"dismissedAt":null,"createdAt":"2022-11-07T23:51:03Z","securityVulnerability":{"severity":"CRITICAL","package":{"name":"loader-utils"},"advisory":{"identifiers":[{"type":"GHSA","value":"GHSA-76p3-8jx3-jpfq"},{"type":"CVE","value":"CVE-2022-37601"}],"references":[{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-37601"},{"url":"https://github.com/webpack/loader-utils/issues/212"},{"url":"https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/parseQuery.js#L11"},{"url":"https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/parseQuery.js#L47"},{"url":"https://github.com/webpack/loader-utils/releases/tag/v2.0.3"},{"url":"https://github.com/webpack/loader-utils/pull/217"},{"url":"https://github.com/webpack/loader-utils/pull/220"},{"url":"https://github.com/webpack/loader-utils/releases/tag/v1.4.1"},{"url":"https://github.com/webpack/loader-utils/issues/212#issuecomment-1319192884"},{"url":"https://github.com/xmldom/xmldom/issues/436#issuecomment-1319412826"},{"url":"https://dl.acm.org/doi/abs/10.1145/3488932.3497769"},{"url":"https://dl.acm.org/doi/pdf/10.1145/3488932.3497769"},{"url":"https://lists.debian.org/debian-lts-announce/2022/12/msg00044.html"},{"url":"http://users.encs.concordia.ca/~mmannan/publications/JS-vulnerability-aisaccs2022.pdf"},{"url":"https://github.com/webpack/loader-utils/pull/217/commits/f4e48a232fae900237c3e5ff7b57ce9e1c734de1"},{"url":"https://github.com/webpack/loader-utils/pull/220/commits/a49c061ef272bc0c61cc1d996f83bb0e3b4daa9e"},{"url":"https://github.com/advisories/GHSA-76p3-8jx3-jpfq"}]}}},{"dismissedAt":null,"createdAt":"2022-11-07T23:51:04Z","securityVulnerability":{"severity":"CRITICAL","package":{"name":"loader-utils"},"advisory":{"identifiers":[{"type":"GHSA","value":"GHSA-76p3-8jx3-jpfq"},{"type":"CVE","value":"CVE-2022-37601"}],"references":[{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-37601"},{"url":"https://github.com/webpack/loader-utils/issues/212"},{"url":"https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/parseQuery.js#L11"},{"url":"https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/parseQuery.js#L47"},{"url":"https://github.com/webpack/loader-utils/releases/tag/v2.0.3"},{"url":"https://github.com/webpack/loader-utils/pull/217"},{"url":"https://github.com/webpack/loader-utils/pull/220"},{"url":"https://github.com/webpack/loader-utils/releases/tag/v1.4.1"},{"url":"https://github.com/webpack/loader-utils/issues/212#issuecomment-1319192884"},{"url":"https://github.com/xmldom/xmldom/issues/436#issuecomment-1319412826"},{"url":"https://dl.acm.org/doi/abs/10.1145/3488932.3497769"},{"url":"https://dl.acm.org/doi/pdf/10.1145/3488932.3497769"},{"url":"https://lists.debian.org/debian-lts-announce/2022/12/msg00044.html"},{"url":"http://users.encs.concordia.ca/~mmannan/publications/JS-vulnerability-aisaccs2022.pdf"},{"url":"https://github.com/webpack/loader-utils/pull/217/commits/f4e48a232fae900237c3e5ff7b57ce9e1c734de1"},{"url":"https://github.com/webpack/loader-utils/pull/220/commits/a49c061ef272bc0c61cc1d996f83bb0e3b4daa9e"},{"url":"https://github.com/advisories/GHSA-76p3-8jx3-jpfq"}]}}},{"dismissedAt":null,"createdAt":"2022-11-16T14:19:39Z","securityVulnerability":{"severity":"HIGH","package":{"name":"loader-utils"},"advisory":{"identifiers":[{"type":"GHSA","value":"GHSA-hhq3-ff78-jv3g"},{"type":"CVE","value":"CVE-2022-37599"}],"references":[{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-37599"},{"url":"https://github.com/webpack/loader-utils/issues/211"},{"url":"https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/interpolateName.js#L38"},{"url":"https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/interpolateName.js#L83"},{"url":"https://github.com/webpack/loader-utils/issues/216"},{"url":"https://github.com/webpack/loader-utils/commit/17cbf8fa8989c1cb45bdd2997aa524729475f1fa"},{"url":"https://github.com/webpack/loader-utils/commit/ac09944dfacd7c4497ef692894b09e63e09a5eeb"},{"url":"https://github.com/webpack/loader-utils/commit/d2d752d59629daee38f34b24307221349c490eb1"},{"url":"https://github.com/advisories/GHSA-hhq3-ff78-jv3g"}]}}},{"dismissedAt":null,"createdAt":"2022-11-16T14:38:11Z","securityVulnerability":{"severity":"HIGH","package":{"name":"loader-utils"},"advisory":{"identifiers":[{"type":"GHSA","value":"GHSA-3rfm-jhwj-7488"},{"type":"CVE","value":"CVE-2022-37603"}],"references":[{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-37603"},{"url":"https://github.com/webpack/loader-utils/issues/213"},{"url":"https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/interpolateName.js#L107"},{"url":"https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/interpolateName.js#L38"},{"url":"https://github.com/webpack/loader-utils/issues/216"},{"url":"https://github.com/webpack/loader-utils/commit/17cbf8fa8989c1cb45bdd2997aa524729475f1fa"},{"url":"https://github.com/webpack/loader-utils/commit/ac09944dfacd7c4497ef692894b09e63e09a5eeb"},{"url":"https://github.com/webpack/loader-utils/commit/d2d752d59629daee38f34b24307221349c490eb1"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ERN6YE3DS7NBW7UH44SCJBMNC2NWQ7SM/"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KAC5KQ2SEWAMQ6UZAUBZ5KXKEOESH375/"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VNV2GNZXOTEDAJRFH3ZYWRUBGIVL7BSU/"},{"url":"https://github.com/advisories/GHSA-3rfm-jhwj-7488"}]}}},{"dismissedAt":null,"createdAt":"2022-11-21T13:13:26Z","securityVulnerability":{"severity":"HIGH","package":{"name":"loader-utils"},"advisory":{"identifiers":[{"type":"GHSA","value":"GHSA-hhq3-ff78-jv3g"},{"type":"CVE","value":"CVE-2022-37599"}],"references":[{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-37599"},{"url":"https://github.com/webpack/loader-utils/issues/211"},{"url":"https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/interpolateName.js#L38"},{"url":"https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/interpolateName.js#L83"},{"url":"https://github.com/webpack/loader-utils/issues/216"},{"url":"https://github.com/webpack/loader-utils/commit/17cbf8fa8989c1cb45bdd2997aa524729475f1fa"},{"url":"https://github.com/webpack/loader-utils/commit/ac09944dfacd7c4497ef692894b09e63e09a5eeb"},{"url":"https://github.com/webpack/loader-utils/commit/d2d752d59629daee38f34b24307221349c490eb1"},{"url":"https://github.com/advisories/GHSA-hhq3-ff78-jv3g"}]}}}]},"grade":"E"}]} -------------------------------------------------------------------------------- /results/aHR0cHM6Ly93d3cuZmFicmlxdWUuc29jaWFsLmdvdXYuZnI=/ecoindex.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "width": 1920, 4 | "height": 1080, 5 | "url": "https://www.fabrique.social.gouv.fr", 6 | "size": 8093.048, 7 | "nodes": 538, 8 | "requests": 116, 9 | "grade": "E", 10 | "score": 38.0, 11 | "ges": 2.24, 12 | "water": 3.36, 13 | "ecoindex_version": "5.4.2", 14 | "date": "2023-04-16 00:55:34.257271", 15 | "page_type": null 16 | } 17 | ] -------------------------------------------------------------------------------- /results/aHR0cHM6Ly93d3cuZmFicmlxdWUuc29jaWFsLmdvdXYuZnI=/http.json: -------------------------------------------------------------------------------- 1 | {"url":"https://www.fabrique.social.gouv.fr","algorithm_version":2,"end_time":"Sun, 16 Apr 2023 00:53:49 GMT","grade":"A+","hidden":false,"likelihood_indicator":"LOW","response_headers":{"Connection":"keep-alive","Content-Encoding":"gzip","Content-Security-Policy":"default-src 'none'; connect-src 'self' https://*.gouv.fr; font-src 'self'; img-src 'self'; prefetch-src 'self' https://*.gouv.fr; script-src 'self' https://*.gouv.fr; frame-src 'self' https://*.gouv.fr; style-src 'self' 'unsafe-inline'","Content-Type":"text/html; charset=utf-8","Date":"Sun, 16 Apr 2023 00:53:47 GMT","ETag":"W/\"64387b42-73e3\"","Last-Modified":"Thu, 13 Apr 2023 21:59:30 GMT","Strict-Transport-Security":"max-age=15724800; includeSubDomains","Transfer-Encoding":"chunked","Vary":"Accept-Encoding","X-Content-Type-Options":"nosniff","X-Frame-Options":"deny","X-XSS-Protection":"1; mode=block"},"scan_id":36411620,"score":100,"start_time":"Sun, 16 Apr 2023 00:53:45 GMT","state":"FINISHED","status_code":200,"tests_failed":0,"tests_passed":12,"tests_quantity":12,"details":{"content-security-policy":{"expectation":"csp-implemented-with-no-unsafe","name":"content-security-policy","output":{"data":{"connect-src":["'self'","https://*.gouv.fr"],"default-src":["'none'"],"font-src":["'self'"],"frame-src":["'self'","https://*.gouv.fr"],"img-src":["'self'"],"prefetch-src":["'self'","https://*.gouv.fr"],"script-src":["'self'","https://*.gouv.fr"],"style-src":["'self'","'unsafe-inline'"]},"http":true,"meta":false,"numPolicies":1,"policy":{"antiClickjacking":false,"defaultNone":true,"insecureBaseUri":true,"insecureFormAction":true,"insecureSchemeActive":false,"insecureSchemePassive":false,"strictDynamic":false,"unsafeEval":false,"unsafeInline":false,"unsafeInlineStyle":true,"unsafeObjects":false}},"pass":true,"result":"csp-implemented-with-unsafe-inline-in-style-src-only","score_description":"Content Security Policy (CSP) implemented with unsafe sources inside style-src. This includes 'unsafe-inline', data: or overly broad sources such as https:.","score_modifier":0},"contribute":{"expectation":"contribute-json-only-required-on-mozilla-properties","name":"contribute","output":{"data":null},"pass":true,"result":"contribute-json-only-required-on-mozilla-properties","score_description":"Contribute.json isn't required on websites that don't belong to Mozilla","score_modifier":0},"cookies":{"expectation":"cookies-secure-with-httponly-sessions","name":"cookies","output":{"data":null,"sameSite":null},"pass":true,"result":"cookies-not-found","score_description":"No cookies detected","score_modifier":0},"cross-origin-resource-sharing":{"expectation":"cross-origin-resource-sharing-not-implemented","name":"cross-origin-resource-sharing","output":{"data":{"acao":null,"clientaccesspolicy":null,"crossdomain":null}},"pass":true,"result":"cross-origin-resource-sharing-not-implemented","score_description":"Content is not visible via cross-origin resource sharing (CORS) files or headers","score_modifier":0},"public-key-pinning":{"expectation":"hpkp-not-implemented","name":"public-key-pinning","output":{"data":null,"includeSubDomains":false,"max-age":null,"numPins":null,"preloaded":false},"pass":true,"result":"hpkp-not-implemented","score_description":"HTTP Public Key Pinning (HPKP) header not implemented","score_modifier":0},"redirection":{"expectation":"redirection-to-https","name":"redirection","output":{"destination":"https://www.fabrique.social.gouv.fr","redirects":true,"route":["http://www.fabrique.social.gouv.fr/","https://www.fabrique.social.gouv.fr"],"status_code":200},"pass":true,"result":"redirection-to-https","score_description":"Initial redirection is to HTTPS on same host, final destination is HTTPS","score_modifier":0},"referrer-policy":{"expectation":"referrer-policy-private","name":"referrer-policy","output":{"data":null,"http":false,"meta":false},"pass":true,"result":"referrer-policy-not-implemented","score_description":"Referrer-Policy header not implemented","score_modifier":0},"strict-transport-security":{"expectation":"hsts-implemented-max-age-at-least-six-months","name":"strict-transport-security","output":{"data":"max-age=15724800; includeSubDomains","includeSubDomains":true,"max-age":15724800,"preload":false,"preloaded":false},"pass":true,"result":"hsts-implemented-max-age-at-least-six-months","score_description":"HTTP Strict Transport Security (HSTS) header set to a minimum of six months (15768000)","score_modifier":0},"subresource-integrity":{"expectation":"sri-implemented-and-external-scripts-loaded-securely","name":"subresource-integrity","output":{"data":{}},"pass":true,"result":"sri-not-implemented-but-all-scripts-loaded-from-secure-origin","score_description":"Subresource Integrity (SRI) not implemented, but all scripts are loaded from a similar origin","score_modifier":0},"x-content-type-options":{"expectation":"x-content-type-options-nosniff","name":"x-content-type-options","output":{"data":"nosniff"},"pass":true,"result":"x-content-type-options-nosniff","score_description":"X-Content-Type-Options header set to \"nosniff\"","score_modifier":0},"x-frame-options":{"expectation":"x-frame-options-sameorigin-or-deny","name":"x-frame-options","output":{"data":"deny"},"pass":true,"result":"x-frame-options-sameorigin-or-deny","score_description":"X-Frame-Options (XFO) header set to SAMEORIGIN or DENY","score_modifier":0},"x-xss-protection":{"expectation":"x-xss-protection-1-mode-block","name":"x-xss-protection","output":{"data":"1; mode=block"},"pass":true,"result":"x-xss-protection-enabled-mode-block","score_description":"X-XSS-Protection header set to \"1; mode=block\"","score_modifier":0}}} -------------------------------------------------------------------------------- /results/aHR0cHM6Ly93d3cuZmFicmlxdWUuc29jaWFsLmdvdXYuZnI=/nmapvuln.gnmap: -------------------------------------------------------------------------------- 1 | # Nmap 7.92 scan initiated Sun Apr 16 01:00:00 2023 as: nmap -sV --script vulners --script-args mincvss=5.0 -oA /data/nmapvuln www.fabrique.social.gouv.fr 2 | Host: 20.74.14.77 () Status: Up 3 | Host: 20.74.14.77 () Ports: 80/open/tcp//http//nginx (reverse proxy)/, 443/open/tcp//ssl|http//nginx (reverse proxy)/ Ignored State: filtered (998) 4 | # Nmap done at Sun Apr 16 01:00:32 2023 -- 1 IP address (1 host up) scanned in 31.77 seconds 5 | -------------------------------------------------------------------------------- /results/aHR0cHM6Ly93d3cuZmFicmlxdWUuc29jaWFsLmdvdXYuZnI=/nmapvuln.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 40 | Scan Report Nmap 7.92 41 | 42 | 43 |
53 |
54 |

Scan Report
Nmap 7.92 55 |

56 | 
nmap -sV --script vulners --script-args mincvss=5.0 -oA /data/nmapvuln www.fabrique.social.gouv.fr
57 |

Sun Apr 16 01:00:00 2023 – Sun Apr 16 01:00:32 2023
1 hosts scanned. 58 | 1 hosts up. 59 | 0 hosts down. 60 |

61 |
62 |
1 63 |
64 |
0 65 |
66 |
67 |
68 |

Scanned Hosts

69 |
70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 |
StateAddressHostnameTCP (open)UDP (open)
up20.74.14.77www.fabrique.social.gouv.fr20
85 |

Online Hosts

93 |
94 |

20.74.14.77 - www.fabrique.social.gouv.fr

95 |
96 |

Hostnames

97 |
  • www.fabrique.social.gouv.fr (user)
98 |

Ports

99 |
100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 |
PortProtocolState
Reason		ServiceProductVersionExtra Info
80tcpopen
syn-ack		httpnginxreverse proxy
cpe:/a:igor_sysoev:nginx
443tcpopen
syn-ack		httpnginxreverse proxy
cpe:/a:igor_sysoev:nginx
132 |
133 |
134 |

Open Services

135 |
136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 |
AddressPortProtocolServiceProductVersionCPEExtra info
20.74.14.77 - www.fabrique.social.gouv.fr80tcphttpnginxcpe:/a:igor_sysoev:nginxreverse proxy
20.74.14.77 - www.fabrique.social.gouv.fr443tcphttpnginxcpe:/a:igor_sysoev:nginxreverse proxy
169 | 177 |
178 | 182 | 183 | 184 | -------------------------------------------------------------------------------- /results/aHR0cHM6Ly93d3cuZmFicmlxdWUuc29jaWFsLmdvdXYuZnI=/nmapvuln.json: -------------------------------------------------------------------------------- 1 | {"host":"www.fabrique.social.gouv.fr","protocol":"tcp","closed_ports":"998","open_ports":[{"service":{"name":"http","product":"nginx","id":"80","vulnerabilities":[]}},{"service":{"name":"http","product":"nginx","id":"443","vulnerabilities":[]}}],"grade":"A"} -------------------------------------------------------------------------------- /results/aHR0cHM6Ly93d3cuZmFicmlxdWUuc29jaWFsLmdvdXYuZnI=/nmapvuln.nmap: -------------------------------------------------------------------------------- 1 | # Nmap 7.92 scan initiated Sun Apr 16 01:00:00 2023 as: nmap -sV --script vulners --script-args mincvss=5.0 -oA /data/nmapvuln www.fabrique.social.gouv.fr 2 | Nmap scan report for www.fabrique.social.gouv.fr (20.74.14.77) 3 | Host is up (0.10s latency). 4 | Not shown: 998 filtered tcp ports (no-response) 5 | PORT STATE SERVICE VERSION 6 | 80/tcp open http nginx (reverse proxy) 7 | 443/tcp open ssl/http nginx (reverse proxy) 8 | 9 | Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . 10 | # Nmap done at Sun Apr 16 01:00:32 2023 -- 1 IP address (1 host up) scanned in 31.77 seconds 11 | -------------------------------------------------------------------------------- /results/aHR0cHM6Ly93d3cuZmFicmlxdWUuc29jaWFsLmdvdXYuZnI=/nmapvuln.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
11 | 12 | 13 | 14 | 15 | 16 |
17 | 18 | 19 | 20 | 21 | 22 | 23 | cpe:/a:igor_sysoev:nginx 24 | cpe:/a:igor_sysoev:nginx 25 | 26 | 27 | 28 | 29 | 30 | 31 | -------------------------------------------------------------------------------- /results/aHR0cHM6Ly93d3cuZmFicmlxdWUuc29jaWFsLmdvdXYuZnI=/screenshot.jpeg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SocialGouv/dashlord/ab17bc2795d0841e4f230b6a9d24a57514732dd4/results/aHR0cHM6Ly93d3cuZmFicmlxdWUuc29jaWFsLmdvdXYuZnI=/screenshot.jpeg -------------------------------------------------------------------------------- /results/aHR0cHM6Ly93d3cuZmFicmlxdWUuc29jaWFsLmdvdXYuZnI=/thirdparties.json: -------------------------------------------------------------------------------- 1 | { 2 | "trackers": [], 3 | "cookies": [ 4 | { 5 | "name": "_pk_ses.2.6321", 6 | "value": "1", 7 | "domain": "www.fabrique.social.gouv.fr", 8 | "path": "/", 9 | "expires": 1681608525, 10 | "size": 15, 11 | "httpOnly": false, 12 | "secure": false, 13 | "session": false, 14 | "sameSite": "Lax", 15 | "sameParty": false, 16 | "sourceScheme": "Secure", 17 | "sourcePort": 443 18 | }, 19 | { 20 | "name": "_pk_id.2.6321", 21 | "value": "ff3d7c75e65a631e.1681606725.", 22 | "domain": "www.fabrique.social.gouv.fr", 23 | "path": "/", 24 | "expires": 1715561925, 25 | "size": 41, 26 | "httpOnly": false, 27 | "secure": false, 28 | "session": false, 29 | "sameSite": "Lax", 30 | "sameParty": false, 31 | "sourceScheme": "Secure", 32 | "sourcePort": 443 33 | } 34 | ], 35 | "headers": { 36 | "content-encoding": "gzip", 37 | "content-security-policy": "default-src 'none'; connect-src 'self' https://*.gouv.fr; font-src 'self'; img-src 'self'; prefetch-src 'self' https://*.gouv.fr; script-src 'self' https://*.gouv.fr; frame-src 'self' https://*.gouv.fr; style-src 'self' 'unsafe-inline'", 38 | "content-type": "text/html; charset=utf-8", 39 | "date": "Sun, 16 Apr 2023 00:58:43 GMT", 40 | "etag": "W/\"64387b42-73e3\"", 41 | "last-modified": "Thu, 13 Apr 2023 21:59:30 GMT", 42 | "strict-transport-security": "max-age=15724800; includeSubDomains", 43 | "vary": "Accept-Encoding", 44 | "x-content-type-options": "nosniff", 45 | "x-frame-options": "deny", 46 | "x-xss-protection": "1; mode=block" 47 | }, 48 | "endpoints": [ 49 | { 50 | "hostname": "www.fabrique.social.gouv.fr", 51 | "ip": "20.74.14.77", 52 | "geoip": { 53 | "city": { 54 | "geoname_id": 2988507, 55 | "names": { 56 | "de": "Paris", 57 | "en": "Paris", 58 | "es": "París", 59 | "fr": "Paris", 60 | "ja": "パリ", 61 | "pt-BR": "Paris", 62 | "ru": "Париж", 63 | "zh-CN": "巴黎" 64 | } 65 | }, 66 | "continent": { 67 | "code": "EU", 68 | "geoname_id": 6255148, 69 | "names": { 70 | "de": "Europa", 71 | "en": "Europe", 72 | "es": "Europa", 73 | "fr": "Europe", 74 | "ja": "ヨーロッパ", 75 | "pt-BR": "Europa", 76 | "ru": "Европа", 77 | "zh-CN": "欧洲" 78 | } 79 | }, 80 | "country": { 81 | "geoname_id": 3017382, 82 | "is_in_european_union": true, 83 | "iso_code": "FR", 84 | "names": { 85 | "de": "Frankreich", 86 | "en": "France", 87 | "es": "Francia", 88 | "fr": "France", 89 | "ja": "フランス共和国", 90 | "pt-BR": "França", 91 | "ru": "Франция", 92 | "zh-CN": "法国" 93 | } 94 | }, 95 | "location": { 96 | "accuracy_radius": 20, 97 | "latitude": 48.8323, 98 | "longitude": 2.4075, 99 | "time_zone": "Europe/Paris" 100 | }, 101 | "postal": { 102 | "code": "75001" 103 | }, 104 | "registered_country": { 105 | "geoname_id": 6252001, 106 | "iso_code": "US", 107 | "names": { 108 | "de": "Vereinigte Staaten", 109 | "en": "United States", 110 | "es": "Estados Unidos", 111 | "fr": "États Unis", 112 | "ja": "アメリカ", 113 | "pt-BR": "EUA", 114 | "ru": "США", 115 | "zh-CN": "美国" 116 | } 117 | }, 118 | "subdivisions": [ 119 | { 120 | "geoname_id": 3012874, 121 | "iso_code": "IDF", 122 | "names": { 123 | "de": "Île-de-France", 124 | "en": "Île-de-France", 125 | "es": "Isla de Francia", 126 | "fr": "Île-de-France", 127 | "pt-BR": "Ilha de França" 128 | } 129 | }, 130 | { 131 | "geoname_id": 2968815, 132 | "iso_code": "75", 133 | "names": { 134 | "de": "Paris", 135 | "en": "Paris", 136 | "es": "Paris", 137 | "fr": "Paris" 138 | } 139 | } 140 | ] 141 | } 142 | } 143 | ] 144 | } 145 | -------------------------------------------------------------------------------- /results/aHR0cHM6Ly93d3cuZmFicmlxdWUuc29jaWFsLmdvdXYuZnI=/wappalyzer.json: -------------------------------------------------------------------------------- 1 | {"urls":{"https://www.fabrique.social.gouv.fr/":{"status":200}},"technologies":[{"slug":"node-js","name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","confidence":100,"version":null,"icon":"Node.js.svg","website":"http://nodejs.org","cpe":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","categories":[{"id":27,"slug":"programming-languages","name":"Programming languages"}]},{"slug":"next-js","name":"Next.js","description":"Next.js is a React framework for developing single page Javascript applications.","confidence":100,"version":"11.1.3","icon":"Next.js.svg","website":"https://nextjs.org","cpe":"cpe:2.3:a:zeit:next.js:*:*:*:*:*:*:*:*","categories":[{"id":12,"slug":"javascript-frameworks","name":"JavaScript frameworks"},{"id":18,"slug":"web-frameworks","name":"Web frameworks"},{"id":22,"slug":"web-servers","name":"Web servers"},{"id":57,"slug":"static-site-generator","name":"Static site generator"}],"rootPath":true},{"slug":"styled-components","name":"styled-components","description":"Styled components is a CSS-in-JS styling framework that uses tagged template literals in JavaScript.","confidence":100,"version":"5.3.3","icon":"styled-components.svg","website":"https://styled-components.com","cpe":null,"categories":[{"id":12,"slug":"javascript-frameworks","name":"JavaScript frameworks"},{"id":47,"slug":"development","name":"Development"}],"rootPath":true},{"slug":"react","name":"React","description":"React is an open-source JavaScript library for building user interfaces or UI components.","confidence":100,"version":null,"icon":"React.svg","website":"https://reactjs.org","cpe":"cpe:2.3:a:facebook:react:*:*:*:*:*:*:*:*","categories":[{"id":12,"slug":"javascript-frameworks","name":"JavaScript frameworks"}],"rootPath":true},{"slug":"azure","name":"Azure","description":"Azure is a cloud computing service for building, testing, deploying, and managing applications and services through Microsoft-managed data centers.","confidence":100,"version":null,"icon":"Azure.svg","website":"https://azure.microsoft.com","cpe":null,"categories":[{"id":62,"slug":"paas","name":"PaaS"}],"rootPath":true},{"slug":"matomo-analytics","name":"Matomo Analytics","description":"Matomo Analytics is a free and open-source web analytics application, that runs on a PHP/MySQL web-server.","confidence":100,"version":null,"icon":"Matomo.svg","website":"https://matomo.org","cpe":"cpe:2.3:a:matomo:matomo:*:*:*:*:*:*:*:*","categories":[{"id":10,"slug":"analytics","name":"Analytics"}],"rootPath":true},{"slug":"core-js","name":"core-js","description":"core-js is a modular standard library for JavaScript, with polyfills for cutting-edge ECMAScript features.","confidence":100,"version":"3.12.1","icon":"core-js.png","website":"https://github.com/zloirock/core-js","cpe":null,"categories":[{"id":59,"slug":"javascript-libraries","name":"JavaScript libraries"}],"rootPath":true},{"slug":"web-vitals","name":"web-vitals","description":"The web-vitals JavaScript is a tiny, modular library for measuring all the web vitals metrics on real users.","confidence":100,"version":null,"icon":"web-vitals.svg","website":"https://github.com/GoogleChrome/web-vitals","cpe":null,"categories":[{"id":59,"slug":"javascript-libraries","name":"JavaScript libraries"},{"id":78,"slug":"rum","name":"RUM"}]},{"slug":"hsts","name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","confidence":100,"version":null,"icon":"default.svg","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","cpe":null,"categories":[{"id":16,"slug":"security","name":"Security"}],"rootPath":true},{"slug":"webpack","name":"Webpack","description":"Webpack is an open-source JavaScript module bundler.","confidence":100,"version":null,"icon":"Webpack.svg","website":"https://webpack.js.org/","cpe":null,"categories":[{"id":19,"slug":"miscellaneous","name":"Miscellaneous"}]}]} 2 | -------------------------------------------------------------------------------- /results/aHR0cHM6Ly9iZXRhLmdvdXYuZnI=/declaration-a11y.json: -------------------------------------------------------------------------------- 1 | {"mention":"Accessibilité : non conforme","declarationUrl":"https://beta.gouv.fr/accessibilite/"} 2 | -------------------------------------------------------------------------------- /results/aHR0cHM6Ly9iZXRhLmdvdXYuZnI=/ecoindex.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "width": 1920, 4 | "height": 1080, 5 | "url": "https://beta.gouv.fr", 6 | "size": 816.99, 7 | "nodes": 340, 8 | "requests": 46, 9 | "grade": "B", 10 | "score": 71.0, 11 | "ges": 1.58, 12 | "water": 2.37, 13 | "ecoindex_version": "5.4.2", 14 | "date": "2023-04-16 00:55:24.928080", 15 | "page_type": null 16 | } 17 | ] -------------------------------------------------------------------------------- /results/aHR0cHM6Ly9iZXRhLmdvdXYuZnI=/http.json: -------------------------------------------------------------------------------- 1 | {"url":"https://beta.gouv.fr","algorithm_version":2,"end_time":"Sun, 16 Apr 2023 00:51:26 GMT","grade":"D+","hidden":false,"likelihood_indicator":"MEDIUM","response_headers":{"Connection":"keep-alive","Content-Encoding":"gzip","Content-Type":"text/html","Date":"Sun, 16 Apr 2023 00:51:21 GMT","ETag":"W/\"643aa875-97b2\"","Last-Modified":"Sat, 15 Apr 2023 13:36:53 GMT","Strict-Transport-Security":"max-age=31536000","Transfer-Encoding":"chunked","X-Request-ID":"017f7590-cf8e-42c3-a20e-18a58d012fdd"},"scan_id":36411521,"score":40,"start_time":"Sun, 16 Apr 2023 00:49:20 GMT","state":"FINISHED","status_code":200,"tests_failed":4,"tests_passed":8,"tests_quantity":12,"details":{"content-security-policy":{"expectation":"csp-implemented-with-no-unsafe","name":"content-security-policy","output":{"data":null,"http":false,"meta":false,"numPolicies":0,"policy":null},"pass":false,"result":"csp-not-implemented","score_description":"Content Security Policy (CSP) header not implemented","score_modifier":-25},"contribute":{"expectation":"contribute-json-only-required-on-mozilla-properties","name":"contribute","output":{"data":null},"pass":true,"result":"contribute-json-only-required-on-mozilla-properties","score_description":"Contribute.json isn't required on websites that don't belong to Mozilla","score_modifier":0},"cookies":{"expectation":"cookies-secure-with-httponly-sessions","name":"cookies","output":{"data":null,"sameSite":null},"pass":true,"result":"cookies-not-found","score_description":"No cookies detected","score_modifier":0},"cross-origin-resource-sharing":{"expectation":"cross-origin-resource-sharing-not-implemented","name":"cross-origin-resource-sharing","output":{"data":{"acao":null,"clientaccesspolicy":null,"crossdomain":null}},"pass":true,"result":"cross-origin-resource-sharing-not-implemented","score_description":"Content is not visible via cross-origin resource sharing (CORS) files or headers","score_modifier":0},"public-key-pinning":{"expectation":"hpkp-not-implemented","name":"public-key-pinning","output":{"data":null,"includeSubDomains":false,"max-age":null,"numPins":null,"preloaded":false},"pass":true,"result":"hpkp-not-implemented","score_description":"HTTP Public Key Pinning (HPKP) header not implemented","score_modifier":0},"redirection":{"expectation":"redirection-to-https","name":"redirection","output":{"destination":"https://beta.gouv.fr/","redirects":true,"route":["http://beta.gouv.fr/","https://beta.gouv.fr/"],"status_code":200},"pass":true,"result":"redirection-to-https","score_description":"Initial redirection is to HTTPS on same host, final destination is HTTPS","score_modifier":0},"referrer-policy":{"expectation":"referrer-policy-private","name":"referrer-policy","output":{"data":null,"http":false,"meta":false},"pass":true,"result":"referrer-policy-not-implemented","score_description":"Referrer-Policy header not implemented","score_modifier":0},"strict-transport-security":{"expectation":"hsts-implemented-max-age-at-least-six-months","name":"strict-transport-security","output":{"data":"max-age=31536000","includeSubDomains":false,"max-age":31536000,"preload":false,"preloaded":false},"pass":true,"result":"hsts-implemented-max-age-at-least-six-months","score_description":"HTTP Strict Transport Security (HSTS) header set to a minimum of six months (15768000)","score_modifier":0},"subresource-integrity":{"expectation":"sri-implemented-and-external-scripts-loaded-securely","name":"subresource-integrity","output":{"data":{}},"pass":true,"result":"sri-not-implemented-but-all-scripts-loaded-from-secure-origin","score_description":"Subresource Integrity (SRI) not implemented, but all scripts are loaded from a similar origin","score_modifier":0},"x-content-type-options":{"expectation":"x-content-type-options-nosniff","name":"x-content-type-options","output":{"data":null},"pass":false,"result":"x-content-type-options-not-implemented","score_description":"X-Content-Type-Options header not implemented","score_modifier":-5},"x-frame-options":{"expectation":"x-frame-options-sameorigin-or-deny","name":"x-frame-options","output":{"data":null},"pass":false,"result":"x-frame-options-not-implemented","score_description":"X-Frame-Options (XFO) header not implemented","score_modifier":-20},"x-xss-protection":{"expectation":"x-xss-protection-1-mode-block","name":"x-xss-protection","output":{"data":null},"pass":false,"result":"x-xss-protection-not-implemented","score_description":"X-XSS-Protection header not implemented","score_modifier":-10}}} -------------------------------------------------------------------------------- /results/aHR0cHM6Ly9iZXRhLmdvdXYuZnI=/nmapvuln.gnmap: -------------------------------------------------------------------------------- 1 | # Nmap 7.92 scan initiated Sun Apr 16 01:11:16 2023 as: nmap -sV --script vulners --script-args mincvss=5.0 -oA /data/nmapvuln beta.gouv.fr 2 | Host: 109.232.236.90 (ows-109-232-236-90.eu-west-2.compute.outscale.com) Status: Up 3 | Host: 109.232.236.90 (ows-109-232-236-90.eu-west-2.compute.outscale.com) Ports: 80/open/tcp//http///, 443/open/tcp//ssl|https/// Ignored State: filtered (998) 4 | # Nmap done at Sun Apr 16 01:11:53 2023 -- 1 IP address (1 host up) scanned in 36.27 seconds 5 | -------------------------------------------------------------------------------- /results/aHR0cHM6Ly9iZXRhLmdvdXYuZnI=/nmapvuln.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 40 | Scan Report Nmap 7.92 41 | 42 | 43 |
53 |
54 |

Scan Report
Nmap 7.92 55 |

56 | 
nmap -sV --script vulners --script-args mincvss=5.0 -oA /data/nmapvuln beta.gouv.fr
57 |

Sun Apr 16 01:11:16 2023 – Sun Apr 16 01:11:53 2023
1 hosts scanned. 58 | 1 hosts up. 59 | 0 hosts down. 60 |

61 |
62 |
1 63 |
64 |
0 65 |
66 |
67 |
68 |

Scanned Hosts

69 |
70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 |
StateAddressHostnameTCP (open)UDP (open)
up109.232.236.90beta.gouv.fr20
85 |

Online Hosts

93 |
94 |

109.232.236.90 - beta.gouv.fr

95 |
96 |

Hostnames

97 |
    98 |
  • beta.gouv.fr (user)
    • 99 |
  • ows-109-232-236-90.eu-west-2.compute.outscale.com (PTR)
    • 100 |
101 |

Ports

102 |
103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 163 | 164 |
PortProtocolState
Reason		ServiceProductVersionExtra Info
80tcpopen
syn-ack		http
123 |
fingerprint-strings
124 | 
125 |   GetRequest, HTTPOptions: 
126 |     HTTP/1.1 404 Not Found
127 |     Date: Sun, 16 Apr 2023 01:11:30 GMT
128 |     Content-Type: text/html
129 |     Content-Length: 15436
130 |     Connection: close
131 |     Content-Encoding: identity
132 |     <!DOCTYPE html><html><head><meta http-equiv="content-type" content="text/html; charset=UTF-8"><meta charset="utf-8"><meta content="IE=edge,chrome=1" http-equiv="X-UA-Compatible"><meta content="width=device-width, initial-scale=1.0" name="viewport"><title>Application doesn't exist - Scalingo</title><style>html { height: 100%;}body { -webkit-transform-style: preserve-3d; transform-style: preserve-3d; text-align: center; height: 100%; margin: 0; padding: 0; background: -webkit-gradient(linear, left top, left bottom, from(#1864ab), to(#099ec9)) left top/100% 100% no-repeat #1864ab; background: linear-gradient(to bottom, #1864ab, #099ec9) left top/100% 100% no-repeat #1864ab; color: white;}#wrapper { position: relative; top: 40%; -webkit
133 |
443tcpopen
syn-ack		https
144 |
fingerprint-strings
145 | 
146 |   GetRequest: 
147 |     HTTP/1.1 404 Not Found
148 |     Date: Sun, 16 Apr 2023 01:11:36 GMT
149 |     Content-Type: text/html
150 |     Content-Length: 15436
151 |     Connection: close
152 |     Content-Encoding: identity
153 |     <!DOCTYPE html><html><head><meta http-equiv="content-type" content="text/html; charset=UTF-8"><meta charset="utf-8"><meta content="IE=edge,chrome=1" http-equiv="X-UA-Compatible"><meta content="width=device-width, initial-scale=1.0" name="viewport"><title>Application doesn't exist - Scalingo</title><style>html { height: 100%;}body { -webkit-transform-style: preserve-3d; transform-style: preserve-3d; text-align: center; height: 100%; margin: 0; padding: 0; background: -webkit-gradient(linear, left top, left bottom, from(#1864ab), to(#099ec9)) left top/100% 100% no-repeat #1864ab; background: linear-gradient(to bottom, #1864ab, #099ec9) left top/100% 100% no-repeat #1864ab; color: white;}#wrapper { position: relative; top: 40%; -webkit
154 |   HTTPOptions: 
155 |     HTTP/1.1 404 Not Found
156 |     Date: Sun, 16 Apr 2023 01:11:37 GMT
157 |     Content-Type: text/html
158 |     Content-Length: 15436
159 |     Connection: close
160 |     Content-Encoding: identity
161 |     <!DOCTYPE html><html><head><meta http-equiv="content-type" content="text/html; charset=UTF-8"><meta charset="utf-8"><meta content="IE=edge,chrome=1" http-equiv="X-UA-Compatible"><meta content="width=device-width, initial-scale=1.0" name="viewport"><title>Application doesn't exist - Scalingo</title><style>html { height: 100%;}body { -webkit-transform-style: preserve-3d; transform-style: preserve-3d; text-align: center; height: 100%; margin: 0; padding: 0; background: -webkit-gradient(linear, left top, left bottom, from(#1864ab), to(#099ec9)) left top/100% 100% no-repeat #1864ab; background: linear-gradient(to bottom, #1864ab, #099ec9) left top/100% 100% no-repeat #1864ab; color: white;}#wrapper { position: relative; top: 40%; -webkit
162 |
165 |
166 |
167 |

Open Services

168 |
169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 |
AddressPortProtocolServiceProductVersionCPEExtra info
109.232.236.90 - beta.gouv.fr80tcphttp
109.232.236.90 - beta.gouv.fr443tcphttps
202 | 210 |
211 | 215 | 216 | 217 | -------------------------------------------------------------------------------- /results/aHR0cHM6Ly9iZXRhLmdvdXYuZnI=/nmapvuln.json: -------------------------------------------------------------------------------- 1 | {"host":"beta.gouv.fr","protocol":"tcp","closed_ports":"998","open_ports":[{"service":{"name":"http","id":"80","vulnerabilities":[]}},{"service":{"name":"https","id":"443","vulnerabilities":[]}}],"grade":"A"} -------------------------------------------------------------------------------- /results/aHR0cHM6Ly9iZXRhLmdvdXYuZnI=/nmapvuln.nmap: -------------------------------------------------------------------------------- 1 | # Nmap 7.92 scan initiated Sun Apr 16 01:11:16 2023 as: nmap -sV --script vulners --script-args mincvss=5.0 -oA /data/nmapvuln beta.gouv.fr 2 | Nmap scan report for beta.gouv.fr (109.232.236.90) 3 | Host is up (0.083s latency). 4 | Other addresses for beta.gouv.fr (not scanned): 5.104.101.30 5 | rDNS record for 109.232.236.90: ows-109-232-236-90.eu-west-2.compute.outscale.com 6 | Not shown: 998 filtered tcp ports (no-response) 7 | PORT STATE SERVICE VERSION 8 | 80/tcp open http 9 | | fingerprint-strings: 10 | | GetRequest, HTTPOptions: 11 | | HTTP/1.1 404 Not Found 12 | | Date: Sun, 16 Apr 2023 01:11:30 GMT 13 | | Content-Type: text/html 14 | | Content-Length: 15436 15 | | Connection: close 16 | | Content-Encoding: identity 17 | |_ Application doesn't exist - Scalingo