Skip to content

crazy-max/ghaction-virustotal

Use this GitHub action with your project
Add this Action to an existing workflow or create a new one
View on Marketplace

Repository files navigation

GitHub release GitHub marketplace CI workflow Test workflow Codecov
Become a sponsor Donate Paypal

About

GitHub Action to upload and scan files with VirusTotal.


Usage

Scan local files

This action can be used to scan local files with VirusTotal:

VirusTotal GitHub Action

name: build

on:
  pull_request:
  push:

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
        uses: actions/checkout@v4
      -
        name: Set up Go
        uses: actions/setup-go@v4
      -
        name: Build
        run: |
          GOOS=windows GOARCH=386 go build -o ./ghaction-virustotal-win32.exe -v -ldflags "-s -w"
          GOOS=windows GOARCH=amd64 go build -o ./ghaction-virustotal-win64.exe -v -ldflags "-s -w"
      -
        name: VirusTotal Scan
        uses: crazy-max/ghaction-virustotal@v4
        with:
          vt_api_key: ${{ secrets.VT_API_KEY }}
          files: |
            ./ghaction-virustotal-win32.exe
            ./ghaction-virustotal-win64.exe

Scan assets of a published release

You can also use this action to scan assets of a published release on GitHub when a release event is triggered:

name: released

on:
  release:
    types: [published]

jobs:
  virustotal:
    runs-on: ubuntu-latest
    steps:
      -
        name: VirusTotal Scan
        uses: crazy-max/ghaction-virustotal@v4
        with:
          vt_api_key: ${{ secrets.VT_API_KEY }}
          files: |
            .exe$

If you set update_release_body: true input, analysis link(s) will be appended to the release body and will look like this:

VirusTotal GitHub Action update release body

Scan through VirusTotal Monitor

To scan your assets through VirusTotal Monitor you can use the following workflow:

name: build

on:
  pull_request:
  push:

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
        uses: actions/checkout@v4
      -
        name: Set up Go
        uses: actions/setup-go@v4
      -
        name: Build
        run: |
          GOOS=windows GOARCH=386 go build -o ./ghaction-virustotal-win32.exe -v -ldflags "-s -w"
          GOOS=windows GOARCH=amd64 go build -o ./ghaction-virustotal-win64.exe -v -ldflags "-s -w"
      -
        name: VirusTotal Monitor Scan
        uses: crazy-max/ghaction-virustotal@v4
        with:
          vt_api_key: ${{ secrets.VT_API_KEY }}
          vt_monitor: true
          monitor_path: /ghaction-virustotal
          files: |
            ./ghaction-virustotal-*.exe

Customizing

inputs

Following inputs can be used as step.with keys

Name Type Default Description
vt_api_key String VirusTotal API key to upload assets (required)
files String Newline-delimited list of path globs/patterns for asset files to upload for analysis (required)
vt_monitor Bool false If enabled, files will be uploaded to VirusTotal Monitor endpoint
monitor_path¹ String / A path relative to current monitor user root folder to upload files
update_release_body² Bool false If enabled, analysis link(s) will be appended to the release body
github_token³ String GitHub Token used to create an authenticated client for GitHub API as provided by secrets
request_rate Number 0 API request-rate in requests/minute. Set to 4 or lower when using the standard free public API. 0 to disable rate-limit.

outputs

The following outputs are available

Name Type Description
analysis String Analysis results formatted as <filename>=<analysisURL> (comma separated)

Contributing

Want to contribute? Awesome! The most basic way to show your support is to star the project, or to raise issues. You can also support this project by becoming a sponsor on GitHub or by making a PayPal donation to ensure this journey continues indefinitely!

Thanks again for your support, it is much appreciated! 🙏

License

MIT. See LICENSE for more details.