• Free 2000 minutes/month of cloud scans.
• Fully automated and simple to deploy
• Continuous scheduled scans & monitoring of assets
• Integrate any tool of your choice in workflow
• Native git diff support for change visualization

• Create a new private repository from here with name pd-actions
• Execute below commands, make sure to update USER_NAME with your GitHub username.

▶ git clone --bare https://github.com/projectdiscovery/pd-actions.git; cd pd-actions.git
▶ git push --mirror https://github.com/USER_NAME/pd-actions.git

• Update input/domains.txt with the target of your interest.
• Make required changes in .github/workflows/pd-actions.yaml
• Now you will be able to see the "pd-actions" under Actions tab in your repository.

For running continuous periodic scan, remove the below comments form your actions file.

name: pd-actions

on:
#    schedule:
#      - cron: '0 0 * * *'
    workflow_dispatch:

As default, scans are scheduled to run at 12 AM on daily basis, you can update schedule and flag values of various tools as per your need in .github/workflows/pd-actions.yaml file on your forked version.

As described in the picture, PD action workflow takes root domain as input from input/domains.txt file,

1. Performs passive subdomain enumeration using SubFinder
2. Filter the inactive / invalid subdomains using dnsx
3. Performs port scan for top 100 ports using Naabu
4. Run HTTP webserver probing on the discovered ports using httpx
5. Run CVEs based various nuclei templates using Nuclei
6. Send alerts to Slack,Discord,Telegram using Notify - (Optional)
7. Create tickets for bugs found using Nuclei on Github,Gitlab,Jira - (Optional)

Results from each tool stored in the output/ directory, upon changes after each scan you can also view the all changes using built in git diff UI and CLI.

You can always tweak the flags from each project as per your need directly at .github/workflows/pd-actions.yaml.

Checkout our blog-post https://blog.projectdiscovery.io/github-actions-for-application-security/ for a detailed breakdown of PD actions workflow and steps to write your own custom workflow using Github actions, PD actions is an idea to showcase utilization of GitHub Actions for Application security automation, you can do a lot of things with your custom workflows and tooling.

We have also added a few example workflows to run individual projects, we will add more workflows example to cover different use cases to improve security of organization, if you got more workflows example to share with community? please don't hesitate to open a PR 😄

GitHub free account comes with 2000 minutes/month of free scans, making it practically free to run your continuous scans in the cloud. Few noticeable limits that are worth mentioning are listed below.

• https://docs.github.com/en/github/site-policy/github-additional-product-terms#5-actions-and-packages
• https://docs.github.com/en/actions/reference/usage-limits-billing-and-administration#usage-limits
• https://blog.projectdiscovery.io/github-actions-for-application-security/
• https://cdmana.com/2021/03/20210310142516432Q.html