nuclei-templates/.github/workflows/kev-update.yml

name: 📋 KEV & vKEV Tag Update

on:
  schedule:
    # Run daily at 3:00 AM UTC (1 hour after EPSS update)
    - cron: '0 3 * * *'
  workflow_dispatch:

jobs:
  update-kev:
    runs-on: ubuntu-latest
    if: github.repository == 'projectdiscovery/nuclei-templates'
    steps:
      - name: Checkout repository
        uses: actions/checkout@v5

      - name: Setup Python
        uses: actions/setup-python@v6
        with:
          python-version: '3.11'

      - name: Install dependencies
        run: |
          pip install requests pyyaml

      - name: Update KEV and vKEV tags
        run: python .github/scripts/update-kev.py
        env:
          # VulnCheck API key for enhanced vKEV data
          VULNCHECK_API_KEY: ${{ secrets.VULNCHECK_API_KEY }}

      - name: Check for changes
        id: changes
        run: |
          if git diff --quiet; then
            echo "changes=false" >> $GITHUB_OUTPUT
          else
            echo "changes=true" >> $GITHUB_OUTPUT
          fi

      - name: Setup Git
        if: steps.changes.outputs.changes == 'true'
        uses: projectdiscovery/actions/setup/git@v1

      - name: Commit changes
        if: steps.changes.outputs.changes == 'true'
        uses: projectdiscovery/actions/commit@v1
        with:
          files: '**/cves/**/*.yaml'
          message: 'chore: update KEV and vKEV tags and metadata 🤖'

      - name: Push changes
        if: steps.changes.outputs.changes == 'true'
        run: |
          git pull origin $GITHUB_REF --rebase
          git push origin $GITHUB_REF