Skip to content

Add Attack Surface Analyzer Script#26379

Merged
TravisEz13 merged 54 commits intoPowerShell:masterfrom
TravisEz13:copilot/add-attack-surface-analyzer-test
Nov 4, 2025
Merged

Add Attack Surface Analyzer Script#26379
TravisEz13 merged 54 commits intoPowerShell:masterfrom
TravisEz13:copilot/add-attack-surface-analyzer-test

Conversation

@TravisEz13
Copy link
Copy Markdown
Member

@TravisEz13 TravisEz13 commented Nov 4, 2025
edited
Loading

PR Summary

This pull request introduces a new Attack Surface Analyzer (ASA) testing workflow for PowerShell MSI installations, leveraging Docker containers for automated and reproducible security analysis. It adds a comprehensive README.md and a multi-stage Dockerfile to the tools/AttackSurfaceAnalyzer directory, detailing how to run ASA tests locally or in CI/CD, and how to extract results efficiently. Additionally, minor updates are made to CI configurations to support new packaging workflows.

New ASA Testing Tools and Documentation:

  • Added a detailed README.md to tools/AttackSurfaceAnalyzer explaining ASA testing, usage instructions, Docker architecture, troubleshooting, and integration with CI/CD pipelines.
  • Introduced a multi-stage Dockerfile in tools/AttackSurfaceAnalyzer/docker/ for building containers that run ASA tests, capture baseline and post-installation snapshots, export SARIF and SQLite results, and enable clean extraction of reports.

PR Context

PR Checklist

Copilot AI and others added 30 commits October 19, 2025 19:06
Initial plan
a24e1bf
@TravisEz13
Add Attack Surface Analyzer test to windows packaging workflow
86840bb 
Co-authored-by: TravisEz13 <10873629+TravisEz13@users.noreply.github.com>
@TravisEz13
Remove redundant MSI installation step - Invoke-CIFinish already inst…
ed49207 
…alls MSI

Co-authored-by: TravisEz13 <10873629+TravisEz13@users.noreply.github.com>
@TravisEz13
Add windows-packaging-reusable.yml to path filters for packagingChanged
2641bc4 
Co-authored-by: TravisEz13 <10873629+TravisEz13@users.noreply.github.com>
@TravisEz13
Merge branch 'master' into copilot/add-attack-surface-analyzer-test
d08b674
@TravisEz13
Pin Attack Surface Analyzer version to 2.4.176
f8ded68 
Co-authored-by: TravisEz13 <10873629+TravisEz13@users.noreply.github.com>
@TravisEz13
Merge branch 'master' into copilot/add-attack-surface-analyzer-test
2871343
@TravisEz13
Update Attack Surface Analyzer version to 2.3.328
aeb83d3 
Co-authored-by: TravisEz13 <10873629+TravisEz13@users.noreply.github.com>
@TravisEz13
Merge branch 'master' into copilot/add-attack-surface-analyzer-test
d747f95
@TravisEz13
Optimize ASA collection for faster execution with targeted collectors…
dfc6268 
… and directories

Co-authored-by: TravisEz13 <10873629+TravisEz13@users.noreply.github.com>
@TravisEz13
Add C:\Windows monitoring and EventLog collector to ASA configuration
9ab76e0 
Co-authored-by: TravisEz13 <10873629+TravisEz13@users.noreply.github.com>
@TravisEz13
Fix ASA command syntax to use correct collector flags and comma-separ…
a659f5d 
…ated directories

Co-authored-by: TravisEz13 <10873629+TravisEz13@users.noreply.github.com>
@TravisEz13
Narrow Windows monitoring to System32\PowerShell directory for faster…
43975f3 
… execution

Co-authored-by: TravisEz13 <10873629+TravisEz13@users.noreply.github.com>
@TravisEz13
Upload Attack Surface Analyzer results as artifacts for analysis
6bf0707 
Co-authored-by: TravisEz13 <10873629+TravisEz13@users.noreply.github.com>
@TravisEz13
Apply suggestion from @TravisEz13
25a9001
@TravisEz13
Add SARIF output file to ASA results artifact upload
0315cbd 
Co-authored-by: TravisEz13 <10873629+TravisEz13@users.noreply.github.com>
@TravisEz13
Run ASA only for x64/stable matrix configuration
fbce5e9 
Co-authored-by: TravisEz13 <10873629+TravisEz13@users.noreply.github.com>
@TravisEz13
Merge branch 'master' into copilot/add-attack-surface-analyzer-test
9c201e5
@TravisEz13
Move ASA to Windows container for clean baseline testing
de2d81f 
Co-authored-by: TravisEz13 <10873629+TravisEz13@users.noreply.github.com>
@TravisEz13
Add Dockerfile and PowerShell script for Attack Surface Analyzer testing
8b472da
@TravisEz13
Remove Attack Surface Analyzer steps from Windows packaging workflow
fe088e8
@TravisEz13
Enhance README and script to clarify MSI handling and build process
e5a165c
@TravisEz13
Enhance Docker installation process in README and script to support a…
db78997 
…utomatic installation via winget
@TravisEz13
Enhance Docker handling in README and script to automate installation…
b4bb32d 
… and startup
@TravisEz13
Refactor Run-AttackSurfaceAnalyzer.ps1 for improved logging and error…
a9bf342 
… handling
@TravisEz13
Improve MSI detection logic to check both repo root and artifacts dir…
8f8e916 
…ectory
@TravisEz13
Refactor Docker setup: move Dockerfile to a dedicated subfolder and u…
15da07c 
…pdate scripts to use the static Dockerfile for building the Attack Surface Analyzer container.
@TravisEz13
Enhance README and Dockerfile documentation; implement multi-stage bu…
a3fd13b 
…ild for optimized result extraction in Run-AttackSurfaceAnalyzer.ps1
@TravisEz13
Refactor MSI handling in Docker setup: copy MSI to Docker build conte…
14d034c 
…xt and improve installation logging
@TravisEz13
Update .gitignore and README; enhance Run-AttackSurfaceAnalyzer.ps1 f…
02ac17b 
…or output path and report extraction
TravisEz13
TravisEz13 commented Nov 4, 2025
View reviewed changes
Comment thread .github/workflows/windows-packaging-reusable.yml Outdated
Copilot AI reviewed Nov 4, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR adds Attack Surface Analyzer (ASA) testing tooling for local PowerShell MSI analysis using Docker containers. It provides a PowerShell script and Dockerfile to automate the process of running ASA tests in a clean Windows container environment.

Key changes:

  • New Run-AttackSurfaceAnalyzer.ps1 script with automatic Docker setup and MSI building capabilities
  • Multi-stage Dockerfile for running ASA tests in isolated Windows containers
  • Updated Windows packaging workflow to include a stable x64 build configuration
  • Documentation and .gitignore updates for ASA test results

Reviewed Changes

Copilot reviewed 3 out of 4 changed files in this pull request and generated 7 comments.

Show a summary per file
File Description
tools/AttackSurfaceAnalyzer/docker/Dockerfile Multi-stage Dockerfile defining ASA test execution environment with baseline/post-install snapshots
tools/AttackSurfaceAnalyzer/Run-AttackSurfaceAnalyzer.ps1 PowerShell script orchestrating Docker setup, MSI building, ASA test execution, and result extraction
tools/AttackSurfaceAnalyzer/README.md Documentation for ASA testing workflow, prerequisites, and usage examples
.gitignore Excludes ASA test results directory from version control
.github/workflows/windows-packaging-reusable.yml Adds stable channel x64 build matrix entry

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread tools/AttackSurfaceAnalyzer/README.md Outdated
Comment thread tools/AttackSurfaceAnalyzer/README.md Outdated
Comment thread tools/AttackSurfaceAnalyzer/Run-AttackSurfaceAnalyzer.ps1 Outdated
Comment thread tools/AttackSurfaceAnalyzer/Run-AttackSurfaceAnalyzer.ps1 Outdated
Comment thread tools/AttackSurfaceAnalyzer/Run-AttackSurfaceAnalyzer.ps1 Outdated
Comment thread tools/AttackSurfaceAnalyzer/Run-AttackSurfaceAnalyzer.ps1 Outdated
Comment thread tools/AttackSurfaceAnalyzer/Run-AttackSurfaceAnalyzer.ps1 Outdated
@TravisEz13 TravisEz13 mentioned this pull request Nov 4, 2025
Closed
TravisEz13 and others added 16 commits November 4, 2025 11:57
@TravisEz13
Update tools/AttackSurfaceAnalyzer/README.md
c86876c 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@TravisEz13
Update tools/AttackSurfaceAnalyzer/README.md
669283f 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@TravisEz13
Update tools/AttackSurfaceAnalyzer/Run-AttackSurfaceAnalyzer.ps1
e80288b 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@TravisEz13
Update tools/AttackSurfaceAnalyzer/Run-AttackSurfaceAnalyzer.ps1
5664410 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@TravisEz13
Update tools/AttackSurfaceAnalyzer/Run-AttackSurfaceAnalyzer.ps1
c5cca9b 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@TravisEz13
Update Run-AttackSurfaceAnalyzer.ps1 and Dockerfile to use JSON resul…
38cfdb7 
…ts format instead of SARIF
@TravisEz13
Merge branch 'copilot/add-attack-surface-analyzer-test' of https://gi…
d054fbd 
…thub.com/travisez13/powershell into copilot/add-attack-surface-analyzer-test
@TravisEz13
Add Summarize-AsaResults.ps1 script for summarizing Attack Surface An…
1a7a0c2 
…alyzer results
@TravisEz13
Refine Run-AttackSurfaceAnalyzer.ps1 parameters and add MSI signature…
385003e 
… verification
@TravisEz13
Update README.md and Dockerfile to clarify MSI requirements and enhan…
37b2ed9 
…ce result exporting
@TravisEz13
Enhance Summarize-AsaResults.ps1 to include filtering options for inf…
5513e65 
…ormational and debug events, and update examples and parameters for clarity.
@TravisEz13
Enhance Write-ConsoleSummary function to display individual file deta…
1b887fb 
…ils and limit output for file-related categories
@TravisEz13
Enhance Write-ConsoleSummary function to display files with expired s…
e1045b6 
…ignatures, grouped by issuer, and limit output for other file-related categories.
@TravisEz13
Refactor Write-ConsoleSummary function to sort files by full file pat…
18cde5f 
…h and display all files, removing expiration date sorting and display limits.
@TravisEz13
Add copyright notice to Run-AttackSurfaceAnalyzer.ps1 and Summarize-A…
637dd4a 
…saResults.ps1
@TravisEz13
Add copyright notice to Dockerfile
20a9530
@TravisEz13 TravisEz13 added the CL-Tools Indicates that a PR should be marked as a tools change in the Change Log label Nov 4, 2025
@TravisEz13 TravisEz13 enabled auto-merge (squash) November 4, 2025 23:18
@TravisEz13 TravisEz13 merged commit 1ba5974 into PowerShell:master Nov 4, 2025
35 of 44 checks passed
@TravisEz13 TravisEz13 deleted the copilot/add-attack-surface-analyzer-test branch November 4, 2025 23:18
SIRMARGIN pushed a commit to SIRMARGIN/PowerShell that referenced this pull request Dec 12, 2025
@TravisEz13
@SIRMARGIN
Add Attack Surface Analyzer Script (PowerShell#26379)
3ce98e3 
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: TravisEz13 <10873629+TravisEz13@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
kilasuit pushed a commit to kilasuit/PowerShell that referenced this pull request Jan 2, 2026
@TravisEz13
@kilasuit
Add Attack Surface Analyzer Script (PowerShell#26379)
0f7977c 
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: TravisEz13 <10873629+TravisEz13@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@adityapatwardhan adityapatwardhan adityapatwardhan approved these changes

@jshigetomi jshigetomi Awaiting requested review from jshigetomi jshigetomi is a code owner

Assignees

No one assigned

Labels

CL-Tools Indicates that a PR should be marked as a tools change in the Change Log

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@TravisEz13 @adityapatwardhan