-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathaction.yml
134 lines (118 loc) · 3.34 KB
/
action.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
name: "Security Scan and Comment Action"
description: "Runs various open source security tools and then comments on PRs with results."
author: "Douglas Coburn"
runs:
using: "docker"
image: "Dockerfile"
inputs:
github_token:
description: "GitHub token to post comments on PRs"
required: true
# Enable Settings
python_sast_enabled:
description: "Enable Python SAST analysis"
required: false
default: "false"
golang_sast_enabled:
description: "Enable Golang SAST analysis"
required: false
default: "false"
javascript_sast_enabled:
description: "Enable JavaScript SAST analysis"
required: false
default: "false"
dockerfile_enabled:
description: "Enable Dockerfile analysis"
required: false
default: "false"
image_enabled:
description: "Enable image scanning"
required: false
default: "false"
secret_scanning_enabled:
description: "Enable secret scanning"
required: false
default: "false"
# Docker Configuration
docker_images:
description: "Comma-separated list of Docker images to scan"
required: false
default: ""
dockerfiles:
description: "Comma-separated list of Dockerfiles to scan"
required: false
default: ""
# Trufflehog Configuration
trufflehog_exclude_dir:
description: "Comma-separated list of directories to exclude in Trufflehog"
required: false
default: ""
trufflehog_rules:
description: "Rules to enable in Trufflehog"
required: false
default: ""
trufflehog_show_unverified:
description: "Show unverified secrets in Trufflehog results"
required: false
default: "false"
# Bandit Configuration
bandit_exclude_dir:
description: "Comma-separated list of directories to exclude in Bandit"
required: false
default: ""
bandit_rules:
description: "Rules to disable in Bandit"
required: false
default: ""
# Gosec Configuration
gosec_exclude_dir:
description: "Comma-separated list of directories to exclude in Gosec"
required: false
default: ""
gosec_rules:
description: "Rules to enable in Gosec"
required: false
default: ""
# Trivy Configuration
trivy_exclude_dir:
description: "Comma-separated list of directories to exclude in Trivy"
required: false
default: ""
trivy_rules:
description: "Rules to enable in Trivy"
required: false
default: ""
# ESLint Configuration
eslint_exclude_dir:
description: "Comma-separated list of directories to exclude in ESLint"
required: false
default: ""
eslint_rules:
description: "Custom ESLint rules or plugins to enable"
required: false
default: ""
# Log Forwarding Configuration
sumo_logic_enabled:
description: "Enable Sumo Logic log forwarding"
required: false
default: "false"
sumo_logic_http_source_url:
description: "HTTP source URL for Sumo Logic"
required: false
default: ""
# Microsoft Sentinel Configuration
ms_sentinel_enabled:
description: "Enable Microsoft Sentinel log forwarding"
required: false
default: "false"
ms_sentinel_workspace_id:
description: "Workspace ID for Microsoft Sentinel"
required: false
default: "REPLACE_ME"
ms_sentinel_shared_key:
description: "Shared key for Microsoft Sentinel"
required: false
default: "REPLACE_ME"
branding:
icon: "shield"
color: "blue"