Update dast-zap.yml #24
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: IaC Scan - KICS | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| branches: [main] | |
| permissions: | |
| security-events: write | |
| actions: read | |
| contents: read | |
| jobs: | |
| kics: | |
| name: Run IaC Scan with KICS | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout source code | |
| uses: actions/checkout@v3 | |
| - name: Prepare writable output folder | |
| run: | | |
| mkdir -p kics-results | |
| chmod -R 777 kics-results # allow container to write to host | |
| - name: Run KICS with SARIF output | |
| run: | | |
| docker run --rm \ | |
| -v ${{ github.workspace }}:/project \ | |
| checkmarx/kics:v2.1.9-ubi8 \ | |
| scan -p /project/Dockerfile \ | |
| -o /project/kics-results \ | |
| --exclude-severities info --report-formats sarif || true | |
| - name: Upload SARIF results to GitHub Code Scanning | |
| uses: github/codeql-action/upload-sarif@v3 | |
| with: | |
| sarif_file: kics-results/results.sarif |