KICS GitHub Action now pulls KICS from Docker image (#37)

Signed-off-by: João Reigota <joao.reigota@checkmarx.com>
2021-11-26 10:44:28 +00:00
parent 6fd8ac885d
commit 0fb2e77e82
5 changed files with 58 additions and 55 deletions
--- a/action.yml
+++ b/action.yml
@ -83,53 +83,34 @@ branding:
  icon: "shield"
  color: "green"
 runs:
-  using: "composite"
-  steps:
-    - uses: actions/checkout@v2
-    - name: Run KICS Scan
-      id: kics_scan
-      uses: docker://checkmarx/kics:v1.4.8-alpine
-      env:
-        INPUT_PATH: ${{ inputs.path }}
-        INPUT_FAIL_ON: ${{ inputs.fail_on }}
-        INPUT_TIMEOUT: ${{ inputs.timeout }}
-        INPUT_PROFILING: ${{ inputs.profiling }}
-        INPUT_CONFIG_PATH: ${{ inputs.config }}
-        INPUT_PLATFORM_TYPE: ${{ inputs.platform_type }}
-        INPUT_EXCLUDE_PATHS: ${{ inputs.exclude_paths }}
-        INPUT_EXCLUDE_QUERIES: ${{ inputs.exclude_queries }}
-        INPUT_INCLUDE_QUERIES: ${{ inputs.include_queries }}
-        INPUT_EXCLUDE_CATEGORIES: ${{ inputs.exclude_categories }}
-        INPUT_EXCLUDE_RESULTS: ${{ inputs.exclude_results }}
-        INPUT_OUTPUT_FORMATS: ${{ inputs.output_formats }}
-        INPUT_OUTPUT_PATH: ${{ inputs.output_path }}
-        INPUT_PAYLOAD_PATH: ${{ inputs.payload_path }}
-        INPUT_QUERIES: ${{ inputs.queries }}
-        INPUT_VERBOSE: ${{ inputs.verbose }}
-        INPUT_BOM: ${{ inputs.bom }}
-        INPUT_IGNORE_ON_EXIT: ${{ inputs.ignore_on_exit }}
-        INPUT_DISABLE_SECRETS: ${{ inputs.disable_secrets }}
-        INPUT_DISABLE_FULL_DESCRIPTIONS: ${{ inputs.disable_full_descriptions }}
-        INPUT_LIBRARIES_PATH: ${{ inputs.libraries_path }}
-        INPUT_SECRETS_REGEXES_PATH: ${{ inputs.secrets_regexes_path}}
-      with:
-        entrypoint: ./entrypoint.sh
-    - name: Run KICS PR Comentator
-      uses: actions/setup-node@v2
-      with:
-        node-version: 12.x
-    - name: Install dependencies
-      shell: bash
-      run: npm ci
-    - run: |
-        sudo chown -R ${USER} ${{ inputs.output_path }}
-        npm run build --if-present
-      shell: bash
-    - run: node dist/index.js
-      shell: bash
-      env:
-        INPUT_TOKEN: ${{ inputs.token }}
-        INPUT_OUTPUT_PATH: ${{ inputs.output_path }}
-        INPUT_ENABLE_COMMENTS: ${{ inputs.enable_comments }}
-        INPUT_OUTPUT_FORMATS: ${{ inputs.output_formats }}
-        KICS_EXIT_CODE: ${{ steps.kics_scan.outputs.exit_code }}
+  using: "docker"
+  image: Dockerfile
+  env:
+    INPUT_TOKEN: ${{ inputs.token }}
+    INPUT_OUTPUT_PATH: ${{ inputs.output_path }}
+    INPUT_ENABLE_COMMENTS: ${{ inputs.enable_comments }}
+    INPUT_OUTPUT_FORMATS: ${{ inputs.output_formats }}
+    WORKSPACE_PATH: $GITHUB_WORKSPACE
+  args:
+    - ${{ inputs.path }}
+    - ${{ inputs.fail_on }}
+    - ${{ inputs.timeout }}
+    - ${{ inputs.profiling }}
+    - ${{ inputs.config }}
+    - ${{ inputs.platform_type }}
+    - ${{ inputs.exclude_paths }}
+    - ${{ inputs.exclude_queries }}
+    - ${{ inputs.include_queries }}
+    - ${{ inputs.exclude_categories }}
+    - ${{ inputs.exclude_results }}
+    - ${{ inputs.output_formats }}
+    - ${{ inputs.output_path }}
+    - ${{ inputs.payload_path }}
+    - ${{ inputs.queries }}
+    - ${{ inputs.verbose }}
+    - ${{ inputs.bom }}
+    - ${{ inputs.ignore_on_exit }}
+    - ${{ inputs.disable_secrets }}
+    - ${{ inputs.disable_full_descriptions }}
+    - ${{ inputs.libraries_path }}
+    - ${{ inputs.secrets_regexes_path}}