HPCE/kics-github-action
0
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

updating documentation

Browse Source
This commit is contained in:
Rogério Peixoto
2021-03-18 15:30:17 +00:00
parent a85e934ba7
commit 1bd03f632b
1 changed files with 97 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

101
README.md
View File

@ -36,9 +36,9 @@ It is as simple as running a CLI tool, making it easy to integrate into any proj
| queries | | path to directory with queries (default "./assets/queries") | String | No | ./assets/queries downloaded with the binaries | | queries | | path to directory with queries (default "./assets/queries") | String | No | ./assets/queries downloaded with the binaries |
| verbose | true | verbose scan | Boolean | No | false | | verbose | true | verbose scan | Boolean | No | false |
## Example usage ## Simple Example usage
****
``` ```yaml
# Steps represent a sequence of tasks that will be executed as part of the job # Steps represent a sequence of tasks that will be executed as part of the job
steps: steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
@ -49,12 +49,105 @@ It is as simple as running a CLI tool, making it easy to integrate into any proj
with: with:
path: 'terraform' path: 'terraform'
output_path: 'results.json' output_path: 'results.json'
# Display the results in json format # Display the results in json format
- name: display kics results - name: display kics results
run: | run: |
cat results.json cat results.json
``` ```
## Example Using Docker Runner and SARIF report
checkmarx/kics-action@docker-runner branch runs an alpine based linux container (`checkmarx/kics:nightly-alpine`) that doesn't require downloading kics binaries and queries in the `entrypoint.sh`
```yaml
name: scan with KICS docker-runner
on:
pull_request:
branches: [master]
jobs:
kics-job:
runs-on: ubuntu-latest
name: kics-action
steps:
- name: Checkout repo
uses: actions/checkout@v2
- name: Mkdir results-dir
# make sure results dir is created
run: mkdir -p results-dir
- name: Run KICS Scan with SARIF result
uses: checkmarx/kics-action@docker-runner
with:
path: 'terraform'
# when provided with a directory on output_path
# it will generate the specified reports file named 'results.{extension}'
# in this example it will generate:
# - results-dir/results.json
# - results-dir/results.json
output_path: results-dir
platform_type: terraform
output_formats: 'json,sarif'
exclude_paths: "terraform/gcp/big_data.tf,terraform/azure"
# seek query id in it's metadata.json
exclude_queries: 0437633b-daa6-4bbc-8526-c0d2443b946e
- name: Show results
run: |
cat results-dir/results.sarif
cat results-dir/results.json
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: results-dir/results.sarif
```
## Example using docker-runner and config file
```yaml
name: scan with KICS using config file
on:
pull_request:
branches: [master]
jobs:
kics-job:
runs-on: ubuntu-latest
name: kics-action
steps:
- name: Checkout repo
uses: actions/checkout@v2
- name: Mkdir results-dir
# make sure results dir is created
run: mkdir -p results-dir
- name: Create config file
run: |
cat <<EOF >>kics.config
{
"exclude-categories": "Encryption",
"exclude-paths": "terraform/gcp/big_data.tf,terraform/gcp/gcs.tf",
"log-file": true,
"minimal-ui": false,
"no-color": false,
"no-progress": true,
"output-path": "./results-dir",
"path": "terraform,ansible",
"payload-path": "file path to store source internal representation in JSON format",
"preview-lines": 5,
"report-formats": "json,sarif",
"type": "terraform",
"verbose": true
}
EOF
- name: Run KICS Scan using config
uses: checkmarx/kics-action@docker-runner
with:
path: 'terraform'
config_path: ./kics.config
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: results-dir/results.sarif
```
## How To Contribute ## How To Contribute