Test (#1)
* add params to scan * fix typo * try silent output * add logging * fix time on logging * fix format
This commit is contained in:
elit-cx
21
action.yml
21
action.yml
@ -2,9 +2,20 @@
|
||||
name: 'kics Github Action'
|
||||
description: 'Run kics scan against IaC projects'
|
||||
inputs:
|
||||
directory:
|
||||
description: 'directory with IaC to scan'
|
||||
path:
|
||||
description: 'path to file or directory to scan'
|
||||
required: true
|
||||
output_path:
|
||||
description: 'file path to store result in json format'
|
||||
required: false
|
||||
payload_path:
|
||||
description: 'file path to store source internal representation in JSON format'
|
||||
required: false
|
||||
queries:
|
||||
description: 'path to directory with queries (default "./assets/queries")'
|
||||
required: false
|
||||
verbose:
|
||||
description: 'verbose scan'
|
||||
outputs:
|
||||
results:
|
||||
description: 'the result of kics scan'
|
||||
@ -14,3 +25,9 @@ branding:
|
||||
runs:
|
||||
using: 'docker'
|
||||
image: 'Dockerfile'
|
||||
args:
|
||||
- ${{ inputs.path }}
|
||||
- ${{ inputs.output_path }}
|
||||
- ${{ inputs.payload_path }}
|
||||
- ${{ inputs.queries }}
|
||||
- ${{ inputs.versbose }}
|
||||
@ -1,12 +1,26 @@
|
||||
#!/bin/sh -l
|
||||
#!/bin/bash
|
||||
DATETIME="`date '+%H:%M'`"
|
||||
|
||||
if [ -z "$INPUT_PATH" ]
|
||||
then
|
||||
echo "${DATETIME} - ERR input path can't be empty"
|
||||
exit 1
|
||||
else
|
||||
INPUT_PARAM="-p $INPUT_PATH"
|
||||
fi
|
||||
|
||||
[[ ! -z "$INPUT_OUTPUT_PATH" ]] && OUTPUT_PATH_PARAM="-o $INPUT_OUTPUT_PATH"
|
||||
[[ ! -z "$INPUT_PAYLOAD_PATH" ]] && PAYLOAD_PATH_PARAM="-d $INPUT_PAYLOAD_PATH"
|
||||
[[ ! -z "$INPUT_QUERIES" ]] && QUERIES_PARAM="-q $INPUT_QUERIES"
|
||||
[[ ! -z "$INPUT_VERBOSE" ]] && VERBOSE_PARAM="-v"
|
||||
|
||||
tag=`curl --silent "https://api.github.com/repos/Checkmarx/kics/releases/latest" | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/'`
|
||||
echo 'latest tag is' $tag
|
||||
echo "${DATETIME} - INF latest tag is $tag"
|
||||
version=`echo $tag | sed -r 's/^.{1}//'`
|
||||
echo 'version is' $version
|
||||
echo "${DATETIME} - INF version is $version"
|
||||
|
||||
echo "Downloading latest kics binaries"
|
||||
wget -c "https://github.com/Checkmarx/kics/releases/download/${tag}/kics_${version}_linux_x64.tar.gz" -O - | tar -xz
|
||||
echo "${DATETIME} - INF downloading latest kics binaries kics_${version}_linux_x64.tar.gz"
|
||||
wget -q -c "https://github.com/Checkmarx/kics/releases/download/${tag}/kics_${version}_linux_x64.tar.gz" -O - | tar -xz &>/dev/null
|
||||
|
||||
echo "about to scan directory" $INPUT_DIRECTORY
|
||||
./kics -p $INPUT_DIRECTORY -o results.json
|
||||
echo "${DATETIME} - INF : about to scan directory $INPUT_PATH"
|
||||
./kics $INPUT_PARAM $OUTPUT_PATH_PARAM $PAYLOAD_PATH_PARAM $QUERIES_PARAM $VERBOSE_PARAM
|
||||
Reference in New Issue
Block a user