HPCE/kics-github-action
0
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' into feat/allow-disable-annotation

Browse Source
This commit is contained in:
Mickaël Villers
2022-11-04 21:56:29 +01:00
committed by GitHub
parent 1df7382b4c 9206a2173d
commit aaa586add2
7 changed files with 73 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.github/workflows/test_action.yaml vendored
View File

@ -20,6 +20,7 @@ jobs:
output_formats: sarif output_formats: sarif
ignore_on_exit: results ignore_on_exit: results
enable_comments: true enable_comments: true
enable_jobs_summary: true
comments_with_queries: true comments_with_queries: true
excluded_column_for_comments_with_queries: "description_id,similarity_id,search_line,search_value,cis_description_id,cis_description_title,cis_description_text,cloud_provider" excluded_column_for_comments_with_queries: "description_id,similarity_id,search_line,search_value,cis_description_id,cis_description_title,cis_description_text,cloud_provider"
- run: ls -la && ls -la myoutput - run: ls -la && ls -la myoutput

23
README.md
View File

@ -6,7 +6,7 @@
- [KICS Github Action](#kics-github-action) - [KICS Github Action](#kics-github-action)
- [Integrate KICS into your GitHub workflows](#integrate-kics-into-your-github-workflows) - [Integrate KICS into your GitHub workflows](#integrate-kics-into-your-github-workflows)
- [Supported Platforms](#supported-platforms) - [Supported Platforms](#supported-platforms)
- [Please find more info in the official website: <a href="https://kics.io">kics.io</a>](#please-find-more-info-in-the-official-website-kicsio) - [Please find more info in the official website: <a href="https://kics.io">kics.io</a>](#please-find-more-info-in-the-official-website-kicsio)
- [Inputs](#inputs) - [Inputs](#inputs)
- [Simple usage example](#simple-usage-example) - [Simple usage example](#simple-usage-example)
@ -76,6 +76,7 @@ And ensure that you're using the <a href="https://github.com/Checkmarx/kics-gith
| enable_comment | true | Enable pull request report comments | Boolean | No | false | | enable_comment | true | Enable pull request report comments | Boolean | No | false |
| disable_annotations | true | Disable annotations report | Boolean | No | false | | disable_annotations | true | Disable annotations report | Boolean | No | false |
| comments_with_queries | true | Add queries in th pull request report comments (available when enable_comments = true) | Boolean | No | false | | comments_with_queries | true | Add queries in th pull request report comments (available when enable_comments = true) | Boolean | No | false |
| enable_jobs_summary | true | Enable report as jobs summary | Boolean | No | false |
| excluded_column_for_comments_with_queries | description_id,similarity_id,search_line,search_value | Excluded columns for the comment with queries, accepts a comma separated list | String | No | description_id,similarity_id,search_line,search_value | | excluded_column_for_comments_with_queries | description_id,similarity_id,search_line,search_value | Excluded columns for the comment with queries, accepts a comma separated list | String | No | description_id,similarity_id,search_line,search_value |
| path | terraform/main.tf,Dockerfile | paths to a file or directories to scan, comma separated list | String | Yes | N/A | | path | terraform/main.tf,Dockerfile | paths to a file or directories to scan, comma separated list | String | Yes | N/A |
| ignore_on_exit | results | defines which non-zero exit codes should be ignored (all, results, errors, none) | String | No | none | | ignore_on_exit | results | defines which non-zero exit codes should be ignored (all, results, errors, none) | String | No | none |
@ -238,16 +239,16 @@ You can only enable one profiler at a time, CPU or MEM.
```yaml ```yaml
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
- name: run kics Scan - name: run kics Scan
uses: checkmarx/kics-github-action@v1.6 uses: checkmarx/kics-github-action@v1.6
with: with:
path: 'terraform' path: 'terraform'
profiling: MEM profiling: MEM
output_path: myResults/ output_path: myResults/
- name: display kics results - name: display kics results
run: | run: |
cat myResults/results.json cat myResults/results.json
``` ```
## Uploading SARIF report ## Uploading SARIF report

5
action.yml
View File

@ -14,6 +14,10 @@ inputs:
required: false required: false
default: "false" default: "false"
description: "Enable pull request report comments" description: "Enable pull request report comments"
enable_jobs_summary:
required: false
default: "false"
description: "Enable report as jobs summary"
comments_with_queries: comments_with_queries:
required: false required: false
default: "false" default: "false"
@ -111,6 +115,7 @@ runs:
INPUT_OUTPUT_PATH: ${{ inputs.output_path }} INPUT_OUTPUT_PATH: ${{ inputs.output_path }}
INPUT_DISABLE_ANNOTATIONS: ${{ inputs.disable_annotations }} INPUT_DISABLE_ANNOTATIONS: ${{ inputs.disable_annotations }}
INPUT_ENABLE_COMMENTS: ${{ inputs.enable_comments }} INPUT_ENABLE_COMMENTS: ${{ inputs.enable_comments }}
INPUT_ENABLE_JOBS_SUMMARY: ${{ inputs.enable_jobs_summary }}
INPUT_COMMENTS_WITH_QUERIES: ${{ inputs.comments_with_queries }} INPUT_COMMENTS_WITH_QUERIES: ${{ inputs.comments_with_queries }}
INPUT_EXCLUDED_COLUMNS_FOR_COMMENTS_WITH_QUERIES: ${{ inputs.excluded_column_for_comments_with_queries }} INPUT_EXCLUDED_COLUMNS_FOR_COMMENTS_WITH_QUERIES: ${{ inputs.excluded_column_for_comments_with_queries }}
INPUT_OUTPUT_FORMATS: ${{ inputs.output_formats }} INPUT_OUTPUT_FORMATS: ${{ inputs.output_formats }}

51
package-lock.json generated
View File

@ -9,7 +9,7 @@
"version": "1.0.0", "version": "1.0.0",
"license": "GNU GENERAL PUBLIC LICENSE", "license": "GNU GENERAL PUBLIC LICENSE",
"dependencies": { "dependencies": {
"@actions/core": "^1.6.0", "@actions/core": "^1.10.0",
"@actions/exec": "^1.1.0", "@actions/exec": "^1.1.0",
"@actions/github": "^5.0.0", "@actions/github": "^5.0.0",
"@actions/io": "^1.1.1", "@actions/io": "^1.1.1",
@ -22,11 +22,28 @@
} }
}, },
"node_modules/@actions/core": { "node_modules/@actions/core": {
"version": "1.6.0", "version": "1.10.0",
"resolved": "https://registry.npmjs.org/@actions/core/-/core-1.6.0.tgz", "resolved": "https://registry.npmjs.org/@actions/core/-/core-1.10.0.tgz",
"integrity": "sha512-NB1UAZomZlCV/LmJqkLhNTqtKfFXJZAUPcfl/zqG7EfsQdeUJtaWO98SGbuQ3pydJ3fHl2CvI/51OKYlCYYcaw==", "integrity": "sha512-2aZDDa3zrrZbP5ZYg159sNoLRb61nQ7awl5pSvIq5Qpj81vwDzdMRKzkWJGJuwVvWpvZKx7vspJALyvaaIQyug==",
"dependencies": { "dependencies": {
"@actions/http-client": "^1.0.11" "@actions/http-client": "^2.0.1",
"uuid": "^8.3.2"
}
},
"node_modules/@actions/core/node_modules/@actions/http-client": {
"version": "2.0.1",
"resolved": "https://registry.npmjs.org/@actions/http-client/-/http-client-2.0.1.tgz",
"integrity": "sha512-PIXiMVtz6VvyaRsGY268qvj57hXQEpsYogYOu2nrQhlf+XCGmZstmuZBbAybUl1nQGnvS1k1eEsQ69ZoD7xlSw==",
"dependencies": {
"tunnel": "^0.0.6"
}
},
"node_modules/@actions/core/node_modules/uuid": {
"version": "8.3.2",
"resolved": "https://registry.npmjs.org/uuid/-/uuid-8.3.2.tgz",
"integrity": "sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg==",
"bin": {
"uuid": "dist/bin/uuid"
} }
}, },
"node_modules/@actions/exec": { "node_modules/@actions/exec": {
@ -298,11 +315,27 @@
}, },
"dependencies": { "dependencies": {
"@actions/core": { "@actions/core": {
"version": "1.6.0", "version": "1.10.0",
"resolved": "https://registry.npmjs.org/@actions/core/-/core-1.6.0.tgz", "resolved": "https://registry.npmjs.org/@actions/core/-/core-1.10.0.tgz",
"integrity": "sha512-NB1UAZomZlCV/LmJqkLhNTqtKfFXJZAUPcfl/zqG7EfsQdeUJtaWO98SGbuQ3pydJ3fHl2CvI/51OKYlCYYcaw==", "integrity": "sha512-2aZDDa3zrrZbP5ZYg159sNoLRb61nQ7awl5pSvIq5Qpj81vwDzdMRKzkWJGJuwVvWpvZKx7vspJALyvaaIQyug==",
"requires": { "requires": {
"@actions/http-client": "^1.0.11" "@actions/http-client": "^2.0.1",
"uuid": "^8.3.2"
},
"dependencies": {
"@actions/http-client": {
"version": "2.0.1",
"resolved": "https://registry.npmjs.org/@actions/http-client/-/http-client-2.0.1.tgz",
"integrity": "sha512-PIXiMVtz6VvyaRsGY268qvj57hXQEpsYogYOu2nrQhlf+XCGmZstmuZBbAybUl1nQGnvS1k1eEsQ69ZoD7xlSw==",
"requires": {
"tunnel": "^0.0.6"
}
},
"uuid": {
"version": "8.3.2",
"resolved": "https://registry.npmjs.org/uuid/-/uuid-8.3.2.tgz",
"integrity": "sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg=="
}
} }
}, },
"@actions/exec": { "@actions/exec": {

2
package.json
View File

@ -19,7 +19,7 @@
}, },
"homepage": "https://github.com/Checkmarx/kics-github-action#readme", "homepage": "https://github.com/Checkmarx/kics-github-action#readme",
"dependencies": { "dependencies": {
"@actions/core": "^1.6.0", "@actions/core": "^1.10.0",
"@actions/exec": "^1.1.0", "@actions/exec": "^1.1.0",
"@actions/github": "^5.0.0", "@actions/github": "^5.0.0",
"@actions/io": "^1.1.1", "@actions/io": "^1.1.1",

9
src/commenter.js
View File

@ -1,4 +1,5 @@
const moment = require('moment') const moment = require('moment')
const { summary } = require('@actions/core/lib/summary');
const kicsLogo = "https://user-images.githubusercontent.com/74597872/143567454-f65ad285-00d8-4875-845d-568d2e67d868.png" const kicsLogo = "https://user-images.githubusercontent.com/74597872/143567454-f65ad285-00d8-4875-845d-568d2e67d868.png"
const severityOrder = ["HIGH", "MEDIUM", "LOW", "INFO", "TRACE"]; const severityOrder = ["HIGH", "MEDIUM", "LOW", "INFO", "TRACE"];
@ -158,6 +159,12 @@ async function postPRComment(results, repo, prNumber, octokit, commentWithQuerie
} }
} }
async function postJobSummary(results, commentWithQueries = false, excludedColumnsForCommentsWithQueries) {
const message = createComment(results, commentWithQueries, excludedColumnsForCommentsWithQueries);
await summary.addRaw(message).write()
}
module.exports = { module.exports = {
postPRComment postPRComment,
postJobSummary
}; };

4
src/main.js
View File

@ -49,6 +49,7 @@ async function main() {
const githubToken = process.env.INPUT_TOKEN; const githubToken = process.env.INPUT_TOKEN;
const disableAnnotations = process.env.INPUT_DISABLE_ANNOTATIONS; const disableAnnotations = process.env.INPUT_DISABLE_ANNOTATIONS;
const enableComments = process.env.INPUT_ENABLE_COMMENTS; const enableComments = process.env.INPUT_ENABLE_COMMENTS;
const enableJobsSummary = process.env.INPUT_ENABLE_JOBS_SUMMARY;
const commentsWithQueries = process.env.INPUT_COMMENTS_WITH_QUERIES; const commentsWithQueries = process.env.INPUT_COMMENTS_WITH_QUERIES;
const excludedColumnsForCommentsWithQueries = process.env.INPUT_EXCLUDED_COLUMNS_FOR_COMMENTS_WITH_QUERIES.split(','); const excludedColumnsForCommentsWithQueries = process.env.INPUT_EXCLUDED_COLUMNS_FOR_COMMENTS_WITH_QUERIES.split(',');
const outputPath = processOutputPath(process.env.INPUT_OUTPUT_PATH); const outputPath = processOutputPath(process.env.INPUT_OUTPUT_PATH);
@ -78,6 +79,9 @@ async function main() {
if (enableComments.toLocaleLowerCase() === "true") { if (enableComments.toLocaleLowerCase() === "true") {
await commenter.postPRComment(parsedResults, repo, prNumber, octokit, commentsWithQueries.toLocaleLowerCase() === "true", excludedColumnsForCommentsWithQueries); await commenter.postPRComment(parsedResults, repo, prNumber, octokit, commentsWithQueries.toLocaleLowerCase() === "true", excludedColumnsForCommentsWithQueries);
} }
if (enableJobsSummary.toLocaleLowerCase() === "true") {
await commenter.postJobSummary(parsedResults, commentsWithQueries.toLocaleLowerCase() === "true", excludedColumnsForCommentsWithQueries);
}
setWorkflowStatus(exitCode); setWorkflowStatus(exitCode);
cleanupOutput(outputPath.resultsJSONFile, outputFormats); cleanupOutput(outputPath.resultsJSONFile, outputFormats);