feat(reports): add reports in the pull request comment
This commit is contained in:
Jean-Yves CAMIER
54
README.md
54
README.md
@@ -51,32 +51,34 @@ And official documentation page <a href="https://docs.kics.io">docs.kics.io</a>
|
||||
|
||||
## Inputs
|
||||
|
||||
| Variable | Example Value | Description | Type | Required | Default |
|
||||
| ------------------------- | --------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- | -------- | --------------------------------------------- |
|
||||
| enable_comment | true | Enable pull request report comments | Boolean | No | false |
|
||||
| path | terraform/main.tf,Dockerfile | paths to a file or directories to scan, comma separated list | String | Yes | N/A |
|
||||
| ignore_on_exit | results | defines which non-zero exit codes should be ignored (all, results, errors, none) | String | No | none |
|
||||
| fail_on | high,medium | comma separated list of which severities returns exit code !=0 | String | No | high,medium,low,info |
|
||||
| timeout | 75 | number of seconds the query has to execute before being canceled | String | No | 60 |
|
||||
| profiling | CPU | turns on profiler that prints resource consumption in the logs during the execution (CPU, MEM) | String | No | N/A |
|
||||
| config_path | ./kics.config | path to configuration file | String | No | N/A |
|
||||
| platform_type | terraform,ansible | case insensitive list of platform types to scan | String | No | All platforms |
|
||||
| exclude_paths | ./shouldNotScan/*,somefile.txt | exclude paths from scan, supports glob, comma separated list | String | No | N/A |
|
||||
| exclude_queries | a227ec01-f97a-4084-91a4-47b350c1db54 | exclude queries by providing the query ID, comma separated list | String | No | N/A |
|
||||
| exclude_categories | 'Observability,Networking and Firewall' | exclude categories by providing its name, comma separated list | String | No | N/A |
|
||||
| exclude_results | 'd4a1fa80-d9d8-450f-87c2-e1f6669c41f8' | exclude results by providing the similarity ID of a result | String | No | N/A |
|
||||
| include_queries | a227ec01-f97a-4084-91a4-47b350c1db54 | include only specified list of queries to the scan, cannot be provided with query exclusion flags | String | No | N/A |
|
||||
| output_formats | 'json,sarif' | formats in which the results report will be exported | String | No | json |
|
||||
| output_path | myResults/ | file path to store result in json format | String | No | "./" |
|
||||
| payload_path | /tmp/mypayload.json | file path to store source internal representation in JSON format | String | No | N/A |
|
||||
| queries | | path to directory with queries (default "./assets/queries") | String | No | ./assets/queries downloaded with the binaries |
|
||||
| verbose | true | verbose scan | Boolean | No | false |
|
||||
| type | Ansible,Dockerfile | case insensitive comma-separated list of platform types to scan (Ansible, AzureResourceManager, CloudFormation, Dockerfile, Kubernetes, OpenAPI, Terraform) | String | No | all types |
|
||||
| bom | true | include bill of materials (BoM) in results.json output | Boolean | No | false |
|
||||
| disable_full_descriptions | false | disable request for full descriptions and use default vulnerability descriptions | Boolean | false |
|
||||
| disable_secrets | false | disable secrets detection | Boolean | false |
|
||||
| secrets_regexes_path | ./mydir/secrets-config.json | path to custom secrets regex rules configuration file | String | No | N/A |
|
||||
| libraries_path | ./myLibsDir | path to directory with Rego libraries | String | No | N/A |
|
||||
| Variable | Example Value | Description | Type | Required | Default |
|
||||
|-------------------------------------------|--------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------|---------| -------- |--------------------------------------------------------|
|
||||
| enable_comment | true | Enable pull request report comments | Boolean | No | false |
|
||||
| comments_with_queries | true | Add queries in th pull request report comments (available when enable_comments = true) | Boolean | No | false |
|
||||
| excluded_column_for_comments_with_queries | description_id,similarity_id,search_line,search_value | Excluded columns for the comment with queries, accepts a comma separated list | String | No | description_id,similarity_id,search_line,search_value |
|
||||
| path | terraform/main.tf,Dockerfile | paths to a file or directories to scan, comma separated list | String | Yes | N/A |
|
||||
| ignore_on_exit | results | defines which non-zero exit codes should be ignored (all, results, errors, none) | String | No | none |
|
||||
| fail_on | high,medium | comma separated list of which severities returns exit code !=0 | String | No | high,medium,low,info |
|
||||
| timeout | 75 | number of seconds the query has to execute before being canceled | String | No | 60 |
|
||||
| profiling | CPU | turns on profiler that prints resource consumption in the logs during the execution (CPU, MEM) | String | No | N/A |
|
||||
| config_path | ./kics.config | path to configuration file | String | No | N/A |
|
||||
| platform_type | terraform,ansible | case insensitive list of platform types to scan | String | No | All platforms |
|
||||
| exclude_paths | ./shouldNotScan/*,somefile.txt | exclude paths from scan, supports glob, comma separated list | String | No | N/A |
|
||||
| exclude_queries | a227ec01-f97a-4084-91a4-47b350c1db54 | exclude queries by providing the query ID, comma separated list | String | No | N/A |
|
||||
| exclude_categories | 'Observability,Networking and Firewall' | exclude categories by providing its name, comma separated list | String | No | N/A |
|
||||
| exclude_results | 'd4a1fa80-d9d8-450f-87c2-e1f6669c41f8' | exclude results by providing the similarity ID of a result | String | No | N/A |
|
||||
| include_queries | a227ec01-f97a-4084-91a4-47b350c1db54 | include only specified list of queries to the scan, cannot be provided with query exclusion flags | String | No | N/A |
|
||||
| output_formats | 'json,sarif' | formats in which the results report will be exported | String | No | json |
|
||||
| output_path | myResults/ | file path to store result in json format | String | No | "./" |
|
||||
| payload_path | /tmp/mypayload.json | file path to store source internal representation in JSON format | String | No | N/A |
|
||||
| queries | | path to directory with queries (default "./assets/queries") | String | No | ./assets/queries downloaded with the binaries |
|
||||
| verbose | true | verbose scan | Boolean | No | false |
|
||||
| type | Ansible,Dockerfile | case insensitive comma-separated list of platform types to scan (Ansible, AzureResourceManager, CloudFormation, Dockerfile, Kubernetes, OpenAPI, Terraform) | String | No | all types |
|
||||
| bom | true | include bill of materials (BoM) in results.json output | Boolean | No | false |
|
||||
| disable_full_descriptions | false | disable request for full descriptions and use default vulnerability descriptions | Boolean | false |
|
||||
| disable_secrets | false | disable secrets detection | Boolean | false |
|
||||
| secrets_regexes_path | ./mydir/secrets-config.json | path to custom secrets regex rules configuration file | String | No | N/A |
|
||||
| libraries_path | ./myLibsDir | path to directory with Rego libraries | String | No | N/A |
|
||||
|
||||
|
||||
## Simple usage example
|
||||
|
||||
Reference in New Issue
Block a user