HPCE/kics-github-action
0
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
35 Commits 17 Branches 22 Tags
9468d41aead5bb4f44aea6a6e3db320cedccd04d
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Eli Trop 9468d41aea fix runner
2021-03-11 16:51:02 +02:00
.github/workflows
Update publish.yml
2020-12-30 17:00:36 +02:00
images
add summary
2020-12-30 16:52:39 +02:00
action.yml
fix runner
2021-03-11 16:51:02 +02:00
Dockerfile
fix dockerfile
2021-03-11 16:36:07 +02:00
entrypoint.sh
fix runner
2021-03-11 16:51:02 +02:00
LICENSE
add readme and license
2020-12-30 16:42:26 +02:00
README.md
Update README.md
2020-12-30 17:10:38 +02:00

README.md

KICS Github Action kics Github

License: GPL-3.0 Latest Release Open Issues

Integrate KICS into your GitHub workflows, using KICS Github Action to make your IaC more secure

KICS (pronounced as 'kick-s') or Kicscan is an open source solution for static code analysis of Infrastructure as Code.

Keeping Infrastructure as Code Secure (in short KICS) is a must-have for any cloud native project. With KICS, finding security vulnerabilities, compliance issues, and infrastructure misconfigurations happens early in the development cycle, when fixing these is straightforward and cheap.

It is as simple as running a CLI tool, making it easy to integrate into any project CI.

Supported Platforms

Terraform   Kubernetes   Docker   CloudFormation   Ansible

Please find more info in the official website: kics.io

Inputs

Variable Example Value   Description   Type Required Default
path terraform path to file or directory to scan String Yes N/A
output_path results.json file path to store result in json format String No N/A
payload_path file path to store source internal representation in JSON format String No N/A
queries path to directory with queries (default "./assets/queries") String No ./assets/queries downloaded with the binaries
verbose true verbose scan Boolean No false

Example usage

    # Steps represent a sequence of tasks that will be executed as part of the job
    steps:
    # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
    - uses: actions/checkout@v2
    # Scan Iac with kics
     - name: run kics Scan
        uses: checkmarx/kics-action@v1.0
        with:
          path: 'terraform'
          output_path: 'results.json'
	# Display the results in json format	  
     - name: display kics results
        run: |
          cat results.json

How To Contribute

We welcome issues to and pull requests against this repository!

License

KICS Github Action

This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see https://www.gnu.org/licenses/.

Reference in New Issue View Git Blame Copy Permalink
Description
GitHub actions of KICS scan - Keeping Infrastructure as Code Secure
Readme GPL-3.0 1.7 MiB
Languages
JavaScript 63.6%
Shell 27.5%
HCL 7.5%
Dockerfile 1.4%