Skip to content

Commit

Permalink
chore(scan): integrate KICS scanning into PR pipelines
Browse files Browse the repository at this point in the history
  • Loading branch information
brandtkeller committed Oct 18, 2024
1 parent fedb0c9 commit 3c99449
Show file tree
Hide file tree
Showing 2 changed files with 45 additions and 2 deletions.
2 changes: 0 additions & 2 deletions .github/workflows/scan-gosec.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,6 @@ on:
pull_request:
branches:
- main
schedule:
- cron: '0 0 * * 0'
jobs:
tests:
runs-on: ubuntu-latest
Expand Down
45 changes: 45 additions & 0 deletions .github/workflows/scan-kics.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
name: Scan CVEs - KICS

permissions:
contents: read

on:
push:
branches:
- main
pull_request:
branches:
- main
jobs:
kics:
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
steps:
- name: Checkout Source
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1

- name: run kics Scan
uses: checkmarx/kics-github-action@94469746ec2c43de89a42fb9d2a80070f5d25b16 # v2.1.3
with:
output_formats: 'sarif'

- name: display kics results
run: |
cat results.sarif
- name: Upload artifact
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with:
name: SARIF file
path: results.sarif
retention-days: 5

- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12
with:
sarif_file: results.sarif


0 comments on commit 3c99449

Please sign in to comment.