From c500b6f382fdcaee1c957367aa1558343dafdefe Mon Sep 17 00:00:00 2001
From: William Reyor <87031733+BillReyor@users.noreply.github.com>
Date: Mon, 5 Aug 2024 11:50:36 -0400
Subject: [PATCH] Create horusec_container_action.yml

yolo!
---
 .../workflows/horusec_container_action.yml    | 45 +++++++++++++++++++
 1 file changed, 45 insertions(+)
 create mode 100644 .github/workflows/horusec_container_action.yml

diff --git a/.github/workflows/horusec_container_action.yml b/.github/workflows/horusec_container_action.yml
new file mode 100644
index 0000000..dcb91ea
--- /dev/null
+++ b/.github/workflows/horusec_container_action.yml
@@ -0,0 +1,45 @@
+name: Horusec_Scan
+
+on: [push]
+
+jobs:
+  horusec-security:
+    name: horusec-security
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+
+      - name: Create Horusec Configuration
+        run: |
+          echo '{}' > horusec-config.json
+          # overwrite old config if it exists.
+
+      - name: Running Horusec Security
+        run: |
+          curl -fsSL https://raw.githubusercontent.com/ZupIT/horusec/main/deployments/scripts/install.sh | bash -s latest
+          horusec start -p . -D -o="json" -O="./horusec-results.json"
+    
+      - name: Upload Horusec Results
+        uses: actions/upload-artifact@v2
+        with:
+          name: horusec-results
+          path: horusec-results.json
+          
+      - name: Check for vulnerabilities
+        id: check_vulnerabilities
+        run: |
+          if [ -s horusec-results.json ]; then
+            VULNS_FOUND=$(jq '.analysisVulnerabilities | length' horusec-results.json)
+            if [ "$VULNS_FOUND" -gt "0" ]; then
+              echo "::error ::Vulnerabilities found"
+              exit 1
+            else
+              echo "No vulnerabilities found"
+            fi
+          else
+            echo "::error ::horusec-results.json not found or is empty"
+            exit 1
+          fi