-
Notifications
You must be signed in to change notification settings - Fork 7
37 lines (34 loc) · 997 Bytes
/
kics.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
name: kics
on:
pull_request:
branches: [main]
paths:
- 'charts/**'
- '.github/workflows/kics.yml'
push:
branches: [main]
paths:
- 'charts/**'
- '.github/workflows/kics.yml'
permissions:
security-events: write
jobs:
kics:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
- name: Run KICS Scan
uses: checkmarx/kics-github-action@530ac1f8efe6202b0f12c9a6e952597ae707b755 # v2.1.2
with:
path: 'charts'
ignore_on_exit: results
output_path: report-dir/
output_formats: 'sarif'
token: ${{ secrets.GITHUB_TOKEN }}
enable_jobs_summary: true
platform_type: 'kubernetes'
disable_secrets: true
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@662472033e021d55d94146f66f6058822b0b39fd # v3.26.8
with:
sarif_file: report-dir/results.sarif