Merge pull request #28 from Checkmarx/feat/add-pr-commenter

feat: converting to javascript action
Checkmarx · Oct 21, 2021 · c349453 · c349453
2 parents 9ee4e95 + 90790a2
commit c349453
Show file tree

Hide file tree

Showing 16 changed files with 19,704 additions and 106 deletions.
diff --git a/.github/workflows/test_action.yaml b/.github/workflows/test_action.yaml
@@ -0,0 +1,24 @@
+name: Test KICS action
+
+on:
+  workflow_dispatch:
+  pull_request:
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - run: mkdir -p myoutput
+      - name: Test KICS action
+        uses: ./
+        with:
+          path: test/samples/positive1.tf,test/samples/positive2.tf
+          token: ${{ secrets.GITHUB_TOKEN }}
+          timeout: 60
+          output_path: myoutput/
+          output_formats: sarif
+          ignore_on_exit: results
+          enable_comments: true
+      - run: ls -la && ls -la myoutput
+        if: always()
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,2 @@
+node_modules
+.vscode
diff --git a/README.md b/README.md
diff --git a/action.yml b/action.yml
@@ -1,27 +1,35 @@
 # action.yml
-name: 'KICS Github Action'
-description: 'Run KICS scan against IaC projects'
+name: "KICS Github Action"
+description: "Run KICS scan against IaC projects"
 inputs:
+  token:
+    description: "The GITHUB_TOKEN for the current workflow run"
+    required: false
+    default: ${{github.token}}
+  enable_comments:
+    required: false
+    default: false
+    description: "Enable pull request report comments"
   path:
-    description: 'paths to a file or directories to scan, accepts a comma separated list'
+    description: "paths to a file or directories to scan, accepts a comma separated list"
     required: true
   ignore_on_exit:
-    description: 'defines which non-zero exit codes should be ignored (all, results, errors, none)'
+    description: "defines which non-zero exit codes should be ignored (all, results, errors, none)"
     required: false
   fail_on:
-    description: 'comma separated list of which severities returns exit code !=0'
+    description: "comma separated list of which severities returns exit code !=0"
     required: false
   timeout:
-    description: 'number of seconds the query has to execute before being canceled'
+    description: "number of seconds the query has to execute before being canceled"
     required: false
   profiling:
-    description: 'turns on profiler that prints resource consumption in the logs during the execution (CPU, MEM)'
+    description: "turns on profiler that prints resource consumption in the logs during the execution (CPU, MEM)"
     required: false
   config_path:
-    description: 'path to configuration file'
+    description: "path to configuration file"
     required: false
   platform_type:
-    description: 'case insensitive list of platform types to scan'
+    description: "case insensitive list of platform types to scan"
     required: false
   exclude_paths:
     description: "exclude paths from scan, supports glob, quoted comma separated string example: './shouldNotScan/*,somefile.txt'"
@@ -39,39 +47,44 @@ inputs:
     description: "formats in which the results report will be exported (json, sarif)"
     required: false
   output_path:
-    description: 'file path to store results report (json, sarif)'
+    description: "directory to store results report"
     required: false
   payload_path:
-    description: 'file path to store source internal representation in JSON format'
+    description: "file path to store source internal representation in JSON format"
     required: false
   queries:
     description: 'path to directory with queries (default "./assets/queries")'
     required: false
+  secrets_regexes_path:
+    description: "path to secrets regex rules configuration file"
+    required: false
+  libraries_path:
+    description: "path to directory with Rego libraries"
+    required: false
+  disable_full_descriptions:
+    description: "disable request for full descriptions and use default vulnerability descriptions"
+    required: false
+  disable_secrets:
+    description: "disable secrets detection"
+    required: false
+  type:
+    description: "case insensitive comma-separated list of platform types to scan (Ansible, AzureResourceManager, CloudFormation, Dockerfile, Kubernetes, OpenAPI, Terraform)"
+    required: false
   verbose:
-    description: 'verbose scan'
+    description: "verbose scan"
+    required: false
+  include_queries:
+    description: "comma separated list of queries ID's to include, cannot be provided with query exclusion flags"
+    required: false
+  bom:
+    description: "include bill of materials (BoM) in results output"
+    required: false
 outputs:
   results:
-    description: 'the result of KICS scan'
+    description: "the result of KICS scan"
 branding:
-  icon: 'shield'
-  color: 'green'
+  icon: "shield"
+  color: "green"
 runs:
-  using: 'docker'
-  image: 'Dockerfile'
-  args:
-    - ${{ inputs.path }}
-    - ${{ inputs.ignore_on_exit }}
-    - ${{ inputs.fail_on }}
-    - ${{ inputs.timeout }}
-    - ${{ inputs.profiling }}
-    - ${{ inputs.config }}
-    - ${{ inputs.platform_type }}
-    - ${{ inputs.exclude_paths }}
-    - ${{ inputs.exclude_queries }}
-    - ${{ inputs.exclude_categories }}
-    - ${{ inputs.exclude_results }}
-    - ${{ inputs.output_formats }}
-    - ${{ inputs.output_path }}
-    - ${{ inputs.payload_path }}
-    - ${{ inputs.queries }}
-    - ${{ inputs.verbose }}
+  using: node12
+  main: dist/index.js