Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Updates flags for Github Actions to add support for skip-frameworks, skip-cve-package & output-bc-ids #148

Merged
merged 5 commits into from
Oct 26, 2023
Merged

Updates flags for Github Actions to add support for skip-frameworks, skip-cve-package & output-bc-ids #148

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
9da9e81
Updates flags for Github Actions
billyjbryant Oct 4, 2023
9686792
Adds OpenAi Support
billyjbryant Oct 5, 2023
d7e70b1
Merge branch 'master' into billybryant/new-flags
billyjbryant Oct 5, 2023
6f3ffc2
Merge branch 'master' into billybryant/new-flags
billyjbryant Oct 23, 2023
a731e46
Removing openai_api_key flag support per request in bridgecrewio/chec…
billyjbryant Oct 23, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -82,8 +82,11 @@ jobs:
quiet: true # optional: display only failed checks
soft_fail: true # optional: do not return an error code if there are failed checks
framework: terraform # optional: run only on a specific infrastructure {cloudformation,terraform,kubernetes,all}
skip_framework: terraform # optional: skip a specific infrastructure {cloudformation,terraform,kubernetes,all}
skip_cve_package: CVE_2019_8331 # optional: skip a specific CVE package in SCA scans, can be comma separated list
output_format: sarif # optional: the output format, one of: cli, json, junitxml, github_failed_only, or sarif. Default: sarif
output_file_path: reports/results.sarif # folder and name of results file
output_bc_ids: true # optional: output Bridgecrew platform IDs instead of checkov IDs
download_external_modules: true # optional: download external terraform modules from public git repositories and terraform registry
repo_root_for_plan_enrichment: example/ #optional: Directory containing the hcl code used to generate a given terraform plan file. Use together with `file`
var_file: ./testdir/gocd.yaml # optional: variable files to load in addition to the default files. Currently only supported for source Terraform and Helm chart scans.
Expand Down
16 changes: 14 additions & 2 deletions action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,9 @@ inputs:
api-key:
description: 'Environment variable name of the Bridgecrew API key from Bridgecrew app'
required: false
output-bc-ids:
description: 'Output Bridgecrew IDs (BC...) instead of Checkov IDs (CKV...)'
required: false
use_enforcement_rules:
description: 'Use the Enforcement rules configured in the platform for hard / soft fail logic. See checkov help text for more details on the nuances of this option.'
required: false
Expand All @@ -37,6 +40,9 @@ inputs:
framework:
description: 'run only on a specific infrastructure'
required: false
skip_framework:
description: 'skip a specific infrastructure'
required: false
external_checks_dirs:
description: 'comma separated list of external (custom) checks directories'
required: false
Expand Down Expand Up @@ -104,10 +110,10 @@ inputs:
description: 'Environment variable name for a Bitbucket access token to scan external modules sourced from a private Bitbucket repository'
required: false
bitbucket_app_password:
description: 'Environment variable name for a Bitbucket app password to perform basic auth inorder to scan external modules sourced from a private Bitbucket repository. To be used with bitbucket_usernam'
description: 'Environment variable name for a Bitbucket app password to perform basic auth in order to scan external modules sourced from a private Bitbucket repository. To be used with bitbucket_usernam'
required: false
bitbucket_username:
description: 'Environment variable name for a Bitbucket username to perform basic auth inorder to scan external modules sourced from a private Bitbucket repository. To be used with bitbucket_app_password'
description: 'Environment variable name for a Bitbucket username to perform basic auth in order to scan external modules sourced from a private Bitbucket repository. To be used with bitbucket_app_password'
required: false
repo_root_for_plan_enrichment:
description: 'Directory containing the hcl code used to generate a given plan file. Use with `file`'
Expand All @@ -118,6 +124,9 @@ inputs:
skip_path:
description: 'Path (file or directory) to skip, using regular expression logic, relative to the current working directory. Word boundaries are not implicit; i.e., specifying "dir1" will skip any directory or subdirectory named "dir1". Ignored with -f. (comma separated)'
required: false
skip_cve_package:
description: 'Filter scan to run on all packages except for a specific CVE package identifier, e.g. CVE-2018-19788 (comma separated)'
required: false
outputs:
results:
description: 'The results from the infrastructure scan'
Expand All @@ -136,9 +145,11 @@ runs:
- ${{ inputs.compact }}
- ${{ inputs.quiet }}
- ${{ inputs.soft_fail }}
- ${{ inputs.output_bc_ids }}
- ${{ inputs.use_enforcement_rules }}
- ${{ inputs.skip_results_upload }}
- ${{ inputs.framework }}
- ${{ inputs.skip_framework }}
- ${{ inputs.external_checks_dirs }}
- ${{ inputs.external_checks_repos }}
- ${{ inputs.output_format }}
Expand All @@ -156,6 +167,7 @@ runs:
- ${{ inputs.repo_root_for_plan_enrichment }}
- ${{ inputs.policy_metadata_filter }}
- ${{ inputs.skip_path }}
- ${{ inputs.skip_cve_package }}
- "--user ${{ inputs.container_user }}"
env:
API_KEY_VARIABLE: ${{ inputs.api-key }}
Expand Down
Loading