-
Notifications
You must be signed in to change notification settings - Fork 0
/
action.yml
50 lines (45 loc) · 2.17 KB
/
action.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
apiVersion: automation.cloudbees.io/v1alpha1
kind: action
name: TruffleHog Secret Scan S3 Action
inputs:
bucket-name:
required: true
description: 'Name of the S3 bucket.'
threshold-very-high:
required: false
default: 999
description: 'The threshold for very high severity. Build will be broken if vulnerabilities with very high severity exceeds this threshold.'
threshold-high:
required: false
default: 999
description: 'The threshold for high severity. Build will be broken if vulnerabilities with high severity exceeds this threshold.'
threshold-medium:
required: false
default: 999
description: 'The threshold for medium severity. Build will be broken if vulnerabilities with medium severity exceeds this threshold.'
threshold-low:
required: false
default: 999
description: 'The threshold for low severity. Build will be broken if vulnerabilities with low severity exceeds this threshold.'
runs:
using: composite
steps:
- id: run-trufflehog-secret-s3-scan
name: trufflehogs3
uses: docker://public.ecr.aws/l7o7z1g8/actions/trufflehog-secret-actions:main-d7b96644fc7b58bf75d642d5f5aa84132cf5762e
shell: sh
env:
CONFIG_JSON: '{"metaInfo":{"bucketName":"${{ inputs.bucket-name }}"},"orchestratorInfo":{"assetType":"CODE","assetIdentifier":"${{ inputs.bucket-name }}","profileIdentifier":"${{ inputs.bucket-name }}"},"metaInformation":{"actor":"SCM-Bot","commit_id":"${{ cloudbees.scm.sha }}","tenent_info":"NA","scanner_type":"SAST"}}'
THRESHOLD_JSON: '{"veryHigh":${{ inputs.threshold-very-high }},"high":${{ inputs.threshold-high }},"medium":${{ inputs.threshold-medium }},"low":${{ inputs.threshold-low }}}'
RUN_ID: ${{ cloudbees.run_id }}
STEP_ID: ${{ step.internal.id }}
JOB_ID: ${{ job.id }}
DNS_URL: ${{ cloudbees.api.url }}
JWT_TOKEN: ${{ cloudbees.api.token }}
run: |
set -x
echo "RUN ID: ${{ cloudbees.run_id }}"
echo "Job ID: ${{ job.id }}"
echo "Step ID: ${{ step.internal.id }}"
cd /app
./trufflehog_secret_scan_app scan -t 'S3' -c "${CONFIG_JSON}" -r "${THRESHOLD_JSON}"