From f1f79c1aac23936a045b73dd38ec2316d121b7fe Mon Sep 17 00:00:00 2001 From: Juri Burakov <31932344+JuriBurakov@users.noreply.github.com> Date: Thu, 14 Oct 2021 21:18:17 +0300 Subject: [PATCH] Create kubesec-analysis.yml --- .github/workflows/kubesec-analysis.yml | 41 ++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100644 .github/workflows/kubesec-analysis.yml diff --git a/.github/workflows/kubesec-analysis.yml b/.github/workflows/kubesec-analysis.yml new file mode 100644 index 0000000..d09588a --- /dev/null +++ b/.github/workflows/kubesec-analysis.yml @@ -0,0 +1,41 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +name: Kubesec + +on: + push: + branches: [ main ] + pull_request: + # The branches below must be a subset of the branches above + branches: [ main ] + schedule: + - cron: '31 22 * * 3' + +jobs: + lint: + name: Kubesec + runs-on: ubuntu-20.04 + permissions: + actions: read + contents: read + security-events: write + steps: + - name: Checkout code + uses: actions/checkout@v2 + + - name: Run kubesec scanner + uses: controlplaneio/kubesec-action@43d0ddff5ffee89a6bb9f29b64cd865411137b14 + with: + input: file.yaml # specify configuration file to scan here + format: template + template: template/sarif.tpl + output: kubesec-results.sarif + exit-code: "0" + + - name: Upload Kubesec scan results to GitHub Security tab + uses: github/codeql-action/upload-sarif@v1 + with: + sarif_file: kubesec-results.sarif