Merge pull request #2 from udit-uniyal/main

Updated action.yaml and readme.md

README.md

@@ -1,61 +1,25 @@
-# install-action
-
-Github actions to install AccuKnox IaC Scanner.
+# Automate Infrastructure as Code Security Checks with AccuKnox GitHub Action
 
 ## Learn More
 
 - [About Accuknox](https://www.accuknox.com/)
 
-## Inputs
-
-```yaml
-name: 'Accuknox IaC Scan'
-description: 'Run Scan against infrastructure as code.'
-inputs:
-  file:
-    description: 'File with infrastructure code or packages to scan'
-    required: false
-  directory:
-    default: '.'
-    description: 'Directory with infrastructure code and/or package manager files to scan'
-    required: false
-  compact:
-    description: 'Do not display code blocks in output'
-    required: false
-  quiet:
-    description: 'display only failed checks'
-    required: false
-  output_format:
-    description: 'The format of the output. cli, json, junitxml, github_failed_only, or sarif (comma separated)'
-    required: false
-    default: 'json'
-  output_file_path:
-    description: 'Path and name for output file, needs to end with a comma for a single output format'
-    required: false
-  soft_fail:
-    description: 'do not return an error code if there are failed checks'
-    required: false
-  framework:
-    description: 'run only on a specific infrastructure'
-    required: false
-  skip_framework:
-    description: 'skip a specific infrastructure'
-    required: false
-  github_pat:
-    description: 'Environment variable name for a Github personal access token for scanning external modules sourced from private repositories'
-    required: false
-  token:
-    description: 'The token for authenticating with the CSPM panel.'
-    required: true
-  tenant_id:
-    description: 'The ID of the tenant associated with the CSPM panel.'
-    required: true
-  endpoint:
-    description: 'The URL of the CSPM panel to push the scan results to.'
-    required: true
-    default: 'cspm.demo.accuknox.com'
-```
 
+| Input Values | Description | Optional/Required | Default Values |
+|--------------|-------------|-------------------|----------------|
+| file | Specify a file for scanning; cannot be used with directory input. Filter runners by file type, e.g., '.tf' for Terraform. | Optional | - |
+| directory | Directory with infrastructure code and/or package manager files to scan | Optional | `.` |
+| compact | Do not display code blocks in output | Optional | - |
+| quiet | Display only failed checks | Optional | - |
+| output_format | The format of the output. Options: cli, json, junitxml, github_failed_only, or sarif (comma-separated) | Optional | `json` |
+| output_file_path | Path and name for the output file, needs to end with a comma for a single output format | Optional | ./results.json |
+| soft_fail | Do not return an error code if there are failed checks | Optional | - |
+| framework | Run only on a specific infrastructure, values can be Kubernetes or Terraform. | Optional | - |
+| skip_framework | Skip a specific infrastructure | Optional | - |
+| baseline | Path to a baseline file to compare. Report will include only failed checks that are not in the baseline | Optional | `baseline` |
+| token | The token for authenticating with the CSPM panel | Required | - |
+| tenant_id | The ID of the tenant associated with the CSPM panel | Required | - |
+| endpoint | The URL of the CSPM panel to push the scan results to | Optional | `cspm.demo.accuknox.com` |
 ## Usage
 
 Steps for using Install-action in a workflow yaml file 
@@ -84,17 +48,18 @@ Click on Generate:
       - name: Run IaC scan
         uses: accuknox/[email protected]
         with:
-          file:
-          directory:
-          compact:            
-          quiet:                
-          output_file_path: 
-          framework: 
-          skip_framework: 
-          soft_fail:         
-          github_pat: 
+          file:                #Optional
+          directory:           #Optional
+          compact:             #Optional
+          quiet:               #Optional
+          output_format:       #Optional
+          output_file_path:    #Optional
+          framework:           #Optional
+          skip_framework:      #Optional
+          soft_fail:           #Optional
+          endpoint:            #Optional
+          baseline:            #Optional
           token: 
-          endpoint: 
           tenant_id: 
 ```
 
@@ -126,14 +91,15 @@ jobs:
           file: 
           directory: 
           compact: 
-          quiet: 
+          quiet:
+          output_format: 
           output_file_path:
           framework: 
           skip_framework: 
           soft_fail:
-          github_pat: 
-          token: 
-          endpoint: 
-          tenant_id:
+          endpoint:
+          baseline: 
+          token: ${{ secrets.TOKEN }}
+          tenant_id: ${{ secrets.TENANT_ID }}
 
 ```

action.yaml

@@ -2,7 +2,7 @@ name: 'Accuknox IaC'
 description: 'Run Scan against infrastructure as code.'
 inputs:
   file:
-    description: 'File with infrastructure code or packages to scan'
+    description: 'Specify a file for scanning; cannot be used with directory input. Filter runners by file type, e.g., ".tf" for Terraform.'
     required: false
   directory:
     default: '.'
@@ -25,16 +25,10 @@ inputs:
     description: 'do not return an error code if there are failed checks'
     required: false
   framework:
-    description: 'run only on a specific infrastructure'
+    description: 'Run only on a specific infrastructure, Supported: Kuberenetes & Terraform'
     required: false
   skip_framework:
-    description: 'skip a specific infrastructure'
-    required: false
-  github_pat:
-    description: 'Environment variable name for a Github personal access token for scanning external modules sourced from private repositories'
-    required: false
-  enable_secrets_scan_all_files:
-    description: 'Scan all files for secrets'
+    description: 'Skip a specific infrastructure'
     required: false
   token:
     description: 'The token for authenticating with the CSPM panel.'
@@ -77,13 +71,14 @@ runs:
           INPUT_OUTPUT_FILE_PATH: ${{ inputs.output_file_path }}
           INPUT_SOFT_FAIL: ${{ inputs.soft_fail }}
           INPUT_FRAMEWORK: ${{ inputs.framework }}
-        
+
       - name: Formating the results  
         run: | 
-          sudo jq --arg repoLink "${{ github.server_url }}/${{ github.repository }}" --arg branch "${{ github.head_ref }}" '. += [{"details": {"repo": $repoLink, "branch": $branch}}]' /results.json | sudo tee /results.json > /dev/null
+          jq --arg repoLink "${{ github.server_url }}/${{ github.repository }}" --arg branch "${{ github.head_ref }}" '. += [{"details": {"repo": $repoLink, "branch": $branch}}]' results/results_json.json > temp.json && mv temp.json results.json
         shell: bash
-
+
+
       - name: Push report to CSPM panel
         run: |
-          curl --location --request POST 'https://${{ inputs.endpoint }}/api/v1/artifact/?tenant_id=${{ inputs.tenant_id }}&data_type=IAC&save_to_s3=false' --header 'Tenant-Id: ${{ inputs.tenant_id  }}' --header 'Authorization: Bearer ${{ inputs.token }}' --form 'file=@"./results.json"'
-        shell: bash
+          curl --location --request POST 'https://${{ inputs.endpoint }}/api/v1/artifact/?tenant_id=${{ inputs.tenant_id }}&data_type=IAC&save_to_s3=false' --header 'Tenant-Id: ${{ inputs.tenant_id  }}' --header 'Authorization: Bearer ${{ inputs.token }}' --form 'file=@"results.json"'
+        shell: bash