Skip to content

1.0.72 Update container sync script #94

1.0.72 Update container sync script

1.0.72 Update container sync script #94

# Define the name of the workflow.
name: Scan Dockerfile with KICS
# Define when the workflow should be triggered.
on:
# Trigger the workflow on the following events:
# Scan changed files in Pull Requests (diff-aware scanning).
pull_request: {}
# Trigger the workflow on-demand through the GitHub Actions interface.
workflow_dispatch: {}
# Scan mainline branches (main and development) and report all findings.
push:
branches: ["development"]
# Define the jobs that should be executed in this workflow.
jobs:
kics-job:
name: KICS Github Action
# Specify the runner environment. Use the latest version of Ubuntu.
runs-on: ubuntu-latest
# Define permissions for specific GitHub Actions.
permissions:
actions: read # Permission to read GitHub Actions.
contents: read # Permission to read repository contents.
security-events: write # Permission to write security events.
# Define the steps that should be executed in this job.
steps:
- name: Checkout code
uses: actions/checkout@v4
# Step: Checkout code
# Action to check out the code from the repository.
# This step fetches the codebase from the GitHub repository.
- name: Run KICS Scan with SARIF result
uses: Checkmarx/kics-github-action@master
with:
# when provided with a directory on output_path
# it will generate the specified reports file named 'results.{extension}'
# in this example it will generate: results.sarif
output_path: .
platform_type: Dockerfile
output_formats: 'sarif'
ignore_on_exit: results
path: '.build/database/Dockerfile,.build/database_admin/Dockerfile,.build/ldap/Dockerfile,.build/ldap_admin/Dockerfile,.build/www/Dockerfile'
- name: View Results
run: cat results.sarif
- name: Upload Results to GitHub Advanced Security Dashboard
uses: github/codeql-action/upload-sarif@main
with:
sarif_file: results.sarif
category: "KICS Dockerfile Scan"
if: always()
# Upload the SARIF file with scan results to the GitHub Advanced Security Dashboard.