GH Actions: Add KICS

KICS - Keeping Infrastructure as Code Secure Opensource tool for detecting flaws in infrastructure code Signed-off-by: Martin Basti <mbasti@redhat.com>
containerbuildsystem · Nov 25, 2022 · b6359d9 · b6359d9
1 parent 3d9a51d
commit b6359d9
Showing 1 changed file with 38 additions and 0 deletions.
diff --git a/.github/workflows/kics.yaml b/.github/workflows/kics.yaml
@@ -0,0 +1,38 @@
+name: "KICS"
+
+on:
+  push:
+    branches: [ "master" ]
+  pull_request:
+    branches: [ "master" ]
+  schedule:
+    - cron: "56 22 * * 2"
+
+jobs:
+  kics-analyze:
+    name: KICS-Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+
+    steps:
+    - uses: actions/checkout@v3
+    - name: Mkdir results-dir
+      # make sure results dir is created
+      run: mkdir -p results-dir
+    - name: Run kics Scan
+      uses: Checkmarx/kics-github-action@v1.6
+      with:
+        path: 'tasks,defaults,meta'
+        platform_type: ansible
+        output_path: results-dir
+        output_formats: 'json,sarif'
+    - name: Upload SARIF file
+      uses: github/codeql-action/upload-sarif@v2
+      with:
+        sarif_file: results-dir/results.sarif