Skip to content

Latest commit

 

History

History
104 lines (85 loc) · 5.01 KB

README.md

File metadata and controls

104 lines (85 loc) · 5.01 KB

Automate Infrastructure as Code Security Checks with AccuKnox GitHub Action

Learn More

Input Values Description Optional/Required Default Values
file Specify a file for scanning; cannot be used with directory input. Filter runners by file type, e.g., '.tf' for Terraform. Optional -
directory Directory with infrastructure code and/or package manager files to scan Optional .
compact Do not display code blocks in output Optional -
quiet Display only failed checks Optional -
output_format The format of the output. Options: cli, json, junitxml, github_failed_only, or sarif (comma-separated) Optional json
output_file_path Path and name for the output file, needs to end with a comma for a single output format Optional ./results.json
soft_fail Do not return an error code if there are failed checks Optional -
framework Run only on a specific infrastructure, values can be Kubernetes or Terraform. Optional(🚧) -
skip_framework Skip a specific infrastructure Optional(🚧) -
baseline Path to a baseline file to compare. Report will include only failed checks that are not in the baseline Optional baseline
token The token for authenticating with the CSPM panel Required -
tenant_id The ID of the tenant associated with the CSPM panel Required -
endpoint The URL of the CSPM panel to push the scan results to Optional cspm.demo.accuknox.com
label The label created in AccuKnox SaaS for associating scan results. Required -

Usage

Steps for using Install-action in a workflow yaml file

  • Checkout into the repo using checkout action.
  • Utilize the accuknox/iac-scan-action repository with version tag v0.0.1.

Token Generation from Accuknox SaaS and Viewing Tenant ID

Navigate to Tokens within the Settings section in the sidebar:

1

Click on Create Token: After clicking on 'Create Token,' the Tenant ID will be visible. 2

Click on Generate:

3

workflow steps:

- name: Run IaC scan
  uses: accuknox/[email protected]
  with:
    file: #Optional
    directory: #Optional
    compact: #Optional
    quiet: #Optional
    output_format: #Optional
    output_file_path: #Optional
    framework: #Optional
    skip_framework: #Optional
    soft_fail: #Optional
    endpoint: #Optional
    baseline: #Optional
    token: #Required
    tenant_id: #Required
    label: #Required

Sample Configuration

name: AccuKnox IaC Scan Workflow

on:
  push:
    branches:
      - main
  pull_request:
    branches:
      - main

jobs:
  tests:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@main

      - name: Run IaC scan
        uses: accuknox/[email protected]
        with:
          file:
          directory:
          compact:
          quiet:
          output_format:
          output_file_path:
          framework:
          skip_framework:
          soft_fail:
          endpoint:
          baseline:
          token: ${{ secrets.TOKEN }}
          tenant_id: ${{ secrets.TENANT_ID }}
          label: ${{ secrets.LABEL }}