Skip to content

chore(deps): update execution environments #337

chore(deps): update execution environments

chore(deps): update execution environments #337

Workflow file for this run

---
name: 'KICS'
on: # yamllint disable-line rule:truthy
schedule:
- cron: '43 18 * * 4'
pull_request:
branches:
- 'main'
workflow_dispatch: {}
# Declare default permissions as read only.
permissions: 'read-all'
jobs:
analysis:
name: 'KICS analysis'
runs-on: 'ubuntu-latest'
permissions:
# Needed to upload the results to code-scanning dashboard.
security-events: 'write'
# Needed to publish results and get a badge (see publish_results below).
id-token: 'write'
# Uncomment the permissions below if installing in a private repository.
# contents: read
# actions: read
steps:
- name: 'Harden Runner'
uses: 'step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6' # v2.8.1
with:
egress-policy: 'block'
disable-sudo: true
allowed-endpoints: >
api.github.com:443
github.com:443
kics.io:443
packages.wolfi.dev:443
registry.npmjs.org:443
- name: 'Checkout the repository'
uses: 'actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332' # v4.1.7
with:
persist-credentials: false
- name: 'Create results directory'
run: 'mkdir -p results'
- name: 'Run KICS scan'
uses: 'checkmarx/kics-github-action@252e73959bd4809a14863cbfbb42d7a90d5a4860' # v2.1.1
with:
path: './'
output_path: 'results'
config_path: './kics.config'
output_formats: 'sarif'
# Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
# format to the repository Actions tab.
- name: 'Upload artifact'
uses: 'actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b' # v4.3.4
with:
name: 'SARIF file'
path: 'results/results.sarif'
retention-days: 5
# Upload the results to GitHub's code scanning dashboard (optional).
# Commenting out will disable upload of results to your repo's Code Scanning dashboard
- name: 'Upload to code-scanning'
uses: 'github/codeql-action/upload-sarif@4fa2a7953630fd2f3fb380f21be14ede0169dd4f' # v3.25.12
with:
sarif_file: 'results/results.sarif'
...