add Datree

This commit is contained in:
hadar-co
2022-11-23 16:19:36 +02:00
parent 1dddb856aa
commit 384d799f2c
3 changed files with 52 additions and 0 deletions
+44
View File
@@ -0,0 +1,44 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
# A sample workflow which checks out your code and scans your desired k8s config files for misconfigurations using the Datree CLI.
# The results are then uploaded to GitHub Security Code Scanning.
#
# For more information and configurations options, see https://github.com/datreeio/action-datree/
name: Datree
on:
push:
branches: [ main ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ main ]
jobs:
datree:
permissions:
contents: read # for actions/checkout to fetch code
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Run Datree policy check
continue-on-error: true
uses: hadar-co/action-datree@main
env:
# In order to use the Datree action you will need to have a Datree token.
# See https://hub.datree.io/setup/account-token#1-get-your-account-token-from-the-dashboard to acquire your token.
DATREE_TOKEN: ${{ secrets.DATREE_TOKEN }}
with:
# Add the path to the configuration file/s that you would like to test.
# See https://github.com/datreeio/action-datree#usage for all available options.
path: test-file.yaml
# Setting a SARIF output will generate a file named "datree.sarif" containing your test results
cliArguments: "-o sarif"
- name: Upload result to GitHub Code Scanning
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: datree.sarif
@@ -0,0 +1,7 @@
{
"name": "Datree",
"creator": "Datree",
"description": "Detect misconfigurations in your Kubernetes manifests and present them in Github code scanning",
"iconName": "datree",
"categories": ["Code Scanning", "YAML"]
}