From 20bd227226e068f8052363b9a153c7290a3dcd69 Mon Sep 17 00:00:00 2001 From: Nick Fyson Date: Mon, 8 Mar 2021 13:40:39 +0000 Subject: [PATCH] add kubesec code scanning workflow --- code-scanning/kubesec.yml | 37 +++++++++++++++++++ .../properties/kubesec.properties.json | 7 ++++ icons/kubesec.svg | 16 ++++++++ 3 files changed, 60 insertions(+) create mode 100644 code-scanning/kubesec.yml create mode 100644 code-scanning/properties/kubesec.properties.json create mode 100644 icons/kubesec.svg diff --git a/code-scanning/kubesec.yml b/code-scanning/kubesec.yml new file mode 100644 index 0000000..8d3d0eb --- /dev/null +++ b/code-scanning/kubesec.yml @@ -0,0 +1,37 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +name: Kubesec + +on: + push: + branches: [ $default-branch, $protected-branches ] + pull_request: + # The branches below must be a subset of the branches above + branches: [ $default-branch ] + schedule: + - cron: $cron-weekly + +jobs: + lint: + name: Kubesec + runs-on: ubuntu-20.04 + steps: + - name: Checkout code + uses: actions/checkout@v2 + + - name: Run kubesec scanner + uses: controlplaneio/kubesec-action@43d0ddff5ffee89a6bb9f29b64cd865411137b14 + with: + input: file.yaml # specify configuration file to scan here + format: template + template: template/sarif.tpl + output: kubesec-results.sarif + exit-code: "0" + + - name: Upload Kubesec scan results to GitHub Security tab + uses: github/codeql-action/upload-sarif@v1 + with: + sarif_file: kubesec-results.sarif \ No newline at end of file diff --git a/code-scanning/properties/kubesec.properties.json b/code-scanning/properties/kubesec.properties.json new file mode 100644 index 0000000..66d5619 --- /dev/null +++ b/code-scanning/properties/kubesec.properties.json @@ -0,0 +1,7 @@ +{ + "name": "Kubesec", + "creator": "Controlplane", + "description": "Security risk analysis for Kubernetes resources. Submit pod-types (such as deployment, cronjob) to receive an itemised security risk score.", + "iconName": "kubesec", + "categories": ["Code Scanning"] +} diff --git a/icons/kubesec.svg b/icons/kubesec.svg new file mode 100644 index 0000000..828eb09 --- /dev/null +++ b/icons/kubesec.svg @@ -0,0 +1,16 @@ + + + + + + image/svg+xml + + + + + + + + + +