-
Notifications
You must be signed in to change notification settings - Fork 12
30 lines (28 loc) · 1.21 KB
/
checkov.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
on: [push]
jobs:
checkov-job:
runs-on: ubuntu-latest
name: checkov-action
steps:
- name: Checkout repo
uses: actions/checkout@master
- name: Run Checkov action
id: checkov
uses: bridgecrewio/checkov-action@master
with:
directory: charts/matomo
quiet: false # optional: display only failed checks
soft_fail: true # optional: do not return an error code if there are failed checks
framework: helm # optional: run only on a specific infrastructure {cloudformation,terraform,kubernetes,all}
output_format: sarif # optional: the output format, one of: cli, json, junitxml, github_failed_only, or sarif. Default: sarif
# output_format: junitxml # optional: the output format, one of: cli, json, junitxml, github_failed_only, or sarif. Default: sarif
# - name: Publish report
# id: import-scan
# uses: ivanamat/defectdojo-import-scan@v1
# with:
# token: ${{ secrets.DEFECTOJO_TOKEN }}
# defectdojo_url: ${{ secrets.DEFECTOJO_URL }}
# file: reports/trivy-scan-report.json
# scan_type: Checkov Scan
# engagement: 81
# close_old_findings: true