-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathaction.yaml
58 lines (57 loc) · 2.68 KB
/
action.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
name: 'Aikido Security Github Action'
description: 'This action triggers a scan in Aikido. It will throw an error if any new critical issues were found.'
author: 'Aikido Security'
inputs:
secret-key:
description: 'Secret key provided by Aikido'
required: true
minimum-severity:
description: 'Which minimum severity Aikido should detect. Can be one of the following: LOW, MEDIUM, HIGH, CRITICAL'
required: false
default: "CRITICAL"
fail-on-timeout:
description: 'Whether or not the action should fail when the scan does not complete within 2 minutes.'
required: false
default: "true"
fail-on-dependency-scan:
description: 'Whether or not the action should fail when the pull request introduced new dependency issues with critical severity'
required: false
default: "true"
fail-on-iac-scan:
description: 'Whether or not the action should fail when the pull request introduced new infrastructure as code issues are detected'
required: false
default: "false"
fail-on-sast-scan:
description: 'Whether or not the action should fail when the pull request introduced new SAST issues with critical severity'
required: false
default: "false"
timeout-seconds:
description: 'Provide a number of seconds the action will wait for scans to complete.'
required: false
default: "120"
post-scan-status-comment:
description: 'Let Aikido post a comment on the PR with a summary of the status, this comment will be updated for each scan. Can be one of "on", "off" or "only_if_new_findings". When setting this value to "only_if_new_findings" Aikido will only post a comment once new findings are found, and keep it updated afterwards.'
required: false
default: "off"
post-sast-review-comments:
description: 'Let Aikido post inline review comments for sast findings. Can be one of "on", "off".'
required: false
default: "off"
github-token:
description: 'A token that the action can use to post the status comment, this can be the default GITHUB_TOKEN from the environment with permissions to list and post comments, or a custom PAT.'
required: false
default: ""
outputs:
outcome:
description: |
'The outcome of the scan. This will return `SUCCESS` in case we managed to do a scan and no new critical issues were found.\n
When we did not get results back in time, within 2 minutes, we will return a `TIMEOUT` status but not let the action fail.
In case we did detect a new critical issue, the action will fail and outcome will be `FAILED`'
scanResultUrl:
description: 'A link to the scan results in Aikido.'
runs:
using: 'node20'
main: 'dist/index.js'
branding:
icon: 'shield'
color: 'purple'