Skip to content

Commit 5010bbe

Browse files
rafaela-soaresrafaela-soares
authored
Merge pull request #50 from jycamier/feat/queries-comment
feat(reports): add reports in the pull request comment
2 parents 4988213 + d2b7e8e commit 5010bbe

File tree

5 files changed

+130
-31
lines changed

5 files changed

+130
-31
lines changed

.github/workflows/test_action.yaml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -20,5 +20,7 @@ jobs:
2020
output_formats: sarif
2121
ignore_on_exit: results
2222
enable_comments: true
23+
comments_with_queries: true
24+
excluded_column_for_comments_with_queries: "description_id,similarity_id,search_line,search_value,cis_description_id,cis_description_title,cis_description_text,cloud_provider"
2325
- run: ls -la && ls -la myoutput
2426
if: always()

README.md

Lines changed: 28 additions & 26 deletions
Original file line numberDiff line numberDiff line change
@@ -51,32 +51,34 @@ And official documentation page <a href="https://docs.kics.io">docs.kics.io</a>
5151

5252
## Inputs
5353

54-
| Variable | Example Value &nbsp; | Description &nbsp; | Type | Required | Default |
55-
| ------------------------- | --------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- | -------- | --------------------------------------------- |
56-
| enable_comment | true | Enable pull request report comments | Boolean | No | false |
57-
| path | terraform/main.tf,Dockerfile | paths to a file or directories to scan, comma separated list | String | Yes | N/A |
58-
| ignore_on_exit | results | defines which non-zero exit codes should be ignored (all, results, errors, none) | String | No | none |
59-
| fail_on | high,medium | comma separated list of which severities returns exit code !=0 | String | No | high,medium,low,info |
60-
| timeout | 75 | number of seconds the query has to execute before being canceled | String | No | 60 |
61-
| profiling | CPU | turns on profiler that prints resource consumption in the logs during the execution (CPU, MEM) | String | No | N/A |
62-
| config_path | ./kics.config | path to configuration file | String | No | N/A |
63-
| platform_type | terraform,ansible | case insensitive list of platform types to scan | String | No | All platforms |
64-
| exclude_paths | ./shouldNotScan/*,somefile.txt | exclude paths from scan, supports glob, comma separated list | String | No | N/A |
65-
| exclude_queries | a227ec01-f97a-4084-91a4-47b350c1db54 | exclude queries by providing the query ID, comma separated list | String | No | N/A |
66-
| exclude_categories | 'Observability,Networking and Firewall' | exclude categories by providing its name, comma separated list | String | No | N/A |
67-
| exclude_results | 'd4a1fa80-d9d8-450f-87c2-e1f6669c41f8' | exclude results by providing the similarity ID of a result | String | No | N/A |
68-
| include_queries | a227ec01-f97a-4084-91a4-47b350c1db54 | include only specified list of queries to the scan, cannot be provided with query exclusion flags | String | No | N/A |
69-
| output_formats | 'json,sarif' | formats in which the results report will be exported | String | No | json |
70-
| output_path | myResults/ | file path to store result in json format | String | No | "./" |
71-
| payload_path | /tmp/mypayload.json | file path to store source internal representation in JSON format | String | No | N/A |
72-
| queries | | path to directory with queries (default "./assets/queries") | String | No | ./assets/queries downloaded with the binaries |
73-
| verbose | true | verbose scan | Boolean | No | false |
74-
| type | Ansible,Dockerfile | case insensitive comma-separated list of platform types to scan (Ansible, AzureResourceManager, CloudFormation, Dockerfile, Kubernetes, OpenAPI, Terraform) | String | No | all types |
75-
| bom | true | include bill of materials (BoM) in results.json output | Boolean | No | false |
76-
| disable_full_descriptions | false | disable request for full descriptions and use default vulnerability descriptions | Boolean | false |
77-
| disable_secrets | false | disable secrets detection | Boolean | false |
78-
| secrets_regexes_path | ./mydir/secrets-config.json | path to custom secrets regex rules configuration file | String | No | N/A |
79-
| libraries_path | ./myLibsDir | path to directory with Rego libraries | String | No | N/A |
54+
| Variable | Example Value &nbsp; | Description &nbsp; | Type | Required | Default |
55+
|-------------------------------------------|--------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------|---------| -------- |--------------------------------------------------------|
56+
| enable_comment | true | Enable pull request report comments | Boolean | No | false |
57+
| comments_with_queries | true | Add queries in th pull request report comments (available when enable_comments = true) | Boolean | No | false |
58+
| excluded_column_for_comments_with_queries | description_id,similarity_id,search_line,search_value | Excluded columns for the comment with queries, accepts a comma separated list | String | No | description_id,similarity_id,search_line,search_value |
59+
| path | terraform/main.tf,Dockerfile | paths to a file or directories to scan, comma separated list | String | Yes | N/A |
60+
| ignore_on_exit | results | defines which non-zero exit codes should be ignored (all, results, errors, none) | String | No | none |
61+
| fail_on | high,medium | comma separated list of which severities returns exit code !=0 | String | No | high,medium,low,info |
62+
| timeout | 75 | number of seconds the query has to execute before being canceled | String | No | 60 |
63+
| profiling | CPU | turns on profiler that prints resource consumption in the logs during the execution (CPU, MEM) | String | No | N/A |
64+
| config_path | ./kics.config | path to configuration file | String | No | N/A |
65+
| platform_type | terraform,ansible | case insensitive list of platform types to scan | String | No | All platforms |
66+
| exclude_paths | ./shouldNotScan/*,somefile.txt | exclude paths from scan, supports glob, comma separated list | String | No | N/A |
67+
| exclude_queries | a227ec01-f97a-4084-91a4-47b350c1db54 | exclude queries by providing the query ID, comma separated list | String | No | N/A |
68+
| exclude_categories | 'Observability,Networking and Firewall' | exclude categories by providing its name, comma separated list | String | No | N/A |
69+
| exclude_results | 'd4a1fa80-d9d8-450f-87c2-e1f6669c41f8' | exclude results by providing the similarity ID of a result | String | No | N/A |
70+
| include_queries | a227ec01-f97a-4084-91a4-47b350c1db54 | include only specified list of queries to the scan, cannot be provided with query exclusion flags | String | No | N/A |
71+
| output_formats | 'json,sarif' | formats in which the results report will be exported | String | No | json |
72+
| output_path | myResults/ | file path to store result in json format | String | No | "./" |
73+
| payload_path | /tmp/mypayload.json | file path to store source internal representation in JSON format | String | No | N/A |
74+
| queries | | path to directory with queries (default "./assets/queries") | String | No | ./assets/queries downloaded with the binaries |
75+
| verbose | true | verbose scan | Boolean | No | false |
76+
| type | Ansible,Dockerfile | case insensitive comma-separated list of platform types to scan (Ansible, AzureResourceManager, CloudFormation, Dockerfile, Kubernetes, OpenAPI, Terraform) | String | No | all types |
77+
| bom | true | include bill of materials (BoM) in results.json output | Boolean | No | false |
78+
| disable_full_descriptions | false | disable request for full descriptions and use default vulnerability descriptions | Boolean | false |
79+
| disable_secrets | false | disable secrets detection | Boolean | false |
80+
| secrets_regexes_path | ./mydir/secrets-config.json | path to custom secrets regex rules configuration file | String | No | N/A |
81+
| libraries_path | ./myLibsDir | path to directory with Rego libraries | String | No | N/A |
8082

8183

8284
## Simple usage example

action.yml

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,14 @@ inputs:
1010
required: false
1111
default: "false"
1212
description: "Enable pull request report comments"
13+
comments_with_queries:
14+
required: false
15+
default: "false"
16+
description: "Add queries in th pull request report comments (available when enable_comments = true)"
17+
excluded_column_for_comments_with_queries:
18+
required: false
19+
default: "description_id,similarity_id,search_line,search_value"
20+
description: "Excluded columns for the comment with queries, accepts a comma separated list"
1321
path:
1422
description: "paths to a file or directories to scan, accepts a comma separated list"
1523
required: true
@@ -89,6 +97,8 @@ runs:
8997
INPUT_TOKEN: ${{ inputs.token }}
9098
INPUT_OUTPUT_PATH: ${{ inputs.output_path }}
9199
INPUT_ENABLE_COMMENTS: ${{ inputs.enable_comments }}
100+
INPUT_COMMENTS_WITH_QUERIES: ${{ inputs.comments_with_queries }}
101+
INPUT_EXCLUDED_COLUMNS_FOR_COMMENTS_WITH_QUERIES: ${{ inputs.excluded_column_for_comments_with_queries }}
92102
INPUT_OUTPUT_FORMATS: ${{ inputs.output_formats }}
93103
WORKSPACE_PATH: $GITHUB_WORKSPACE
94104
args:

0 commit comments

Comments
 (0)