|
|
|
#
|
|
|
|
# Author: Hari Sekhon
|
|
|
|
# Date: Tue Feb 4 09:53:28 2020 +0000
|
|
|
|
#
|
|
|
|
# vim:ts=2:sts=2:sw=2:et
|
|
|
|
#
|
|
|
|
# https://github.com/HariSekhon/DevOps-Bash-tools
|
|
|
|
#
|
|
|
|
# If you're using my code you're welcome to connect with me on LinkedIn and optionally send me feedback
|
|
|
|
#
|
|
|
|
# https://www.linkedin.com/in/HariSekhon
|
|
|
|
#
|
|
|
|
|
|
|
|
# ============================================================================ #
|
|
|
|
# C h e c k o v G i t H u b W o r k f l o w
|
|
|
|
# ============================================================================ #
|
|
|
|
|
|
|
|
# Static analysis of Terraform code - publishes report to GitHub Security tab
|
|
|
|
|
|
|
|
# https://github.com/bridgecrewio/checkov-action
|
|
|
|
|
|
|
|
---
|
|
|
|
name: Checkov
|
|
|
|
|
|
|
|
on:
|
|
|
|
push:
|
|
|
|
branches:
|
|
|
|
- master
|
|
|
|
- main
|
|
|
|
paths-ignore:
|
|
|
|
- '**/*.md'
|
|
|
|
pull_request:
|
|
|
|
branches:
|
|
|
|
- master
|
|
|
|
- main
|
|
|
|
paths-ignore:
|
|
|
|
- '**/*.md'
|
|
|
|
workflow_dispatch:
|
|
|
|
inputs:
|
|
|
|
debug:
|
|
|
|
type: boolean
|
|
|
|
required: false
|
|
|
|
default: false
|
|
|
|
schedule:
|
|
|
|
- cron: '0 0 * * 1'
|
|
|
|
|
|
|
|
permissions:
|
|
|
|
actions: read
|
|
|
|
contents: read
|
|
|
|
security-events: write
|
|
|
|
|
|
|
|
jobs:
|
|
|
|
checkov:
|
|
|
|
# github.event.repository context not available in scheduled workflows
|
|
|
|
#if: github.event.repository.fork == false
|
|
|
|
if: github.repository_owner == 'HariSekhon'
|
|
|
|
name: Checkov
|
|
|
|
uses: HariSekhon/GitHub-Actions/.github/workflows/checkov.yaml@master
|
|
|
|
with:
|
|
|
|
debug: ${{ github.event.inputs.debug }}
|