forked from Bearer/bearer-action
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathaction.yml
118 lines (117 loc) · 4.07 KB
/
action.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
name: "Bearer Action"
description: "Bearer is a free and open SAST tool that analyzes your source code to help find and fix security and privacy risks."
branding:
icon: "check-square"
color: "purple"
inputs:
version:
description: "Specify the Bearer version to use. This must match a Bearer release name."
required: false
default: ""
scanner:
description: "Specify the comma separated scanners e.g. --scanner secrets,sast"
required: false
default: ""
config-file:
description: "configuration file path"
required: false
default: ""
bearer-ignore-file:
description: "bearer.ignore file path"
required: false
default: ""
only-rule:
description: "Specify the comma-separated ids of the rules you would like to run. Skips all other rules."
required: false
default: ""
skip-rule:
description: "Specify the comma-separated ids of the rules you would like to skip. Runs all other rules."
required: false
default: ""
skip-path:
description: "Specify the comma separated files and directories to skip. Supports * syntax, e.g. --skip-path users/*.go,users/admin.sql"
required: false
default: ""
exclude-fingerprint:
description: "Specify the comma-separated fingerprints of the findings you would like to exclude from the report."
required: false
default: ""
severity:
description: "Specify which severities are included in the report as a comma separated string"
required: false
default: ""
format:
description: "Specify which format to use for the report (json, yaml, sarif, gitlab-sast)"
required: false
default: ""
output:
description: "Specify where to store the report"
required: false
default: ""
api-key:
description: "For use with Bearer Cloud"
required: false
default: ""
diff:
description: "Enable differential scanning. Only supported for pull request events"
required: false
default: "false"
quiet:
description: "Suppress non-essential messages"
required: false
default: ""
hide-progress-bar:
description: "Hide progress bar from output"
required: false
default: "true"
exit-code:
description: "Forces the exit-code when errors are reported"
required: false
default: ""
path:
description: "The path to scan"
required: false
default: "."
outputs:
rule_breaches:
description: "Details of any rule breaches that occur"
value: ${{ steps.run.outputs.rule_breaches }}
exit_code:
description: "exit code from binary"
value: ${{ steps.run.outputs.exit_code }}
runs:
using: "composite"
steps:
- shell: bash
run: |
VERSION="${{ inputs.version }}"
if [[ ! -z "$VERSION" ]]; then
VERSION="v${VERSION#v}"
fi
curl -sfL https://raw.githubusercontent.com/Bearer/bearer/main/contrib/install.sh | sh -s -- -b "$RUNNER_TEMP" "$VERSION"
- id: run
shell: bash
env:
SHA: ${{ github.event.pull_request.head.sha || github.sha }}
PR_NUMBER: ${{ github.event.pull_request.number }}
CURRENT_BRANCH: ${{ github.head_ref }}
DIFF_BASE_BRANCH: ${{ fromJSON(inputs.diff) && github.base_ref || '' }}
DEFAULT_BRANCH: ${{ github.event.repository.default_branch }}
GITHUB_TOKEN: ${{ github.token }}
run: |
$GITHUB_ACTION_PATH/entrypoint.sh \
"--scanner=${{ inputs.scanner }}" \
"--config-file=${{ inputs.config-file }}" \
"--bearer-ignore-file=${{ inputs.bearer-ignore-file }}" \
"--only-rule=${{ inputs.only-rule }}" \
"--skip-rule=${{ inputs.skip-rule }}" \
"--skip-path=${{ inputs.skip-path }}" \
"--exclude-fingerprint=${{ inputs.exclude-fingerprint }}" \
"--format=${{ inputs.format }}" \
"--output=${{ inputs.output }}" \
"--exit-code=${{ inputs.exit-code }}" \
"--severity=${{ inputs.severity }}" \
"--api-key=${{ inputs.api-key }}" \
"--quiet=${{ inputs.quiet }}" \
"--hide-progress-bar=${{ inputs.hide-progress-bar }}" \
"--path=${{ inputs.path }}"