-
Notifications
You must be signed in to change notification settings - Fork 0
/
action.yml
74 lines (69 loc) · 2.74 KB
/
action.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
name: Contrast Local Scan
description: Runs Contrast local scanner against the current repository
branding:
icon: crosshair
color: green
inputs:
apiUrl: # id of input
description: Url of your contrast instance, defaults to https://app.contrastsecurity.com/
required: true
default: 'https://app.contrastsecurity.com/'
apiUserName:
description: User name for authentication
required: true
apiKey:
description: API Key from user settings
required: true
apiServiceKey:
description: Service Key from user settings
required: true
apiOrgId:
description: Organization ID from user settings
required: true
checks:
description: >
If set, checks will be added to the current commit based on any vulnerabilities found. Requires the 'checks: write' permission.
required: false
default: false
codeQuality:
description: Set this to true to include code quality rules when executing source code scanner.
required: false
default: false
defaultBranch:
description: >
Set this to true or false explicitly override the default branching behviour in scan whereby scan results not on the default github branch are not saved against the main project.
required: false
label:
description: Label to associate with the current scan. Defaults to the current ref e.g. refs/heads/main
memory:
description: Memory setting passed to the underlying scan engine. Defaulted to 8g
required: false
path:
description: Path to scan with local scanner. Defaults to the current repository path.
required: false
projectName:
description: Project to associate scan with. Defaults to current github repository name e.g. Example-ORG/example-repo
required: false
resourceGroup:
description: Resource group to assign newly created projects to.
required: false
strategy:
description: >
Used in conjuction with severity or checks, set this valid to fail the build based on agreggated project vulnerabilities or scan level. Valid values are "project" or "scan". Defaults to "project".
required: false
default: "project"
severity:
description: >
Set this to cause the build to fail if vulnerabilities are found exceeding this severity or higher. Valid values are CRITICAL, HIGH, MEDIUM, LOW, NOTE.
required: false
timeout:
description: Execution timeout (in seconds) setting passed to the underlying scan engine. Defaulted to 60 minutes.
required: false
token:
description: >
GitHub token for GitHub API requests. Defaults to GITHUB_TOKEN.
required: true
default: ${{ github.token }}
runs:
using: 'docker'
image: 'docker://ghcr.io/contrast-security-oss/contrast-local-scan-action:sha-85af24a1bcb32431051fde82971311c956ffc0b2'