Skip to content
checkov

Merge pull request #70 from digitalist-se/ingress_class #185

Sign in to view logs

Merge pull request #70 from digitalist-se/ingress_class

Merge pull request #70 from digitalist-se/ingress_class #185

Workflow file for this run

.github/workflows/checkov.yaml at 157cedc
name: checkov
on:
push:
branches: ["main"]
pull_request:
branches: ["main"]
workflow_dispatch:
jobs:
scan:
permissions:
contents: read # for actions/checkout to fetch code
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
# The type of runner that the job will run on
runs-on: ubuntu-latest
if: github.actor != 'dependabot[bot]'
steps:
- name: Checkout repo
uses: actions/checkout@v4
- name: Run Checkov action
id: checkov
uses: bridgecrewio/checkov-action@v12
with:
directory: charts/directus
quiet: false # optional: display only failed checks
soft_fail: true # optional: do not return an error code if there are failed checks
framework: helm # optional: run only on a specific infrastructure {cloudformation,terraform,kubernetes,all}
output_format: cli,sarif # optional: the output format, one of: cli, json, junitxml, github_failed_only, or sarif. Default: sarif
output_file_path: console,results.sarif
config_file: .tests/.checkov.yaml
skip_check: CKV_K8S_21 # comma separated list
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v2
# Results are generated only on a success or failure
# this is required since GitHub by default won't run the next step
# when the previous one has failed. Security checks that do not pass will 'fail'.
# An alternative is to add `continue-on-error: true` to the previous step
# Or 'soft_fail: true' to checkov.
if: success() || failure()
with:
sarif_file: results.sarif