chore: create configurable security scan #308
Conversation
kevinkupski
left a comment
kevinkupski
left a comment
There was a problem hiding this comment.
Thanks for opening the PR. I did not review the template/Python scripts in detail but would test the workflow(s) when they are ready to check the result.
Btw. do you think we can run this whenever this code changes to have a test for the workflow(s)? Similar to the other workflow/action tests?
|
It also looks like that there are some syntax errors: https://github.com/zweitag/github-actions/actions/runs/20659089108 |
kevinkupski
left a comment
kevinkupski
left a comment
There was a problem hiding this comment.
Very good work 👏
I have just some small last comments. After fixing it, feel free to merge this PR.
| <a href="https://github.com/zweitag/github-actions/actions"><img alt="GitHub Actions status" src="https://github.com/zweitag/github-actions/workflows/trivy-scan/badge.svg"></a> | ||
| </p> | ||
|
|
||
| This Action is part of the Security-Scanning Actions. This Action is for Security-Scanning with [Trivy](https://github.com/aquasecurity/trivy) and provides a cost-effective, reusable security scanning pipeline that works in any repository without relying on paid GitHub Code Scanning features. |
There was a problem hiding this comment.
Nitpick: trivy-scan is not an action but a reusable workflow. I would call it that in this README.
| <a href="https://github.com/zweitag/github-actions/actions"><img alt="GitHub Actions status" src="https://github.com/zweitag/github-actions/workflows/checkov-scan/badge.svg"></a> | ||
| </p> | ||
|
|
||
| This Action is part of the Security-Scanning Actions. This Action is for Security-Scanning with [Checkov](https://github.com/bridgecrewio/checkov) and provides a cost-effective, reusable security scanning pipeline that works in any repository without relying on paid GitHub Code Scanning features. |
There was a problem hiding this comment.
Same here Action -> Workflow
| run: mkdir -p ./scan-results | ||
|
|
||
| - name: setup trivy | ||
| uses: aquasecurity/setup-trivy@e07451d2e059ed86c2870430ea286b3a9e0bf241 |
There was a problem hiding this comment.
Is there a reason why you pinned a specific commit and not the release tag, e.g. v0.2.5?
No description provided.