mirror of
https://github.com/ossf/scorecard.git
synced 2024-10-26 10:28:10 +03:00
Feat - Include synk check for k8s yaml
Synk has set of rules to validate the k8s yaml for insecure configuration. This action will validate the k8s yaml for insecure configuration.
This commit is contained in:
parent
3d6b080241
commit
3489c83404
19
.github/workflows/synk.yaml
vendored
Normal file
19
.github/workflows/synk.yaml
vendored
Normal file
@ -0,0 +1,19 @@
|
||||
name: Snyk IaC
|
||||
on: push
|
||||
jobs:
|
||||
snyk:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- name: Run Snyk to check configuration files for security issues
|
||||
continue-on-error: true
|
||||
uses: snyk/actions/iac@master
|
||||
env:
|
||||
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
|
||||
with:
|
||||
file: gitcache/k8s/deployment.yaml
|
||||
args: --severity-threshold=high
|
||||
- name: Upload result to GitHub Code Scanning
|
||||
uses: github/codeql-action/upload-sarif@v1
|
||||
with:
|
||||
sarif_file: snyk.sarif
|
Loading…
Reference in New Issue
Block a user