| Input Values | Description | Optional/Required | Default Values |
|---|---|---|---|
| file | Specify a file for scanning; cannot be used with directory input. Filter runners by file type, e.g., '.tf' for Terraform. | Optional | - |
| directory | Directory with infrastructure code and/or package manager files to scan | Optional | . |
| compact | Do not display code blocks in output | Optional | - |
| quiet | Display only failed checks | Optional | - |
| output_format | The format of the output. Options: cli, json, junitxml, github_failed_only, or sarif (comma-separated) | Optional | json |
| output_file_path | Path and name for the output file, needs to end with a comma for a single output format | Optional | ./results.json |
| soft_fail | Do not return an error code if there are failed checks | Optional | - |
| framework | Run only on a specific infrastructure, values can be Kubernetes or Terraform. | Optional(🚧) | - |
| skip_framework | Skip a specific infrastructure | Optional(🚧) | - |
| baseline | Path to a baseline file to compare. Report will include only failed checks that are not in the baseline | Optional | baseline |
| token | The token for authenticating with the CSPM panel | Required | - |
| tenant_id | The ID of the tenant associated with the CSPM panel | Required | - |
| endpoint | The URL of the CSPM panel to push the scan results to | Optional | cspm.demo.accuknox.com |
| label | The label created in AccuKnox SaaS for associating scan results. | Required | - |
Steps for using Install-action in a workflow yaml file
- Checkout into the repo using checkout action.
- Utilize the accuknox/iac-scan-action repository with version tag v0.0.1.
Navigate to Tokens within the Settings section in the sidebar:
Click on Create Token:
After clicking on 'Create Token,' the Tenant ID will be visible.
Click on Generate:
- name: Run IaC scan
uses: accuknox/[email protected]
with:
file: #Optional
directory: #Optional
compact: #Optional
quiet: #Optional
output_format: #Optional
output_file_path: #Optional
framework: #Optional
skip_framework: #Optional
soft_fail: #Optional
endpoint: #Optional
baseline: #Optional
token: #Required
tenant_id: #Required
label: #Requiredname: AccuKnox IaC Scan Workflow
on:
push:
branches:
- main
pull_request:
branches:
- main
jobs:
tests:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@main
- name: Run IaC scan
uses: accuknox/[email protected]
with:
file:
directory:
compact:
quiet:
output_format:
output_file_path:
framework:
skip_framework:
soft_fail:
endpoint:
baseline:
token: ${{ secrets.TOKEN }}
tenant_id: ${{ secrets.TENANT_ID }}
label: ${{ secrets.LABEL }}