From 12b78ed0b38be07169665f6176456f13778da4e1 Mon Sep 17 00:00:00 2001 From: Douglas Coburn Date: Tue, 8 Oct 2024 18:18:02 -0700 Subject: [PATCH] Updated readme --- .gitignore | 3 +-- README.md | 33 +++++++++++++++++++++++++++++++++ action.yml | 3 --- 3 files changed, 34 insertions(+), 5 deletions(-) create mode 100644 README.md diff --git a/.gitignore b/.gitignore index 6d9f588..5738fef 100644 --- a/.gitignore +++ b/.gitignore @@ -19,5 +19,4 @@ markdown_security_temp.md *.pyc test.py *.cpython-312.pyc` -file_generator.py -*.md \ No newline at end of file +file_generator.py \ No newline at end of file diff --git a/README.md b/README.md new file mode 100644 index 0000000..7a50c5d --- /dev/null +++ b/README.md @@ -0,0 +1,33 @@ +# Security Tools Scanning + +The purpose of this action is to run various security tools, process their output, and then comment the results on a PR. It is expected to only run this on PRs + +## Example Usage + +```yaml +name: Security Scan Workflow + +on: + pull_request: + [opened, synchronize] + +jobs: + security-scan: + runs-on: ubuntu-latest + permissions: + pull-requests: write # Set required permissions here + + steps: + - name: Checkout code + uses: actions/checkout@v2 + + - name: Run Security Scan and Comment Action + uses: dacoburn/security-tools@v1.0.1 + with: + github_token: ${{ secrets.GITHUB_TOKEN }} + trufflehog_exclude_dir: "node_modules/*,vendor,.git/*" + bandit_exclude_dir: "tests,migrations,tests,test,.venv,venv" + bandit_rules: "B101,B102,B105,B106,B107,B110,B603,B605,B607" + gosec_rules: "critical,high,medium" + trivy_exclude_dir: "/path/to/ignore" +``` diff --git a/action.yml b/action.yml index 257fa62..cfcd820 100644 --- a/action.yml +++ b/action.yml @@ -50,9 +50,6 @@ inputs: required: false default: "" -permissions: - pull-requests: write - branding: icon: "shield" color: "blue"