Skip to content
/ repo-audit-action Public

A GitHub Action to audit all your organization's repositories using Reposaur.

docs.reposaur.com

License

MIT license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

reposaur/repo-audit-action

Use this GitHub action with your project
Add this Action to an existing workflow or create a new one
View on Marketplace
BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

18 Commits
action
action
 
 
executor
executor
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
action.yml
action.yml
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 

Repository files navigation

Repo Audit

A GitHub Action to audit all your organization's repositories using Reposaur.

Features

  • Automatically audit every repository in a GitHub Organization
  • Write custom policies using the Rego language
  • Get reports in the Code Scanning alerts dashboard of your repository and organization (only available for public repositories or with GitHub Advanced Security enabled)

Usage

- name: Audit
  uses: reposaur/repo-audit-action@main
  with:
    # Paths to policies or directory of policies (one path per line).
    # Default: ${{ github.workspace }}
    policy: ''

    # Path to the output directory to where SARIF reports will be written.
    # Default: ${{ github.workspace }}/.reposaur
    output: ''

    # Maximum amount of errors that Reposaur can encounter before
    # aborting policy execution. If the value is 0, execution will never
    # stop on errors.
    # Default: 0
    max-errors: ''
  env:
    # A GitHub Token that can list your organization's repositories
    # and upload SARIF reports to Code Scanning.
    GITHUB_TOKEN: ''

Example

Since this action is meant to run for the whole organization, we usually create a policy repository to hold both the workflow and our custom policies. See reposaur/policy for an example.

The example below will run on every push and everyday at 23h00 UTC. Alternatively, it can also be triggered manually.

name: Audit

on:
  push:
  schedule:
    - cron: 0 23 * * *
  workflow_dispatch:

jobs:
  audit:
    name: Audit
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v3
        with:
          repository: reposaur/policy

      - id: app-token
        name: Authenticate
        uses: getsentry/action-github-app-token@v1
        with:
          app_id: ${{ secrets.MY_SECURITY_APP_ID }}
          private_key: ${{ secrets.MY_SECURITY_APP_PRIVATE_KEY }}

      - name: Audit
        uses: reposaur/repo-audit-action@main
        env:
          GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}

Contributing

We appreciate every contribution, thanks for considering it!

License

This project is released under the MIT License.

About

A GitHub Action to audit all your organization's repositories using Reposaur.

docs.reposaur.com

Topics

security audit policy compliance github-actions rego reposaur

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

1 star

Watchers

2 watching

Forks

0 forks
Report repository

Releases 1

v0.1.0 Latest
May 11, 2022

Languages