68 lines (61 loc) · 2.89 KB
/
jit-security.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
name: Workflows generated by the MVS plan
run-name: ${{fromJSON(github.event.inputs.client_payload).payload.job_title}}
on:
workflow_dispatch:
inputs:
client_payload:
description: The Client payload
required: true
permissions:
contents: read
id-token: write
jobs:
enrich:
if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'enrich' && fromJSON(github.event.inputs.client_payload).payload.workflow_slug == 'workflow-enrichment-code'
runs-on: ubuntu-20.04
timeout-minutes: 20
steps:
- name: enrichment
uses: jitsecurity-controls/jit-github-action@v4.0.1
with:
security_control: registry.jit.io/control-enrichment-slim:main
iac-misconfig-detection-cloudformation:
if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'iac-misconfig-detection-cloudformation' && fromJSON(github.event.inputs.client_payload).payload.workflow_slug == 'workflow-iac-misconfiguration-detection'
runs-on: ubuntu-20.04
timeout-minutes: 20
steps:
- name: kics
uses: jitsecurity-controls/jit-github-action@v4.0.1
with:
security_control: registry.jit.io/control-kics-alpine:main
security_control_output_file: /code/jit-report/results.json
iac-misconfig-detection-pulumi:
if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'iac-misconfig-detection-pulumi' && fromJSON(github.event.inputs.client_payload).payload.workflow_slug == 'workflow-iac-misconfiguration-detection'
runs-on: ubuntu-20.04
timeout-minutes: 20
steps:
- name: kics
uses: jitsecurity-controls/jit-github-action@v4.0.1
with:
security_control: registry.jit.io/control-kics-alpine:main
security_control_output_file: /code/jit-report/results.json
iac-misconfig-detection-terraform:
if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'iac-misconfig-detection-terraform' && fromJSON(github.event.inputs.client_payload).payload.workflow_slug == 'workflow-iac-misconfiguration-detection'
runs-on: ubuntu-20.04
timeout-minutes: 20
steps:
- name: kics
uses: jitsecurity-controls/jit-github-action@v4.0.1
with:
security_control: registry.jit.io/control-kics-alpine:main
security_control_output_file: /code/jit-report/results.json
remediation-pr:
if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'remediation-pr' && fromJSON(github.event.inputs.client_payload).payload.workflow_slug == 'workflow-remediation-pr'
runs-on: ubuntu-20.04
timeout-minutes: 20
steps:
- name: remediation-pr
uses: jitsecurity-controls/jit-github-action@v4.0.1
with:
security_control: registry.jit.io/open-remediation-pr-alpine:main
security_control_output_file: /opt/code/jit-report/results.json