Horusec is a SAST great DevSecOps tool to use for any pipeline. This is a proof of concept to embed in a Github Action.
You can put arguments as cli (--ignore="**/tmp/**"
), but the better way when use a configuration file. To generate the configuration file:
horusec generate
Below is an example with Horusec configuration. If you want to see how to use in the a real project, you can see here.
on: [push]
jobs:
checking_code:
runs-on: ubuntu-latest
name: Horusec Scan
steps:
- name: Run Horusec
id: run_horusec
uses: fike/[email protected]
with:
arguments: --config-file-path=horusec-config.json
The most common argument to pass is --ignore
directories and target path. You can add any extra argument for Horusec supported but keep in mind that use in the argument line for your Action workflow.
Here is an example to ignore some directories and the target path is "/"
.
on: [push]
jobs:
checking_code:
runs-on: ubuntu-latest
name: Horusec Scan
steps:
- name: Run Horusec
id: run_horusec
uses: fike/[email protected]
with:
arguments: -p="./" --ignore="**/.vscode/**, **/*.env, **/.mypy_cache/**, **/tests/**"
Build Action based Docker purely isn't flexible to split arguments like it's possible when build using Javascript/Typescript.
This is a proof of concept to running Horusec as a Github Action.