Skip to content

insightCloudSec Scan

Actions
Scans a cloudformation template and saves results to disk.
v2.0.1
Latest
By rapid7
Verified creator
Star (10)

Tags

 (2)
continuous-integrationsecurity

Verified

GitHub has manually verified the creator of the action as an official partner organization. For more info see About badges in GitHub Marketplace.

insightCloudSec

insightCloudSec Scan

The insightCloudSec Scan Github Action allows security and development teams to integrate infrastructure-as-code (IaC) scanning in their CI/CD pipelines.

About insightCloudSec

insightCloudSec secures your public cloud environment from development to production with a modern, integrated, and automated approach.

Usage

Two secrets need to be added for the action to work:

  • ICS_BASE_URL - The URL of your InsightCloudSec server
  • ICS_API_KEY - An InsightCloudSec API key

Read how to set secrets here: https://docs.github.com/en/actions/security-guides/encrypted-secrets

- uses: rapid7/insightcloudsec-actions@latest
  with:
    # "ICS_API_KEY" secret
    api_key: ${{ secrets.ics_api_key }}

    # "ICS_BASE_URL" secret
    base_url: ${{ secrets.ics_base_url }}

    # Name of the IaC config you wish to scan with
    config_name: AWS CIS Benchmark 1.4

    # Optional file(s) to scan (default: all files in the repository excluding the .git/ directory)
    target: ./[^.git]*

An example workflow may look like this:

on:
  pull_request:
    branches:
      - master
      - main

jobs:
  ics-scan-and-upload:
    name: insightCloudSec repository scan with Github Advanced Security
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: Scan the repository
        uses: rapid7/insightcloudsec-actions@v2
        with:
          api_key: ${{ secrets.ics_api_key }}
          base_url: ${{ secrets.ics_base_url }}
          config_name: AWS CIS Benchmark 1.4
      # the following is optional but recommended to retrieve scan reports and logs
      - name: Attach scan artifacts
        if: always()
        uses: actions/upload-artifact@v3
        with:
          name: mimics-scan-artifacts
          path: |
            ./log/mimics*.log
            ./ics_scan.*
      # the following is optional but recommended to surface results to Github Advanced Security
      - name: Upload the sarif report to Github Advanced Security
        if: always()
        uses: github/codeql-action/upload-sarif@v2
        with:
          sarif_file: ics_scan.sarif

Contributors (5)

@bhenderson-r7@simonirwin-r7@aRobinson-R7@fpedrini@bdodd-r7

Resources

insightCloudSec Scan is not certified by GitHub. It is provided by a third-party and is governed by separate terms of service, privacy policy, and support documentation.

About

Scans a cloudformation template and saves results to disk.
v2.0.1
Latest
By rapid7

Verified

GitHub has manually verified the creator of the action as an official partner organization. For more info see About badges in GitHub Marketplace.

Tags

 (2)
continuous-integrationsecurity

Contributors (5)

@bhenderson-r7@simonirwin-r7@aRobinson-R7@fpedrini@bdodd-r7

Resources

insightCloudSec Scan is not certified by GitHub. It is provided by a third-party and is governed by separate terms of service, privacy policy, and support documentation.