forked from microsoft/security-devops-action
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathaction.yml
32 lines (32 loc) · 1.21 KB
/
action.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
name: 'security-devops-action'
description: 'Run security analyzers.'
author: 'Microsoft'
branding:
icon: 'shield'
color: 'black'
inputs:
command:
description: Deprecated, do not use.
config:
description: A file path to a .gdnconfig file.
policy:
description: The name of the well known policy to use. Defaults to GitHub.
default: GitHub
categories:
description: A comma separated list of analyzer categories to run. Values secrets, code, artifacts, IaC, containers. Example IaC,secrets. Defaults to all.
languages:
description: A comma separated list of languages to analyze. Example javascript, typescript. Defaults to all.
tools:
description: A comma separated list of analyzer to run. Example bandit, binskim, container-mapping, eslint, templateanalyzer, terrascan, trivy.
includeTools:
description: Deprecated
existingFilename:
description: A SARIF filename that already exists. If it does, then the normal run will not take place and the file will instead be uploaded to MSDO backend.
outputs:
sarifFile:
description: A file path to a SARIF results file.
runs:
using: 'node20'
main: 'lib/main.js'
pre: 'lib/pre.js'
post: 'lib/post.js'