ivuorinen/actions
1
0
Fork 0
mirror of https://github.com/ivuorinen/actions.git synced 2026-01-26 11:34:00 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
e740f9d89338a3f8114cadefe21516a975a684b1
actions/security-scan
History
renovate[bot] 61ebe619a8 chore(deps): update github/codeql-action action (v4.31.8 → v4.31.9) (#406) 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-12-22 07:38:46 +02:00
..
action.yml
chore(deps): update github/codeql-action action (v4.31.8 → v4.31.9) (#406)
2025-12-22 07:38:46 +02:00
README.md
feat: use our own actions in our workflows (#377)
2025-11-25 23:51:03 +02:00
rules.yml
feat: use our own actions in our workflows (#377)
2025-11-25 23:51:03 +02:00

README.md

ivuorinen/actions/security-scan

Security Scan

Description

Comprehensive security scanning for GitHub Actions including actionlint, Gitleaks (optional), and Trivy vulnerability scanning. Requires 'security-events: write' and 'contents: read' permissions in the workflow.

Inputs

name description required default
gitleaks-license

Gitleaks license key (required for Gitleaks scanning)

 false ""
gitleaks-config

Path to Gitleaks config file

 false .gitleaks.toml
trivy-severity

Severity levels to scan for (comma-separated)

 false CRITICAL,HIGH
trivy-scanners

Types of scanners to run (comma-separated)

 false vuln,config,secret
trivy-timeout

Timeout for Trivy scan

 false 10m
actionlint-enabled

Enable actionlint scanning

 false true
token

GitHub token for authentication

 false ""

Outputs

name description
has_trivy_results

Whether Trivy scan produced valid results
has_gitleaks_results

Whether Gitleaks scan produced valid results
total_issues

Total number of security issues found
critical_issues

Number of critical security issues found

Runs

This action is a composite action.

Usage

- uses: ivuorinen/actions/security-scan@main
  with:
    gitleaks-license:
    # Gitleaks license key (required for Gitleaks scanning)
    #
    # Required: false
    # Default: ""

    gitleaks-config:
    # Path to Gitleaks config file
    #
    # Required: false
    # Default: .gitleaks.toml

    trivy-severity:
    # Severity levels to scan for (comma-separated)
    #
    # Required: false
    # Default: CRITICAL,HIGH

    trivy-scanners:
    # Types of scanners to run (comma-separated)
    #
    # Required: false
    # Default: vuln,config,secret

    trivy-timeout:
    # Timeout for Trivy scan
    #
    # Required: false
    # Default: 10m

    actionlint-enabled:
    # Enable actionlint scanning
    #
    # Required: false
    # Default: true

    token:
    # GitHub token for authentication
    #
    # Required: false
    # Default: ""