-
Notifications
You must be signed in to change notification settings - Fork 0
46 lines (40 loc) · 1.17 KB
/
checkov.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
name: Checkov Scan and Upload to S3
on:
push:
branches:
- main
jobs:
checkov_scan:
runs-on: ubuntu-latest
steps:
- name: Checkout Code
uses: actions/checkout@v2
- name: Install Dependencies
run: |
sudo apt-get install python3-pip -y
sudo pip3 install checkov awscli awscli_plugin_endpoint
- name: Setup AWS CLI
run: |
mkdir $HOME/.aws
cat << EOF > $HOME/.aws/config
[plugins]
endpoint = awscli_plugin_endpoint
[default]
region = fr-par
s3 =
endpoint_url = https://s3.fr-par.scw.cloud
s3api =
endpoint_url = https://s3.fr-par.scw.cloud
EOF
cat << EOF > $HOME/.aws/credentials
[default]
aws_access_key_id = ${{ secrets.ACCESS_KEY_ID_SCALEWAY }}
aws_secret_access_key = ${{ secrets.SECRET_ACCESS_KEY_SCALEWAY }}
EOF
- name: Run Checkov
run: |
checkov -d . > results.txt || exit 0
- name: Upload Results to S3
run: |
TIMESTAMP=$(TZ=":Europe/Paris" date '+%d_%m_%Y_%H_%M_%S')
aws s3 cp results.txt s3://${{ secrets.BUCKETNAME }}/checkov_$TIMESTAMP.txt