From 5247bed2c0725dff97fa386ab36d852afcc0c208 Mon Sep 17 00:00:00 2001 From: nitumore Date: Wed, 11 May 2022 14:23:33 +0530 Subject: [PATCH 01/48] Upgrading cli to latest 1.0.35 --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 94f8a8c..fa19b30 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,7 +5,7 @@ FROM alpine:3.13 COPY entrypoint.sh /entrypoint.sh RUN apk update && apk add --upgrade --no-cache ca-certificates curl jq && \ - curl -s https://downloads.accurics.com/cli/1.0.4/accurics_linux -o /usr/bin/accurics && \ + curl -s https://downloads.accurics.com/cli/1.0.35/accurics_linux -o /usr/bin/accurics && \ chmod 755 /entrypoint.sh /usr/bin/accurics # Code file to execute when the docker container starts up (`entrypoint.sh`) From f0cdfdf9ff37a2d611c1e698727398ddb2ac5d64 Mon Sep 17 00:00:00 2001 From: nitumore Date: Wed, 11 May 2022 20:49:56 +0530 Subject: [PATCH 02/48] added config file to test if it works --- entrypoint.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/entrypoint.sh b/entrypoint.sh index 403e370..f8d8644 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -47,7 +47,7 @@ install_terraform() { run_accurics() { local params=$1 local plan_args=$2 - + touch config accurics init # Run accurics plan From d1074addcc039f250424723cb3ffc21233b1e384 Mon Sep 17 00:00:00 2001 From: nitumore Date: Thu, 12 May 2022 10:13:33 +0530 Subject: [PATCH 03/48] added terrascan --- Dockerfile | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/Dockerfile b/Dockerfile index fa19b30..fe52a64 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,9 +4,17 @@ FROM alpine:3.13 # Copies your code file from your action repository to the filesystem path `/` of the container COPY entrypoint.sh /entrypoint.sh +TERRASCAN_VERSION=1.15.0 + RUN apk update && apk add --upgrade --no-cache ca-certificates curl jq && \ curl -s https://downloads.accurics.com/cli/1.0.35/accurics_linux -o /usr/bin/accurics && \ chmod 755 /entrypoint.sh /usr/bin/accurics + +RUN curl --location https://github.com/accurics/terrascan/releases/download/v${TERRASCAN_VERSION}/terrascan_${TERRASCAN_VERSION}_Linux_x86_64.tar.gz && \ + tar xvfz terrascan.tar.gz && \ + rm -f terrascan.tar.gz && \ + mv terrascan /usr/bin/ + # Code file to execute when the docker container starts up (`entrypoint.sh`) ENTRYPOINT ["/entrypoint.sh"] From f9fbe3591549b1990ead88eebbc5f080fdc36cf4 Mon Sep 17 00:00:00 2001 From: nitumore Date: Thu, 12 May 2022 10:49:42 +0530 Subject: [PATCH 04/48] Ship terrascan latest --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index fe52a64..ae02de3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,13 +4,13 @@ FROM alpine:3.13 # Copies your code file from your action repository to the filesystem path `/` of the container COPY entrypoint.sh /entrypoint.sh -TERRASCAN_VERSION=1.15.0 +ARG TERRASCAN_VERSION=1.15.0 RUN apk update && apk add --upgrade --no-cache ca-certificates curl jq && \ curl -s https://downloads.accurics.com/cli/1.0.35/accurics_linux -o /usr/bin/accurics && \ chmod 755 /entrypoint.sh /usr/bin/accurics -RUN curl --location https://github.com/accurics/terrascan/releases/download/v${TERRASCAN_VERSION}/terrascan_${TERRASCAN_VERSION}_Linux_x86_64.tar.gz && \ +RUN curl --location https://github.com/accurics/terrascan/releases/download/v${TERRASCAN_VERSION}/terrascan_${TERRASCAN_VERSION}_Linux_x86_64.tar.gz -o terrascan.tar.gz && \ tar xvfz terrascan.tar.gz && \ rm -f terrascan.tar.gz && \ mv terrascan /usr/bin/ From dd2a317299dc4140ac896921ce28c1bd7f836bce Mon Sep 17 00:00:00 2001 From: nitumore Date: Thu, 12 May 2022 10:58:03 +0530 Subject: [PATCH 05/48] Update entrypoint.sh --- entrypoint.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/entrypoint.sh b/entrypoint.sh index f8d8644..f602c53 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -48,6 +48,7 @@ run_accurics() { local params=$1 local plan_args=$2 touch config + terrascan version accurics init # Run accurics plan From f7bedd62c916daf2f85155ad2c983dc7601f276f Mon Sep 17 00:00:00 2001 From: nitumore Date: Thu, 12 May 2022 11:07:51 +0530 Subject: [PATCH 06/48] debug --- Dockerfile | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index ae02de3..a0dc7a4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -13,7 +13,9 @@ RUN apk update && apk add --upgrade --no-cache ca-certificates curl jq && \ RUN curl --location https://github.com/accurics/terrascan/releases/download/v${TERRASCAN_VERSION}/terrascan_${TERRASCAN_VERSION}_Linux_x86_64.tar.gz -o terrascan.tar.gz && \ tar xvfz terrascan.tar.gz && \ rm -f terrascan.tar.gz && \ - mv terrascan /usr/bin/ + mv terrascan /usr/bin/ && \ + terrascan version + # Code file to execute when the docker container starts up (`entrypoint.sh`) From d73c27e232cc6d6bfa33aca2d27b77515af41b93 Mon Sep 17 00:00:00 2001 From: nitumore Date: Thu, 12 May 2022 12:15:10 +0530 Subject: [PATCH 07/48] added scan support --- entrypoint.sh | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/entrypoint.sh b/entrypoint.sh index f602c53..8ba37c9 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -25,6 +25,7 @@ process_args() { export ACCURICS_ENV_ID=$INPUT_ENV_ID export ACCURICS_APP_ID=$INPUT_APP_ID export ACCURICS_REPO_NAME=$INPUT_REPO_NAME + export ACCURICS_SCAN_MODE=$INPUT_SCAN_MODE } install_terraform() { @@ -50,9 +51,14 @@ run_accurics() { touch config terrascan version accurics init - + runMode="plan" + + if [ "$ACCURICS_SCAN_MODE" = "scan" ] + then + runMode="scan" + fi # Run accurics plan - accurics plan $params $plan_args + accurics $runMode $params $plan_args ACCURICS_PLAN_ERR=$? } From e843551ad6a484db35b80897620c9a797d8f59c2 Mon Sep 17 00:00:00 2001 From: nitumore Date: Thu, 12 May 2022 12:29:41 +0530 Subject: [PATCH 08/48] Update entrypoint.sh --- entrypoint.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/entrypoint.sh b/entrypoint.sh index 8ba37c9..c21f140 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -14,6 +14,7 @@ process_args() { INPUT_URL=$8 INPUT_FAIL_ON_VIOLATIONS=$9 INPUT_FAIL_ON_ALL_ERRORS=$10 + INPUT_SCAN_MODE=$11 # If all config parameters are specified, use the config params passed in instead of the config file checked into the repository [ "$INPUT_ENV_ID" = "" ] && echo "Error: The env-id parameter is required and not set." && exit 1 @@ -107,7 +108,7 @@ process_output() { INPUT_DEBUG_MODE=$1 [ "$INPUT_DEBUG_MODE" = "true" ] && set -x -process_args "$1" "$2" "$3" "$4" "$5" "$6" "$7" "$8" "$9" "$10" +process_args "$1" "$2" "$3" "$4" "$5" "$6" "$7" "$8" "$9" "$10" "$11" install_terraform $INPUT_TERRAFORM_VERSION From ceaff33ba8805c6045167c094866f7ec3d0917df Mon Sep 17 00:00:00 2001 From: nitumore Date: Thu, 12 May 2022 12:58:33 +0530 Subject: [PATCH 09/48] debug added --- entrypoint.sh | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/entrypoint.sh b/entrypoint.sh index c21f140..98e4811 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -51,15 +51,20 @@ run_accurics() { local plan_args=$2 touch config terrascan version - accurics init + runMode="plan" if [ "$ACCURICS_SCAN_MODE" = "scan" ] then + echo "running scan mode" runMode="scan" + else + echo "running plan mode" + accurics init fi - # Run accurics plan + # Run accurics plan accurics $runMode $params $plan_args + ACCURICS_PLAN_ERR=$? } From d9922bdd6fa6c3896c75de1df7136d8d78ffac96 Mon Sep 17 00:00:00 2001 From: nitumore Date: Thu, 12 May 2022 13:03:54 +0530 Subject: [PATCH 10/48] added valid mode --- action.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/action.yml b/action.yml index 5f4235f..38c344a 100644 --- a/action.yml +++ b/action.yml @@ -45,6 +45,10 @@ inputs: description: 'Allows Accurics to fail the build when any errors are encountered (default=true)' required: false default: true + scan-mode: + description: 'Allows Accurics to switch to terrascan based analysis' + required: false + default: "plan" outputs: env-name: description: 'Environment Name' From 71d1196b8e395cd7adb81403fd77f77891613b4e Mon Sep 17 00:00:00 2001 From: nitumore Date: Thu, 12 May 2022 13:08:56 +0530 Subject: [PATCH 11/48] added link of input --- action.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/action.yml b/action.yml index 38c344a..d890ba5 100644 --- a/action.yml +++ b/action.yml @@ -90,4 +90,5 @@ runs: - ${{ inputs.url }} - ${{ inputs.fail-on-violations }} - ${{ inputs.fail-on-all-errors }} + - ${{ inputs.scan-mode }} From 191205584cba40065a1233aaf1dd22e088e95a22 Mon Sep 17 00:00:00 2001 From: nitumore Date: Thu, 12 May 2022 13:13:32 +0530 Subject: [PATCH 12/48] remove env var --- entrypoint.sh | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/entrypoint.sh b/entrypoint.sh index 98e4811..1922630 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -26,7 +26,6 @@ process_args() { export ACCURICS_ENV_ID=$INPUT_ENV_ID export ACCURICS_APP_ID=$INPUT_APP_ID export ACCURICS_REPO_NAME=$INPUT_REPO_NAME - export ACCURICS_SCAN_MODE=$INPUT_SCAN_MODE } install_terraform() { @@ -54,7 +53,7 @@ run_accurics() { runMode="plan" - if [ "$ACCURICS_SCAN_MODE" = "scan" ] + if [ "$INPUT_SCAN_MODE" = "scan" ] then echo "running scan mode" runMode="scan" From 82add9673ccb9b7ae5d980eb3dc876356b8f7297 Mon Sep 17 00:00:00 2001 From: nitumore Date: Thu, 12 May 2022 13:42:33 +0530 Subject: [PATCH 13/48] fix syntax --- entrypoint.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/entrypoint.sh b/entrypoint.sh index 1922630..f180b4e 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -53,7 +53,7 @@ run_accurics() { runMode="plan" - if [ "$INPUT_SCAN_MODE" = "scan" ] + if [ "$INPUT_SCAN_MODE" == "scan" ] then echo "running scan mode" runMode="scan" From fcb2bc09fed97837b85bac1443d20d92ea806718 Mon Sep 17 00:00:00 2001 From: nitumore Date: Thu, 12 May 2022 15:09:43 +0530 Subject: [PATCH 14/48] syntax fix --- entrypoint.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/entrypoint.sh b/entrypoint.sh index f180b4e..8ad2d85 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -53,7 +53,7 @@ run_accurics() { runMode="plan" - if [ "$INPUT_SCAN_MODE" == "scan" ] + if [ $INPUT_SCAN_MODE == "scan" ] then echo "running scan mode" runMode="scan" From 635f065a63d1010bbecbb1b3043bea68cebab3d2 Mon Sep 17 00:00:00 2001 From: Harshit Omar Date: Thu, 12 May 2022 15:19:03 +0530 Subject: [PATCH 15/48] syntax fixes --- entrypoint.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/entrypoint.sh b/entrypoint.sh index 8ad2d85..7cd73c6 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -51,9 +51,9 @@ run_accurics() { touch config terrascan version - runMode="plan" + local runMode="plan" - if [ $INPUT_SCAN_MODE == "scan" ] + if [ "$INPUT_SCAN_MODE" = "scan" ] then echo "running scan mode" runMode="scan" From ddd17c62b38fc8889bf71605832de99acb25d1ff Mon Sep 17 00:00:00 2001 From: Harshit Omar Date: Thu, 12 May 2022 15:23:10 +0530 Subject: [PATCH 16/48] syntax --- entrypoint.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/entrypoint.sh b/entrypoint.sh index 7cd73c6..4d91d07 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -53,7 +53,7 @@ run_accurics() { local runMode="plan" - if [ "$INPUT_SCAN_MODE" = "scan" ] + if [[ "$INPUT_SCAN_MODE" = "scan" ]] then echo "running scan mode" runMode="scan" From 1d526e5f2e652d6f69ade81354df087f28bbb395 Mon Sep 17 00:00:00 2001 From: nitumore Date: Thu, 12 May 2022 15:33:24 +0530 Subject: [PATCH 17/48] Update entrypoint.sh --- entrypoint.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/entrypoint.sh b/entrypoint.sh index 4d91d07..3b2b35c 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -52,9 +52,10 @@ run_accurics() { terrascan version local runMode="plan" + echo "twelve-"$11 + echo "INPUT_SCAN_MODE-"$INPUT_SCAN_MODE - if [[ "$INPUT_SCAN_MODE" = "scan" ]] - then + if [ "$INPUT_SCAN_MODE" = "scan" ]; then echo "running scan mode" runMode="scan" else From 43438ec26cb0ef24b69ab3b7e1e3fc94fbaa8eaa Mon Sep 17 00:00:00 2001 From: Harshit Omar Date: Thu, 12 May 2022 15:40:33 +0530 Subject: [PATCH 18/48] shell reading args properly --- entrypoint.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/entrypoint.sh b/entrypoint.sh index 3b2b35c..2dc384d 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -13,8 +13,8 @@ process_args() { INPUT_REPO_NAME=$7 INPUT_URL=$8 INPUT_FAIL_ON_VIOLATIONS=$9 - INPUT_FAIL_ON_ALL_ERRORS=$10 - INPUT_SCAN_MODE=$11 + INPUT_FAIL_ON_ALL_ERRORS=${10} + INPUT_SCAN_MODE=${11} # If all config parameters are specified, use the config params passed in instead of the config file checked into the repository [ "$INPUT_ENV_ID" = "" ] && echo "Error: The env-id parameter is required and not set." && exit 1 @@ -52,7 +52,7 @@ run_accurics() { terrascan version local runMode="plan" - echo "twelve-"$11 + echo "twelve-"${11} echo "INPUT_SCAN_MODE-"$INPUT_SCAN_MODE if [ "$INPUT_SCAN_MODE" = "scan" ]; then @@ -113,7 +113,7 @@ process_output() { INPUT_DEBUG_MODE=$1 [ "$INPUT_DEBUG_MODE" = "true" ] && set -x -process_args "$1" "$2" "$3" "$4" "$5" "$6" "$7" "$8" "$9" "$10" "$11" +process_args "$1" "$2" "$3" "$4" "$5" "$6" "$7" "$8" "$9" "${10}" "${11}" install_terraform $INPUT_TERRAFORM_VERSION From 6469714f572fa9006993dddeb0b9fa7a45fec4fd Mon Sep 17 00:00:00 2001 From: Harshit Omar Date: Thu, 12 May 2022 15:43:51 +0530 Subject: [PATCH 19/48] removing echo statements --- entrypoint.sh | 2 -- 1 file changed, 2 deletions(-) diff --git a/entrypoint.sh b/entrypoint.sh index 2dc384d..583337a 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -52,8 +52,6 @@ run_accurics() { terrascan version local runMode="plan" - echo "twelve-"${11} - echo "INPUT_SCAN_MODE-"$INPUT_SCAN_MODE if [ "$INPUT_SCAN_MODE" = "scan" ]; then echo "running scan mode" From 118a4fa183243d7c30b1f4fe906cce8288cee821 Mon Sep 17 00:00:00 2001 From: nitumore Date: Thu, 12 May 2022 17:13:12 +0530 Subject: [PATCH 20/48] updates cli version to 36 --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index a0dc7a4..3bc0f04 100644 --- a/Dockerfile +++ b/Dockerfile @@ -7,7 +7,7 @@ COPY entrypoint.sh /entrypoint.sh ARG TERRASCAN_VERSION=1.15.0 RUN apk update && apk add --upgrade --no-cache ca-certificates curl jq && \ - curl -s https://downloads.accurics.com/cli/1.0.35/accurics_linux -o /usr/bin/accurics && \ + curl -s https://downloads.accurics.com/cli/1.0.36/accurics_linux -o /usr/bin/accurics && \ chmod 755 /entrypoint.sh /usr/bin/accurics RUN curl --location https://github.com/accurics/terrascan/releases/download/v${TERRASCAN_VERSION}/terrascan_${TERRASCAN_VERSION}_Linux_x86_64.tar.gz -o terrascan.tar.gz && \ From 954f7cceba47424fe4cbb1dc25ca75ecacfcbfb1 Mon Sep 17 00:00:00 2001 From: nitumore Date: Thu, 12 May 2022 20:30:31 +0530 Subject: [PATCH 21/48] updated optional args --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index f937176..0ed26b1 100644 --- a/README.md +++ b/README.md @@ -47,6 +47,8 @@ The Accurics GitHub action runs as a Linux container, which means it accumulates | directories | A list of directories to scan within this repository separated by a space | ./ | | fail-on-violations | Allows the Accurics Action to fail the build when violations are found | true | | fail-on-all-errors | Allows the Accurics Action to fail the build when any errors are encountered | true | +| url | Allows the Accurics Action to point to different target endpoint of the product | https://app.accurics.com | + ### Notes - Variable values within the plan-args setting should be stripped of double-quote (") characters From c00a5be4e7a4023b100524d02eacbb4ab23d1bee Mon Sep 17 00:00:00 2001 From: nitumore Date: Sun, 15 May 2022 18:34:24 +0530 Subject: [PATCH 22/48] update help of url param --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 0ed26b1..d9eff6c 100644 --- a/README.md +++ b/README.md @@ -47,7 +47,7 @@ The Accurics GitHub action runs as a Linux container, which means it accumulates | directories | A list of directories to scan within this repository separated by a space | ./ | | fail-on-violations | Allows the Accurics Action to fail the build when violations are found | true | | fail-on-all-errors | Allows the Accurics Action to fail the build when any errors are encountered | true | -| url | Allows the Accurics Action to point to different target endpoint of the product | https://app.accurics.com | +| url | Allows the Accurics Action to point to different target endpoint of the product | https://app.accurics.com or https://cloud.tenable.com/cns| ### Notes @@ -140,6 +140,7 @@ This is the same configuration as before, but it now includes an extra build ste # Optional args plan-args: '-var myvar1=val1 -var myvar2=val2' fail-on-violations: false + url: https://cloud.tenable.com/cns - name: Display statistics run: ' echo "" From f4ee60f5b8a1d172c957b4fa980d55dcdb5eb1f8 Mon Sep 17 00:00:00 2001 From: nitumore Date: Sun, 15 May 2022 18:35:31 +0530 Subject: [PATCH 23/48] updated url with double quites --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index d9eff6c..c381ea2 100644 --- a/README.md +++ b/README.md @@ -140,7 +140,7 @@ This is the same configuration as before, but it now includes an extra build ste # Optional args plan-args: '-var myvar1=val1 -var myvar2=val2' fail-on-violations: false - url: https://cloud.tenable.com/cns + url: "https://cloud.tenable.com/cns" - name: Display statistics run: ' echo "" From c2d6f8128614043c6e81a6c171d7c796694aa7d0 Mon Sep 17 00:00:00 2001 From: nitumore Date: Sun, 15 May 2022 18:37:16 +0530 Subject: [PATCH 24/48] pipeline mode help added --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index c381ea2..aac5efe 100644 --- a/README.md +++ b/README.md @@ -47,7 +47,8 @@ The Accurics GitHub action runs as a Linux container, which means it accumulates | directories | A list of directories to scan within this repository separated by a space | ./ | | fail-on-violations | Allows the Accurics Action to fail the build when violations are found | true | | fail-on-all-errors | Allows the Accurics Action to fail the build when any errors are encountered | true | -| url | Allows the Accurics Action to point to different target endpoint of the product | https://app.accurics.com or https://cloud.tenable.com/cns| +| url | Allows the Accurics Action to point to different target endpoint of the product | https://app.accurics.com or https://cloud.tenable.com/cns| | https://app.accurics.com | +| pipeline | Allows the Accurics Action to choose mode as pipeline | false | ### Notes From f03e979df57a8bd02e90a590e58e5d22f8060e9e Mon Sep 17 00:00:00 2001 From: nitumore Date: Sun, 15 May 2022 18:44:40 +0530 Subject: [PATCH 25/48] added pipeline variable document --- action.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/action.yml b/action.yml index d890ba5..1992466 100644 --- a/action.yml +++ b/action.yml @@ -49,6 +49,10 @@ inputs: description: 'Allows Accurics to switch to terrascan based analysis' required: false default: "plan" + pipeline: + description: 'Allows Accurics to put data into pipeline tab in tenable.cs web consile values accepted(true/false)' + required: false + default: false outputs: env-name: description: 'Environment Name' From 4fcf55ae99d180746e73462a8bf0b92020122307 Mon Sep 17 00:00:00 2001 From: nitumore Date: Sun, 15 May 2022 18:48:38 +0530 Subject: [PATCH 26/48] updated code to support pipeline mode --- entrypoint.sh | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/entrypoint.sh b/entrypoint.sh index 583337a..d6fea05 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -15,6 +15,7 @@ process_args() { INPUT_FAIL_ON_VIOLATIONS=$9 INPUT_FAIL_ON_ALL_ERRORS=${10} INPUT_SCAN_MODE=${11} + INPUT_PIPELINE=${12} # If all config parameters are specified, use the config params passed in instead of the config file checked into the repository [ "$INPUT_ENV_ID" = "" ] && echo "Error: The env-id parameter is required and not set." && exit 1 @@ -52,6 +53,7 @@ run_accurics() { terrascan version local runMode="plan" + local pipeline_mode="" if [ "$INPUT_SCAN_MODE" = "scan" ]; then echo "running scan mode" @@ -60,8 +62,14 @@ run_accurics() { echo "running plan mode" accurics init fi + + if [ "$INPUT_PIPELINE" = true ]; then + echo "running pipeline mode" + pipeline_mode="-mode=pipeline" + fi + # Run accurics plan - accurics $runMode $params $plan_args + accurics $runMode $params $plan_args $pipeline_mode ACCURICS_PLAN_ERR=$? } From 382328abc55d1872936d99a7ded5a4800c34b652 Mon Sep 17 00:00:00 2001 From: nitumore Date: Sun, 15 May 2022 19:01:57 +0530 Subject: [PATCH 27/48] added support for pipeline mode --- entrypoint.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/entrypoint.sh b/entrypoint.sh index d6fea05..1f1f915 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -119,7 +119,7 @@ process_output() { INPUT_DEBUG_MODE=$1 [ "$INPUT_DEBUG_MODE" = "true" ] && set -x -process_args "$1" "$2" "$3" "$4" "$5" "$6" "$7" "$8" "$9" "${10}" "${11}" +process_args "$1" "$2" "$3" "$4" "$5" "$6" "$7" "$8" "$9" "${10}" "${11}" "${12}" install_terraform $INPUT_TERRAFORM_VERSION From a9738d51fc5c849ae71bfccb4151e4224de5e4ed Mon Sep 17 00:00:00 2001 From: nitumore Date: Sun, 15 May 2022 19:08:33 +0530 Subject: [PATCH 28/48] debug pipeline mode --- entrypoint.sh | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/entrypoint.sh b/entrypoint.sh index 1f1f915..3eb1b16 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -63,9 +63,16 @@ run_accurics() { accurics init fi - if [ "$INPUT_PIPELINE" = true ]; then + echo "ACCURICS_REPO_NAME"$ACCURICS_REPO_NAME + echo "ACCURICS_ENV_ID="$ACCURICS_ENV_ID + echo "ACCURICS_APP_ID="$ACCURICS_APP_ID + + if [ "$INPUT_PIPELINE" = "true" ]; then + echo "INPUT_PIPELINE="$INPUT_PIPELINE echo "running pipeline mode" pipeline_mode="-mode=pipeline" + else + echo "INPUT_PIPELINE="$INPUT_PIPELINE fi # Run accurics plan From 8779a8be2c42aa9be08c2db3dae7f76fe89cdf40 Mon Sep 17 00:00:00 2001 From: nitumore Date: Sun, 15 May 2022 19:55:47 +0530 Subject: [PATCH 29/48] added inputs.pipeline --- action.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/action.yml b/action.yml index 1992466..8cbbfe2 100644 --- a/action.yml +++ b/action.yml @@ -95,4 +95,5 @@ runs: - ${{ inputs.fail-on-violations }} - ${{ inputs.fail-on-all-errors }} - ${{ inputs.scan-mode }} + - ${{ inputs.pipeline }} From e2cb0e3079ca724f9df282f79e6aec0987fa6f92 Mon Sep 17 00:00:00 2001 From: nitumore Date: Sun, 15 May 2022 19:56:36 +0530 Subject: [PATCH 30/48] updated as per bool type --- entrypoint.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/entrypoint.sh b/entrypoint.sh index 3eb1b16..c48ccfc 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -67,7 +67,7 @@ run_accurics() { echo "ACCURICS_ENV_ID="$ACCURICS_ENV_ID echo "ACCURICS_APP_ID="$ACCURICS_APP_ID - if [ "$INPUT_PIPELINE" = "true" ]; then + if [ "$INPUT_PIPELINE" = true ]; then echo "INPUT_PIPELINE="$INPUT_PIPELINE echo "running pipeline mode" pipeline_mode="-mode=pipeline" From d9b2366a6433b813a43756e450b51514e1707d0d Mon Sep 17 00:00:00 2001 From: nitumore Date: Sun, 15 May 2022 20:08:08 +0530 Subject: [PATCH 31/48] test latest cli for args --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 3bc0f04..32d22e6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,9 +5,9 @@ FROM alpine:3.13 COPY entrypoint.sh /entrypoint.sh ARG TERRASCAN_VERSION=1.15.0 - +ARG CLI_VERSION=1.0.37 RUN apk update && apk add --upgrade --no-cache ca-certificates curl jq && \ - curl -s https://downloads.accurics.com/cli/1.0.36/accurics_linux -o /usr/bin/accurics && \ + curl -s https://downloads.accurics.com/dev/cli/{CLI_VERSION}/accurics_linux -o /usr/bin/accurics && \ chmod 755 /entrypoint.sh /usr/bin/accurics RUN curl --location https://github.com/accurics/terrascan/releases/download/v${TERRASCAN_VERSION}/terrascan_${TERRASCAN_VERSION}_Linux_x86_64.tar.gz -o terrascan.tar.gz && \ From 6c573aa52a9438d50f639a2a79995372ee12a60e Mon Sep 17 00:00:00 2001 From: nitumore Date: Sun, 15 May 2022 20:15:26 +0530 Subject: [PATCH 32/48] fixed link for 1.0.37 --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 32d22e6..3c7f812 100644 --- a/Dockerfile +++ b/Dockerfile @@ -7,7 +7,7 @@ COPY entrypoint.sh /entrypoint.sh ARG TERRASCAN_VERSION=1.15.0 ARG CLI_VERSION=1.0.37 RUN apk update && apk add --upgrade --no-cache ca-certificates curl jq && \ - curl -s https://downloads.accurics.com/dev/cli/{CLI_VERSION}/accurics_linux -o /usr/bin/accurics && \ + curl -s https://downloads.accurics.com/cli/dev/${CLI_VERSION}/accurics_linux -o /usr/bin/accurics && \ chmod 755 /entrypoint.sh /usr/bin/accurics RUN curl --location https://github.com/accurics/terrascan/releases/download/v${TERRASCAN_VERSION}/terrascan_${TERRASCAN_VERSION}_Linux_x86_64.tar.gz -o terrascan.tar.gz && \ From 9f87758c2eb55136d40610bb997aebe135821799 Mon Sep 17 00:00:00 2001 From: nitumore Date: Sun, 15 May 2022 21:19:14 +0530 Subject: [PATCH 33/48] setting repo_url --- entrypoint.sh | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/entrypoint.sh b/entrypoint.sh index c48ccfc..8708e96 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -27,6 +27,7 @@ process_args() { export ACCURICS_ENV_ID=$INPUT_ENV_ID export ACCURICS_APP_ID=$INPUT_APP_ID export ACCURICS_REPO_NAME=$INPUT_REPO_NAME + export REPO_URL=${{ github.repositoryUrl }} } install_terraform() { @@ -63,9 +64,6 @@ run_accurics() { accurics init fi - echo "ACCURICS_REPO_NAME"$ACCURICS_REPO_NAME - echo "ACCURICS_ENV_ID="$ACCURICS_ENV_ID - echo "ACCURICS_APP_ID="$ACCURICS_APP_ID if [ "$INPUT_PIPELINE" = true ]; then echo "INPUT_PIPELINE="$INPUT_PIPELINE From 5495b827b3a965bfe0a09e17ef2faadca396963e Mon Sep 17 00:00:00 2001 From: nitumore Date: Sun, 15 May 2022 21:22:43 +0530 Subject: [PATCH 34/48] reverting as context not available --- entrypoint.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/entrypoint.sh b/entrypoint.sh index 8708e96..7825f55 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -27,7 +27,6 @@ process_args() { export ACCURICS_ENV_ID=$INPUT_ENV_ID export ACCURICS_APP_ID=$INPUT_APP_ID export ACCURICS_REPO_NAME=$INPUT_REPO_NAME - export REPO_URL=${{ github.repositoryUrl }} } install_terraform() { From 55534bc28deb2d0bcf846204ae16ee98b84e83d1 Mon Sep 17 00:00:00 2001 From: nitumore Date: Sun, 15 May 2022 21:24:42 +0530 Subject: [PATCH 35/48] REPO_URL set in example --- example-workflow.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/example-workflow.yml b/example-workflow.yml index 83c5c87..34523f5 100644 --- a/example-workflow.yml +++ b/example-workflow.yml @@ -20,6 +20,7 @@ jobs: # Credentials are required by Terraform. They can be specified using any method that Terraform accepts AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + REPO_URL: ${{ github.repositoryUrl }} with: # A specific Terraform version can be chosen (default=latest) terraform-version: 0.14.7 From 4eb086fbaf7d99b9b1f67626cc54467d2002c141 Mon Sep 17 00:00:00 2001 From: nitumore Date: Sun, 15 May 2022 21:25:34 +0530 Subject: [PATCH 36/48] updated REPO_URL in example --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index aac5efe..34887cd 100644 --- a/README.md +++ b/README.md @@ -88,6 +88,7 @@ This example configures an Accurics Scan with a custom Terraform version and var # Required by Terraform AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + REPO_URL: ${{ github.repositoryUrl }} with: # Required by Accurics app-id: ${{ secrets.ACCURICS_APP_ID }} @@ -110,6 +111,7 @@ This example configures an Accurics Scan using the latest Terraform version, cus # Required by Terraform AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + REPO_URL: ${{ github.repositoryUrl }} with: # Required by Accurics app-id: ${{ secrets.ACCURICS_APP_ID }} @@ -133,6 +135,7 @@ This is the same configuration as before, but it now includes an extra build ste # Required by Terraform AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + REPO_URL: ${{ github.repositoryUrl }} with: # Required by Accurics app-id: ${{ secrets.ACCURICS_APP_ID }} From 4f74f0fa080bb448f5e960d0bfe6c9fbd845027a Mon Sep 17 00:00:00 2001 From: nitumore Date: Sun, 15 May 2022 21:28:47 +0530 Subject: [PATCH 37/48] updated default value --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 34887cd..f9ad8ef 100644 --- a/README.md +++ b/README.md @@ -47,7 +47,7 @@ The Accurics GitHub action runs as a Linux container, which means it accumulates | directories | A list of directories to scan within this repository separated by a space | ./ | | fail-on-violations | Allows the Accurics Action to fail the build when violations are found | true | | fail-on-all-errors | Allows the Accurics Action to fail the build when any errors are encountered | true | -| url | Allows the Accurics Action to point to different target endpoint of the product | https://app.accurics.com or https://cloud.tenable.com/cns| | https://app.accurics.com | +| url | Allows the Accurics Action to point to different target endpoint of the product https://app.accurics.com or https://cloud.tenable.com/cns | https://app.accurics.com | | pipeline | Allows the Accurics Action to choose mode as pipeline | false | From 2a56028f67423a49e6c715f90a962b4d8cebe0aa Mon Sep 17 00:00:00 2001 From: nitumore Date: Sun, 15 May 2022 21:31:58 +0530 Subject: [PATCH 38/48] plan scan documented --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index f9ad8ef..62d2d6d 100644 --- a/README.md +++ b/README.md @@ -47,6 +47,7 @@ The Accurics GitHub action runs as a Linux container, which means it accumulates | directories | A list of directories to scan within this repository separated by a space | ./ | | fail-on-violations | Allows the Accurics Action to fail the build when violations are found | true | | fail-on-all-errors | Allows the Accurics Action to fail the build when any errors are encountered | true | +| scan-mode | Allows the Accurics Action to use either terraform or terrascan for scanning(plan/scan) | plan | | url | Allows the Accurics Action to point to different target endpoint of the product https://app.accurics.com or https://cloud.tenable.com/cns | https://app.accurics.com | | pipeline | Allows the Accurics Action to choose mode as pipeline | false | From 24168667cb810c9d12ff1930ce3bbed8ac670421 Mon Sep 17 00:00:00 2001 From: nitumore Date: Mon, 16 May 2022 15:54:04 +0530 Subject: [PATCH 39/48] Update README.md --- README.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/README.md b/README.md index 62d2d6d..e1a0431 100644 --- a/README.md +++ b/README.md @@ -90,6 +90,8 @@ This example configures an Accurics Scan with a custom Terraform version and var AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} REPO_URL: ${{ github.repositoryUrl }} + GIT_BRANCH: ${{ github.ref_name }} + GIT_COMMIT: ${{ github.sha }} with: # Required by Accurics app-id: ${{ secrets.ACCURICS_APP_ID }} @@ -97,6 +99,7 @@ This example configures an Accurics Scan with a custom Terraform version and var # Optional args terraform-version: 0.14.7 plan-args: '-var myvar1=val1 -var myvar2=val2' + url: "https://cloud.tenable.com/cns" ``` ### Example 2: @@ -113,6 +116,8 @@ This example configures an Accurics Scan using the latest Terraform version, cus AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} REPO_URL: ${{ github.repositoryUrl }} + GIT_BRANCH: ${{ github.ref_name }} + GIT_COMMIT: ${{ github.sha }} with: # Required by Accurics app-id: ${{ secrets.ACCURICS_APP_ID }} @@ -121,6 +126,7 @@ This example configures an Accurics Scan using the latest Terraform version, cus # Optional args plan-args: '-var myvar1=val1 -var myvar2=val2' fail-on-violations: false + url: "https://cloud.tenable.com/cns" ``` ### Example 3: @@ -137,6 +143,8 @@ This is the same configuration as before, but it now includes an extra build ste AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} REPO_URL: ${{ github.repositoryUrl }} + GIT_BRANCH: ${{ github.ref_name }} + GIT_COMMIT: ${{ github.sha }} with: # Required by Accurics app-id: ${{ secrets.ACCURICS_APP_ID }} From fb60d3c7a4c1fc90bc90bd276c36c8eb9d0d221d Mon Sep 17 00:00:00 2001 From: nitumore Date: Mon, 16 May 2022 17:39:38 +0530 Subject: [PATCH 40/48] shipping git --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 3c7f812..cbf281c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -6,7 +6,7 @@ COPY entrypoint.sh /entrypoint.sh ARG TERRASCAN_VERSION=1.15.0 ARG CLI_VERSION=1.0.37 -RUN apk update && apk add --upgrade --no-cache ca-certificates curl jq && \ +RUN apk update && apk add --upgrade --no-cache ca-certificates curl jq git && \ curl -s https://downloads.accurics.com/cli/dev/${CLI_VERSION}/accurics_linux -o /usr/bin/accurics && \ chmod 755 /entrypoint.sh /usr/bin/accurics From 633c5d38cdd7856e021e171ebe332dd8d1758544 Mon Sep 17 00:00:00 2001 From: nitumore Date: Mon, 16 May 2022 17:59:34 +0530 Subject: [PATCH 41/48] updated default url --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index e1a0431..fa3130b 100644 --- a/README.md +++ b/README.md @@ -48,7 +48,7 @@ The Accurics GitHub action runs as a Linux container, which means it accumulates | fail-on-violations | Allows the Accurics Action to fail the build when violations are found | true | | fail-on-all-errors | Allows the Accurics Action to fail the build when any errors are encountered | true | | scan-mode | Allows the Accurics Action to use either terraform or terrascan for scanning(plan/scan) | plan | -| url | Allows the Accurics Action to point to different target endpoint of the product https://app.accurics.com or https://cloud.tenable.com/cns | https://app.accurics.com | +| url | Allows the Accurics Action to point to different target endpoint of the product e.g. https://cloud.tenable.com/cns | https://cloud.tenable.com/cns | | pipeline | Allows the Accurics Action to choose mode as pipeline | false | From b5d341bad99f97607d7e0ee60e034a8f8e249d60 Mon Sep 17 00:00:00 2001 From: nitumore Date: Mon, 16 May 2022 18:02:38 +0530 Subject: [PATCH 42/48] reverted to app.accurics.com for backward compatibility --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index fa3130b..412bd67 100644 --- a/README.md +++ b/README.md @@ -48,7 +48,7 @@ The Accurics GitHub action runs as a Linux container, which means it accumulates | fail-on-violations | Allows the Accurics Action to fail the build when violations are found | true | | fail-on-all-errors | Allows the Accurics Action to fail the build when any errors are encountered | true | | scan-mode | Allows the Accurics Action to use either terraform or terrascan for scanning(plan/scan) | plan | -| url | Allows the Accurics Action to point to different target endpoint of the product e.g. https://cloud.tenable.com/cns | https://cloud.tenable.com/cns | +| url | Allows the Accurics Action to point to different target endpoint of the product e.g. https://cloud.tenable.com/cns | https://app.accurics.com | | pipeline | Allows the Accurics Action to choose mode as pipeline | false | From 0b46dcb1e81ea34a66aaf976f4e0d9605378758f Mon Sep 17 00:00:00 2001 From: nitumore Date: Mon, 16 May 2022 18:03:36 +0530 Subject: [PATCH 43/48] removed drift fields --- README.md | 4 ---- 1 file changed, 4 deletions(-) diff --git a/README.md b/README.md index 412bd67..c39e8c0 100644 --- a/README.md +++ b/README.md @@ -66,10 +66,6 @@ The Accurics GitHub action runs as a Linux container, which means it accumulates | Medium-Severity Violations | $medium | | Low-Severity Violations | $low | | Native Resources | $native | -| Inherited Resources | $inherited | -| Drift | $drift | -| IaC Drift | $iacdrift | -| Cloud Drift | $clouddrift | | has-errors | $has_errors | ## Examples From 23da0cbbb1d5743578b5977079e395b941176bf6 Mon Sep 17 00:00:00 2001 From: nitumore Date: Mon, 16 May 2022 20:05:51 +0530 Subject: [PATCH 44/48] some changes --- README.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index c39e8c0..fdf0cbf 100644 --- a/README.md +++ b/README.md @@ -123,10 +123,12 @@ This example configures an Accurics Scan using the latest Terraform version, cus plan-args: '-var myvar1=val1 -var myvar2=val2' fail-on-violations: false url: "https://cloud.tenable.com/cns" + scan-mode: "plan" + pipeline: true ``` ### Example 3: -This is the same configuration as before, but it now includes an extra build step to display the output scan status. +This is the same configuration as before, but it now includes an extra build step to display the output scan status, also sets scan mode to terrascan scan. ```yaml steps: - name: Checkout @@ -150,6 +152,8 @@ This is the same configuration as before, but it now includes an extra build ste plan-args: '-var myvar1=val1 -var myvar2=val2' fail-on-violations: false url: "https://cloud.tenable.com/cns" + scan-mode: "scan" + pipeline: true - name: Display statistics run: ' echo "" From 9618bcdc2c8228db41df8ea5b09c73a78a5a35f5 Mon Sep 17 00:00:00 2001 From: nitumore Date: Mon, 16 May 2022 20:09:49 +0530 Subject: [PATCH 45/48] added one more example --- README.md | 67 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 67 insertions(+) diff --git a/README.md b/README.md index fdf0cbf..d030ee2 100644 --- a/README.md +++ b/README.md @@ -175,4 +175,71 @@ This is the same configuration as before, but it now includes an extra build ste echo "" ' ``` +### Example 4: This is the example to check number of violations and fail the build in case not satisfied. +```yaml + steps: + - run: touch config + - run: echo "🎉 The job was automatically triggered by a ${{ github.event_name }} event." + - run: echo "🐧 This job is now running on a ${{ runner.os }} server hosted by GitHub!" + - run: echo "🔎 The name of your branch is ${{ github.ref }} and your repository is ${{ github.repository }}." + - name: Check out repository code + uses: actions/checkout@v2 + - run: echo "💡 The ${{ github.repository }} repository has been cloned to the runner." + - run: echo "🖥️ The workflow is now ready to test your code on the runner." + - name: List files in the repository + run: | + ls ${{ github.workspace }} + - name: Get git branch + run: | + git branch + - name: Accurics + + uses: accurics/accurics-action@v2.25 + id: accurics + env: + # Required by Terraform + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + # REPO_URL: "https://github.com/nitumore/githubactiontfdemo.git" + REPO_URL: ${{ github.repositoryUrl }} + GIT_BRANCH: ${{ github.ref_name }} + GIT_COMMIT: ${{ github.sha }} + + with: + # Required by Accurics + app-id: ${{ secrets.ACCURICS_APP_ID }} + env-id: ${{ secrets.ACCURICS_ENV_ID }} + repo: "githubactionrepo" + url: "https://cloud.tenable.com/cns" + fail-on-violations: false + scan-mode: "scan" + pipeline: true + - name: Display statistics + run: ' + echo "" + echo "Environment Name : ${{ steps.accurics.outputs.env-name }}"; + echo "Repository : ${{ steps.accurics.outputs.repo }}"; + echo "Violation Count : ${{ steps.accurics.outputs.num-violations }}"; + echo "Resource Count : ${{ steps.accurics.outputs.num-resources }}"; + echo "" + echo "Native Resources : ${{ steps.accurics.outputs.native }}"; + echo "Inherited Resources : ${{ steps.accurics.outputs.inherited }}"; + echo "" + echo "High-Severity Violations : ${{ steps.accurics.outputs.high }}"; + echo "Medium-Severity Violations : ${{ steps.accurics.outputs.medium }}"; + echo "Low-Severity Violations : ${{ steps.accurics.outputs.low }}"; + echo "" + echo "Drift : ${{ steps.accurics.outputs.drift }}"; + echo "IaC Drift : ${{ steps.accurics.outputs.iacdrift }}"; + echo "Cloud Drift : ${{ steps.accurics.outputs.clouddrift }}"; + echo "" + ' + - name: Check Number Of violations + if: ${{ steps.accurics.outputs.num-violations > 10 }} + uses: actions/github-script@v3 + with: + script: | + core.setFailed('Coverage test below tolerance') + +``` From 0e82833943d80a2e0bb43e97af97e42c7cbf1f6a Mon Sep 17 00:00:00 2001 From: nitumore Date: Mon, 16 May 2022 20:17:38 +0530 Subject: [PATCH 46/48] removed comments --- README.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index d030ee2..8277872 100644 --- a/README.md +++ b/README.md @@ -200,7 +200,6 @@ This is the same configuration as before, but it now includes an extra build ste # Required by Terraform AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - # REPO_URL: "https://github.com/nitumore/githubactiontfdemo.git" REPO_URL: ${{ github.repositoryUrl }} GIT_BRANCH: ${{ github.ref_name }} GIT_COMMIT: ${{ github.sha }} @@ -209,11 +208,11 @@ This is the same configuration as before, but it now includes an extra build ste # Required by Accurics app-id: ${{ secrets.ACCURICS_APP_ID }} env-id: ${{ secrets.ACCURICS_ENV_ID }} - repo: "githubactionrepo" + repo: "your-repo-name-from-web-console" url: "https://cloud.tenable.com/cns" fail-on-violations: false scan-mode: "scan" - pipeline: true + pipeline: false - name: Display statistics run: ' echo "" From ade34a0db4a46d6dcbf6fa028266903576433f00 Mon Sep 17 00:00:00 2001 From: nitumore Date: Mon, 16 May 2022 20:28:15 +0530 Subject: [PATCH 47/48] plan updated --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 8277872..2152c2d 100644 --- a/README.md +++ b/README.md @@ -211,7 +211,7 @@ This is the same configuration as before, but it now includes an extra build ste repo: "your-repo-name-from-web-console" url: "https://cloud.tenable.com/cns" fail-on-violations: false - scan-mode: "scan" + scan-mode: "plan" pipeline: false - name: Display statistics run: ' From d5926d6e27cbdda3e6a1200a688ccd7700f775db Mon Sep 17 00:00:00 2001 From: nitumore Date: Mon, 16 May 2022 20:30:14 +0530 Subject: [PATCH 48/48] added cloud.tenable.com --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 2152c2d..b83da60 100644 --- a/README.md +++ b/README.md @@ -3,8 +3,8 @@ ## Description The Accurics GitHub action runs an Accurics scan against the IaC (Infrastructure-as-Code) files found within the applied repository. This action can be used to fail a pipeline build when violations or errors are found. -The scan results can be viewed in the pipeline results or in the Accurics Console itself at https://app.accurics.com - +The scan results can be viewed in the pipeline results or in the Accurics Console itself at https://cloud.tenable.com/cns or https://app.accurics.com + depending on url configured. See examples below. ## Setup