Skip to content

Commit

Permalink
Create zscaler-iac-scan.yml
Browse files Browse the repository at this point in the history
Signed-off-by: ҉αkα x⠠⠵ <32862241+4k4xs4pH1r3@users.noreply.github.com>
  • Loading branch information
4k4xs4pH1r3 authored Jan 31, 2024
1 parent 9e37fe8 commit 9b15eff
Showing 1 changed file with 56 additions and 0 deletions.
56 changes: 56 additions & 0 deletions .github/workflows/zscaler-iac-scan.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
#This workflow uses actions that are not certified by GitHub.
#They are provided by a third party and are governed by
#separate terms of service, privacy policy, and support
#documentation.

#This workflow runs the Zscaler Infrastructure as Code (IaC) Scan app,
#which detects security misconfigurations in IaC templates and publishes the findings
#under the code scanning alerts section within the repository.

#Log into the Zscaler Posture Control(ZPC) Portal to begin the onboarding process.
#Copy the client ID and client secret key generated during the onboarding process and configure.
#GitHub secrets (ZSCANNER_CLIENT_ID, ZSCANNER_CLIENT_SECRET).

#Refer https://github.com/marketplace/actions/zscaler-iac-scan for additional details on setting up this workflow.
#Any issues with this workflow, please raise it on https://github.com/ZscalerCWP/Zscaler-IaC-Action/issues for further investigation.

name: Zscaler IaC Scan
on:
push:
branches: [ "master" ]
pull_request:
branches: [ "master" ]
schedule:
- cron: '26 13 * * 1'

permissions:
contents: read

jobs:
zscaler-iac-scan:
permissions:
contents: read # for actions/checkout to fetch code
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
runs-on: ubuntu-latest
steps:
- name : Code Checkout
uses: actions/checkout@v3
- name : Zscaler IAC Scan
uses : ZscalerCWP/Zscaler-IaC-Action@8d2afb33b10b4bd50e2dc2c932b37c6e70ac1087
id : zscaler-iac-scan
with:
client_id : ${{ secrets.ZSCANNER_CLIENT_ID }}
client_secret : ${{ secrets.ZSCANNER_CLIENT_SECRET }}
#This is the user region specified during the onboarding process within the ZPC Admin Portal.
region : 'US'
iac_dir : #Enter the IaC directory path from root.
iac_file : #Enter the IaC file path from root.
output_format : #(Optional) By default, the output is provided in a human readable format. However, if you require a different format, you can specify it here.
#To fail the build based on policy violations identified in the IaC templates, set the input value (fail_build) to true.
fail_build : #Enter true/false
#Ensure that the following step is included in order to post the scan results under the code scanning alerts section within the repository.
- name: Upload SARIF file
if: ${{ success() || failure() && (steps.zscaler-iac-scan.outputs.sarif_file_path != '') }}
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: ${{ steps.zscaler-iac-scan.sarif_file_path }}

0 comments on commit 9b15eff

Please sign in to comment.