Skip to content
shield

GitHub Action

Repo Audit Action

v0.1.0 Latest version

Repo Audit Action

shield

Repo Audit Action

Audit your organization's repositories using Reposaur

Installation

Copy and paste the following snippet into your .yml file.

 
              
- name: Repo Audit Action

              
  uses: reposaur/repo-audit-action@v0.1.0
Learn more about this action in reposaur/repo-audit-action

Choose a version

Repo Audit

A GitHub Action to audit all your organization's repositories using Reposaur.

Features

  • Automatically audit every repository in a GitHub Organization
  • Write custom policies using the Rego language
  • Get reports in the Code Scanning alerts dashboard of your repository and organization (only available for public repositories or with GitHub Advanced Security enabled)

Usage

- name: Audit
  uses: reposaur/repo-audit-action@main
  with:
    # Paths to policies or directory of policies (one path per line).
    # Default: ${{ github.workspace }}
    policy: ''

    # Path to the output directory to where SARIF reports will be written.
    # Default: ${{ github.workspace }}/.reposaur
    output: ''

    # Maximum amount of errors that Reposaur can encounter before
    # aborting policy execution. If the value is 0, execution will never
    # stop on errors.
    # Default: 0
    max-errors: ''
  env:
    # A GitHub Token that can list your organization's repositories
    # and upload SARIF reports to Code Scanning.
    GITHUB_TOKEN: ''

Example

Since this action is meant to run for the whole organization, we usually create a policy repository to hold both the workflow and our custom policies. See reposaur/policy for an example.

The example below will run on every push and everyday at 23h00 UTC. Alternatively, it can also be triggered manually.

name: Audit

on:
  push:
  schedule:
    - cron: 0 23 * * *
  workflow_dispatch:

jobs:
  audit:
    name: Audit
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v3
        with:
          repository: reposaur/policy

      - id: app-token
        name: Authenticate
        uses: getsentry/action-github-app-token@v1
        with:
          app_id: ${{ secrets.MY_SECURITY_APP_ID }}
          private_key: ${{ secrets.MY_SECURITY_APP_PRIVATE_KEY }}

      - name: Audit
        uses: reposaur/repo-audit-action@main
        env:
          GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}

Contributing

We appreciate every contribution, thanks for considering it!

License

This project is released under the MIT License.