GitHub Actions Integration

Overview of Integrating GitHub Actions with InsightCloudSec IaC Scans

The InsightCloudSec Scan GitHub Action allows security and development teams to integrate infrastructure-as-code (IaC) security and compliance scans with their GitHub CI/CD pipelines. The Action is available at the GitHub Marketplace.

If you also use the GitHub Advanced Security (GHAS) module with the external Code Scanning feature, our bi-directional integration will publish the details of any ICS IaC scan findings back to GitHub in a SARIF format for consumption, which consolidates security alerts for developers in a central repository.

The following is an example of what our GitHub Action integration might look like:

      - master
      - main

    name: insightCloudSec repository scan with Github Advanced Security
    runs-on: ubuntu-latest
      - uses: actions/[email protected]
      - name: Scan the repository
        uses: rapid7/[email protected]
          api_key: ${{ secrets.ics_api_key }}
          base_url: ${{ secrets.ics_base_url }}
          config_name: AWS CIS Benchmark 1.4
      # the following is optional but recommended to surface results to Github Advanced Security
      - name: Upload the sarif report to Github Advanced Security
        if: always()
        uses: github/codeql-action/[email protected]
          sarif_file: ics_scan.sarif