GitHub Actions Integration
Overview of Integrating GitHub Actions with InsightCloudSec IaC Scans
The InsightCloudSec Scan GitHub Action allows security and development teams to integrate infrastructure-as-code (IaC) security and compliance scans with their GitHub CI/CD pipelines. The Action is available at the GitHub Marketplace.
If you also use the GitHub Advanced Security (GHAS) module with the external Code Scanning feature, our bi-directional integration will publish the details of any ICS IaC scan findings back to GitHub in a SARIF format for consumption, which consolidates security alerts for developers in a central repository.
The following is an example of what our GitHub Action integration might look like:
on:
pull_request:
branches:
- master
- main
jobs:
ics-scan-and-upload:
name: insightCloudSec repository scan with Github Advanced Security
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Scan the repository
uses: rapid7/insightcloudsec-actions@v2
with:
api_key: ${{ secrets.ics_api_key }}
base_url: ${{ secrets.ics_base_url }}
config_name: AWS CIS Benchmark 1.4
# the following is optional but recommended to surface results to Github Advanced Security
- name: Upload the sarif report to Github Advanced Security
if: always()
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: ics_scan.sarif
Updated 10 months ago