action.yaml

name: "Orca Security - IaC Security"
description: "Configures Orca CLI to run Infrastructure as Code security scans"
branding:
  icon: "shield"
  color: "green"
runs:
  using: "docker"
  image: "Dockerfile"
  env:
    WORKSPACE_PATH: $GITHUB_WORKSPACE

inputs:
  api_token:
    description: "Orca API Token used for Authentication"
    required: true
  exit_code:
    description: "Exit code for failed execution due to policy violations"
    required: false
  no_color:
    description: "Disable color output"
    required: false
    default: "false"
  project_key:
    description: "Project Key name"
    required: true
  silent:
    description: "Disable logs and warnings output"
    required: false
    default: "false"
  baseline_context_key:
    description: "Use this context key in case of no autodetect is configured on project"
    required: false
  disable_baseline:
    description: "Do not compare to baseline on this scan"
    required: false
    default: "false"
  sync_baseline:
    description: "Sync baseline base on this flag"
    required: false
  disable_err_report:
    description: "Suppress error reporting to the monitoring platform"
    required: false
    default: "false"
  path:
    description: "Paths or directories to scan (comma-separated)"
    required: true
  exclude_paths:
    description: "List of paths to be excluded from scan (comma-separated)"
    required: false
  cloud_provider:
    description: "Limit scan to the specified list of cloud providers (comma-separated)"
    required: false
  format:
    description: "Format for displaying the results"
    required: false
  output:
    description: "Output directory"
    required: false
  platform:
    description: "Limit scan to the specified list of platforms (comma-separated)"
    required: false
  exclude_platform:
    description: "Exclude the specified list of platforms from scan (comma-separated)"
    required: false
  control_timeout:
    description: "Number of seconds the control has to execute before being canceled"
    required: false
  ignore_failed_exec_controls:
    description: "Ignore any failures that happened while executing any of the controls"
    required: false
  timeout:
    description: 'Set the maximum duration for the CLI execution. valid time units ("s", "m", "h")'
    required: false
  preview_lines:
    description: "Number of lines to be display in CLI results"
    required: false
  show_failed_issues_only:
    description: "Show only failed issues in CLI results"
    required: false
    default: "false"
  console_output:
    description: "Prints results to console in the provided format (only when --output is provided)"
    required: false
  config:
    description: "Path to configuration file (json, yaml or toml)"
    required: false
  show_annotations:
    description: "Show github annotations on pull requests"
    required: false
    default: "true"
  custom_controls:
    description: "Paths to custom controls (comma-separated)"
    required: false
  generate_rego_input:
    description: "Generates a JSON file in the desired location, containing an internal representation of scanned files, which can be utilized as input for Rego policies"
    required: false
  terraform_vars_path:
    description: "Path where terraform variables are present"
    required: false
  include_compressed_files:
    description: "Include compressed files in scan"
    required: false
    default: "false"
  max_file_size:
    description: "Maximum file size to be scanned in MB. Bigger files will be skipped"
    required: false
  display_name:
    description: "Scan log display name (on Orca platform)"
    required: false

outputs:
    exit_code:
      description: "The status of the scan"