-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathaction.yaml
123 lines (122 loc) · 4 KB
/
action.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
name: 'Spark 1 n0s1'
description: 'Scan Project Management platforms (e.g. Jira, Linear) for secret leaks with n0s1'
author: 'Spark 1'
inputs:
scan-target:
description: 'Scan target platform to use for scanning secret leaks'
required: true
default: 'jira_scan'
user-email:
description: 'User email for target platform login'
required: false
password-key:
description: 'User password or API key'
required: true
default: ''
platform-url:
description: 'Your Jira instance URL'
required: false
default: ''
post-comment:
description: 'Add a comment alerting about the leak to the ticket with the sensitive data'
required: false
default: ''
skip-comment:
description: 'Do not search for sensitive data at the tickets comment'
required: false
default: ''
regex-file:
description: 'Path to a custom regex configuration file'
required: false
default: ''
config-file:
description: 'Path to a custom scanning configuration file'
required: false
default: ''
report-file:
description: 'Path to output file'
required: false
default: ''
secret-manager:
description: 'Secret manager tool name to be suggested when leaks are found.'
required: false
default: ''
contact-help:
description: 'Contact information for assistance when leaks are detected'
required: false
default: ''
label:
description: 'Unique identifier to be added to the comments so that the n0s1 bot can recognize if the leak has been previously flagged'
required: false
default: ''
show-matched-secret-on-logs:
description: 'By default, only a sanitized version of the leak is shown on logs. This flag makes the actual leaked secret to be displayed on logs. Be extra careful when enabling this flag because you might make the leak worst by sending sensitive info to logs'
required: false
default: ''
debug:
description: 'Debug mode. Warning it may further expose sensitive data'
required: false
default: ''
report-format :
description: 'Output report format. Supported formats: n0s1, SARIF, gitlab'
required: false
default: ''
timeout:
description: 'HTTP request timeout in seconds'
required: false
default: ''
limit:
description: 'The limit of the number of pages to return per HTTP request'
required: false
default: ''
insecure:
description: 'Insecure mode. Ignore SSL certificate verification'
required: false
default: ''
map:
description: 'Enable mapping mode and define how many levels for the mapping'
required: false
default: ''
map-file:
description: 'Path to map file (e.g. n0s1_map.json). Use it for customizing the scope of the scan'
required: false
default: ''
scope:
description: 'Define a chunk of the map file to be scanned. Ex: 3/4 (will scan the third quarter of the map)'
required: false
default: ''
owner:
description: 'GitHub owner (e.g. user or organization)'
required: false
default: ''
repo:
description: 'GitHub repository to be scanned. If omitted all accessible repos under the owner will be scanned'
required: false
default: ''
runs:
using: 'docker'
image: "Dockerfile"
args:
- '-a ${{ inputs.scan-target }}'
- '-b ${{ inputs.user-email }}'
- '-c ${{ inputs.password-key }}'
- '-d ${{ inputs.platform-url }}'
- '-e ${{ inputs.post-comment }}'
- '-f ${{ inputs.skip-comment }}'
- '-g ${{ inputs.regex-file }}'
- '-h ${{ inputs.config-file }}'
- '-i ${{ inputs.report-file }}'
- '-j ${{ inputs.secret-manager }}'
- '-k ${{ inputs.contact-help }}'
- '-l ${{ inputs.label }}'
- '-m ${{ inputs.show-matched-secret-on-logs }}'
- '-n ${{ inputs.debug }}'
- '-o ${{ inputs.report-format }}'
- '-p ${{ inputs.timeout }}'
- '-q ${{ inputs.limit }}'
- '-r ${{ inputs.insecure }}'
- '-s ${{ inputs.map }}'
- '-t ${{ inputs.map-file }}'
- '-u ${{ inputs.scope }}'
- '-v ${{ inputs.owner }}'
- '-w ${{ inputs.repo }}'