Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 2 additions & 8 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -50,15 +50,8 @@ To upload results to the Security tab of your repo, run the `github/codeql-actio

## Advanced

To configure **Container Mapping** to send to **Microsoft Defender for DevOps**, include `container-mapping` as a tool:
```yaml
- uses: microsoft/security-devops-action@v1
id: msdo
with:
includeTools: container-mapping
Comment thread
sethRait marked this conversation as resolved.
```
To only run specific analyzers, use the `tools` command. This command is a comma-seperated list of tools to run. For example, to run only the `container-mapping` tool, configure this action as follows:

This will run all the analyzers defined by the configured or defaulted policy in addition to `container-mapping`. To only run this feature, define `container-mapping` as the only `tool` to run:
```yaml
- uses: microsoft/security-devops-action@v1
id: msdo
Expand All @@ -77,6 +70,7 @@ This will run all the analyzers defined by the configured or defaulted policy in
| [Template Analyzer](https://github.com/Azure/template-analyzer) | Infrastructure-as-code (IaC), ARM templates, Bicep files | [MIT License](https://github.com/Azure/template-analyzer/blob/main/LICENSE.txt) |
| [Terrascan](https://github.com/accurics/terrascan) | Infrastructure-as-code (IaC), Terraform (HCL2), Kubernetes (JSON/YAML), Helm v3, Kustomize, Dockerfiles, Cloudformation | [Apache License 2.0](https://github.com/accurics/terrascan/blob/master/LICENSE) |
| [Trivy](https://github.com/aquasecurity/trivy) | container images, file systems, and git repositories | [Apache License 2.0](https://github.com/aquasecurity/trivy/blob/main/LICENSE) |
| [container-mapping](https://learn.microsoft.com/en-us/azure/defender-for-cloud/container-image-mapping) | container images and registries (only available for DevOps security enabled CSPM plans) | [MIT License](https://github.com/microsoft/security-devops-action/blob/main/LICENSE) |

# More Information

Expand Down
10 changes: 2 additions & 8 deletions action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -6,13 +6,7 @@ branding:
color: 'black'
inputs:
command:
description: The command to run. Defaults to run.
default: all
options:
- all
- run
- pre-job
- post-job
description: Deprecated, do not use.
config:
description: A file path to a .gdnconfig file.
policy:
Expand All @@ -25,7 +19,7 @@ inputs:
tools:
description: A comma separated list of analyzer to run. Example bandit, binskim, container-mapping, eslint, templateanalyzer, terrascan, trivy.
includeTools:
description: A comma separated list of analyzers to run in addition to the default set defined by the policy. Limited to container-mapping
description: Deprecated
outputs:
sarifFile:
description: A file path to a SARIF results file.
Expand Down
131 changes: 0 additions & 131 deletions lib/index.js

This file was deleted.

22 changes: 19 additions & 3 deletions lib/main.js
Original file line number Diff line number Diff line change
Expand Up @@ -33,14 +33,30 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
};
Object.defineProperty(exports, "__esModule", { value: true });
const core = __importStar(require("@actions/core"));
const index_1 = require("./index");
const msdo_1 = require("./msdo");
const msdo_interface_1 = require("./msdo-interface");
const common = __importStar(require("@microsoft/security-devops-actions-toolkit/msdo-common"));
const msdo_helpers_1 = require("./msdo-helpers");
const runner = msdo_helpers_1.RunnerType.Main;
function runMain() {
return __awaiter(this, void 0, void 0, function* () {
yield (0, index_1.run)(runner);
if (shouldRunMain()) {
yield (0, msdo_interface_1.getExecutor)(msdo_1.MicrosoftSecurityDevOps).runMain();
}
else {
console.log("Scanning is not enabled. Skipping...");
}
});
}
runMain().catch(error => {
core.setFailed(error);
});
function shouldRunMain() {
let toolsString = core.getInput('tools');
if (!common.isNullOrWhiteSpace(toolsString)) {
let tools = toolsString.split(',');
if (tools.length == 1 && tools[0].trim() == msdo_helpers_1.Tools.ContainerMapping) {
return false;
}
}
return true;
}
9 changes: 1 addition & 8 deletions lib/msdo-helpers.js
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.writeToOutStream = exports.getEncodedContent = exports.encode = exports.Constants = exports.Tools = exports.CommandType = exports.RunnerType = exports.Inputs = void 0;
exports.writeToOutStream = exports.getEncodedContent = exports.encode = exports.Constants = exports.Tools = exports.RunnerType = exports.Inputs = void 0;
const os_1 = __importDefault(require("os"));
var Inputs;
(function (Inputs) {
Expand All @@ -21,13 +21,6 @@ var RunnerType;
RunnerType["Pre"] = "pre";
RunnerType["Post"] = "post";
})(RunnerType || (exports.RunnerType = RunnerType = {}));
var CommandType;
(function (CommandType) {
CommandType["All"] = "all";
CommandType["PreJob"] = "pre-job";
CommandType["PostJob"] = "post-job";
CommandType["Run"] = "run";
})(CommandType || (exports.CommandType = CommandType = {}));
var Tools;
(function (Tools) {
Tools["Bandit"] = "bandit";
Expand Down
5 changes: 5 additions & 0 deletions lib/msdo-interface.js
Original file line number Diff line number Diff line change
@@ -1,2 +1,7 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.getExecutor = void 0;
function getExecutor(runner) {
return new runner();
}
exports.getExecutor = getExecutor;
17 changes: 0 additions & 17 deletions lib/msdo.js
Original file line number Diff line number Diff line change
Expand Up @@ -104,23 +104,6 @@ class MicrosoftSecurityDevOps {
}
}
}
let includeToolsString = core.getInput('includeTools');
if (!common.isNullOrWhiteSpace(includeToolsString)) {
let includeTools = includeToolsString.split(',');
for (let i = 0; i < includeTools.length; i++) {
let includeTool = includeTools[i];
let toolTrimmed = includeTool.trim();
if (!common.isNullOrWhiteSpace(includeTool)
&& includeTool != msdo_helpers_1.Tools.ContainerMapping
&& includedTools.indexOf(toolTrimmed) == -1) {
if (includedTools.length == 0) {
args.push('--tool');
}
args.push(toolTrimmed);
includedTools.push(toolTrimmed);
}
}
}
args.push('--github');
yield client.run(args, 'microsoft/security-devops-action');
});
Expand Down
7 changes: 3 additions & 4 deletions lib/post.js
Original file line number Diff line number Diff line change
Expand Up @@ -33,12 +33,11 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
};
Object.defineProperty(exports, "__esModule", { value: true });
const core = __importStar(require("@actions/core"));
const index_1 = require("./index");
const msdo_helpers_1 = require("./msdo-helpers");
const runner = msdo_helpers_1.RunnerType.Post;
const container_mapping_1 = require("./container-mapping");
const msdo_interface_1 = require("./msdo-interface");
function runPost() {
return __awaiter(this, void 0, void 0, function* () {
yield (0, index_1.run)(runner);
yield (0, msdo_interface_1.getExecutor)(container_mapping_1.ContainerMapping).runPostJob();
});
}
runPost().catch((error) => {
Expand Down
7 changes: 3 additions & 4 deletions lib/pre.js
Original file line number Diff line number Diff line change
Expand Up @@ -33,12 +33,11 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
};
Object.defineProperty(exports, "__esModule", { value: true });
const core = __importStar(require("@actions/core"));
const index_1 = require("./index");
const msdo_helpers_1 = require("./msdo-helpers");
const runner = msdo_helpers_1.RunnerType.Pre;
const container_mapping_1 = require("./container-mapping");
const msdo_interface_1 = require("./msdo-interface");
function runPre() {
return __awaiter(this, void 0, void 0, function* () {
yield (0, index_1.run)(runner);
yield (0, msdo_interface_1.getExecutor)(container_mapping_1.ContainerMapping).runPreJob();
});
}
runPre().catch((error) => {
Expand Down
1 change: 0 additions & 1 deletion src/container-mapping.ts
Original file line number Diff line number Diff line change
@@ -1,4 +1,3 @@
import { CommandType, Constants, getEncodedContent, writeToOutStream } from "./msdo-helpers";
import { IMicrosoftSecurityDevOps } from "./msdo-interface";
import * as https from "https";
import * as core from '@actions/core';
Expand Down
Loading