You're viewing an older version of this GitHub Action. Do you want to see the latest version instead?
GitHub Action
Bearer Action
v0.3
Run Curio as a GitHub Action.
steps:
- uses: actions/checkout@v3
- uses: bearer/[email protected]
steps:
- uses: actions/checkout@v3
- name: Curio
uses: bearer/[email protected]
with:
config-file: '/some/path/curio.yml'
only-rule: 'ruby_lang_cookies,ruby_lang_http_post_insecure_with_data'
skip-path: 'users/*.go,users/admin.sql'
name: Curio
on:
push:
branches:
- main
permissions:
contents: read
jobs:
rule_check:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Run Report
id: report
uses: bearer/[email protected]
- id: summary
name: Display Summary
uses: actions/github-script@v6
with:
script: |
// github does not support multiline outputs so report is encoded
const report = decodeURIComponent(`${{ steps.report.outputs.rule_breaches }}`);
const passed = `${{ steps.report.outputs.exit_code }}` == "0";
if(!passed){ core.setFailed(report); }
you can see this workflow in action on our demo repo
Optional Curio configuration file path
Optional Specify the comma-separated IDs of the rules to run; skips all other rules.
Optional Specify the comma-separated IDs of the rules to skip; runs all other rules.
Optional Specify the comma-separated paths to skip. Supports wildcard syntax, e.g. users/*.go,users/admin.sql
Optional Specify which severities are included in the report as a comma separated string, e.g. critical,medium
Details of any rule breaches that occur. This is URL encoded to work round GitHub issues with multiline outputs.
Exit code of the curio binary, 0 indicates a pass