# This workflow uses actions that are not certified by GitHub. # They are provided by a third-party and are governed by # separate terms of service, privacy policy, and support # documentation. name: Kubesec on: push: branches: [ main ] pull_request: # The branches below must be a subset of the branches above branches: [ main ] schedule: - cron: '31 22 * * 3' jobs: lint: name: Kubesec runs-on: ubuntu-20.04 permissions: actions: read contents: read security-events: write steps: - name: Checkout code uses: actions/checkout@v2 - name: Run kubesec scanner uses: controlplaneio/kubesec-action@43d0ddff5ffee89a6bb9f29b64cd865411137b14 with: input: file.yaml # specify configuration file to scan here format: template template: template/sarif.tpl output: kubesec-results.sarif exit-code: "0" - name: Upload Kubesec scan results to GitHub Security tab uses: github/codeql-action/upload-sarif@v1 with: sarif_file: kubesec-results.sarif