From 32f401a27b05845bf6bb1ccb2f4fba762e071724 Mon Sep 17 00:00:00 2001 From: "jit-ci[bot]" <91912817+jit-ci[bot]@users.noreply.github.com> Date: Sun, 28 May 2023 08:16:19 +0000 Subject: [PATCH] Sync with plan --- .github/workflows/jit-security.yml | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/.github/workflows/jit-security.yml b/.github/workflows/jit-security.yml index a287849..5006087 100644 --- a/.github/workflows/jit-security.yml +++ b/.github/workflows/jit-security.yml @@ -1,5 +1,5 @@ name: Workflows generated by the MVS plan -'on': +on: workflow_dispatch: inputs: client_payload: @@ -15,9 +15,13 @@ jobs: with: docker_user: jit-bot docker_password: ${{fromJSON(github.event.inputs.client_payload).payload.container_registry_token}} + security_control: ghcr.io/jitsecurity-controls/control-enrichment-slim:latest security_control_args: --path \${WORK_DIR:-.} + dispatch_type: workflow + context: ${{toJSON(fromJSON(github.event.inputs.client_payload).context)}} + runner_setup: ${{toJSON(fromJSON(github.event.inputs.client_payload).context.job.runner.setup)}} secret-detection: if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'secret-detection' @@ -28,7 +32,10 @@ jobs: with: docker_user: jit-bot docker_password: ${{fromJSON(github.event.inputs.client_payload).payload.container_registry_token}} + security_control: ghcr.io/jitsecurity-controls/control-gitleaks-alpine:latest security_control_args: detect --config \$GITLEAKS_CONFIG_FILE_PATH --source \${WORK_DIR:-.} -v --report-format json --report-path \$REPORT_FILE --redact --no-git --exit-code 0 security_control_output_file: /tmp/report.json - dispatch_type: workflow \ No newline at end of file + dispatch_type: workflow + context: ${{toJSON(fromJSON(github.event.inputs.client_payload).context)}} + runner_setup: ${{toJSON(fromJSON(github.event.inputs.client_payload).context.job.runner.setup)}}