forked from rapid7/insightappsec-scan-github-actions
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathaction.yaml
39 lines (38 loc) · 1.31 KB
/
action.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
name: "Rapid7 InsightAppSec Scan"
description: >
The Rapid7 InsightAppSec Scan action allows application and security teams to embed DAST into build and release pipelines.
inputs:
region:
description: "The region indicates the geo-location of the Insight Platform"
required: true
default: "us"
api-key:
description: >
The API key used to authorized the GitHub action to interact with the Rapid7 API. The API key should be stored as
a GitHub secret
required: true
scan-config-id:
description: >
The UUID of the scan configuration to be used during scanning. The scan configuration should be a sub-resource of
the application and can be obtained from InsightAppSec
required: true
vuln-query:
description: >
Scan gating query
required: false
default: ""
wait-for-scan-complete:
description: >
Wait for scan to complete before finishing action. False will return the InsightAppSec Scan ID.
required: false
default: true
scan-timeout-mins:
description: >
The maximum amount of time (in minutes) the scan is allowed to run before canceling and failing the job.
required: false
outputs:
scan-findings:
description: "A raw JSON report containing all findings from a completed scan."
runs:
using: node12
main: dist/index.js