Codefresh Steps: Reusable Code for Common Operations
This page provides code you can use to perform common operations in the Codefresh CI/CD platform.
checkmarx/kics checkmarx/kics
Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx
arguments
steps:
clone:
title: Clone a project
type: git-clone
repo: rafaela-soares/query
git: github
run_kics:
title: Scanning IaC files
type: checkmarx/kics
arguments:
PROJECT_PATH: ./query
QUERIES_PATH: ./query/alb_listening_on_http
EXCLUDE_PATHS: ./query/alb_listening_on_http/test/negative.yaml
TYPES: Ansible
steps:
run_kics:
title: Scanning IaC files
type: checkmarx/kics
arguments:
PROJECT_PATH: 'git::https://github.com/rafaela-soares/query'
EXCLUDE_RESULTS: >-
ad70b3786c9bc9cc17d9b413772c0930c22f7b7cc749bc9a7c27533a29de5287,2669fd966f36e8bac8901297b895cc894791f2ef9a036e3beab357fb20e95cff
TYPES: Ansible
VERBOSE: true
steps:
run_kics:
title: Scanning IaC files
type: checkmarx/kics
arguments:
PROJECT_PATH: 'git::https://github.com/rafaela-soares/query'
TYPES: Ansible
EXCLUDE_CATEGORIES: Networking and Firewall
steps:
clone:
title: Clone a project
type: git-clone
repo: rafaela-soares/secrets
git: github
run_kics:
title: Scanning IaC files
type: checkmarx/kics
arguments:
PROJECT_PATH: ./secrets/passwords_and_secrets/test/positive1.yaml
SECRETS_REGEXES_PATH: ./secrets/passwords_and_secrets/regex_rules.json
steps:
clone:
title: Clone a project
type: git-clone
repo: rafaela-soares/query
git: github
run_kics:
title: Scanning IaC files With KICS
type: checkmarx/kics
arguments:
PROJECT_PATH: ./query
QUERIES_PATH: ./query/alb_listening_on_http
OUTPUT_PATH: /codefresh/volume/query/reports
OUTPUT_FORMATS: all
VERBOSE: true
EXCLUDE_PATHS: ./query/alb_listening_on_http/test/negative.yaml
TYPES: Ansible
LOG_LEVEL: DEBUG
PAYLOAD_PATH: /codefresh/volume/query/payload.json
IGNORE_ON_EXIT: results
save_reports_and_payload:
title: Saving KICS payload and KICS reports
type: git-commit
arguments:
repo: rafaela-soares/query
git: github
working_directory: /codefresh/volume/query
commit_message: saved payload and reports
git_user_name: git-user-name
git_user_email: git-user@email.com
allow_empty: false
add:
- payload.json
- ./reports
save_reports_in_s3_bucket:
title: Saving KICS reports
image: amazon/aws-cli
working_directory: /codefresh/volume/query
commands:
- mkdir ~/.aws
- touch ~/.aws/config
- chmod 600 ~/.aws/config
- 'echo "[default]" > ~/.aws/config'
- 'echo "aws_access_key_id=${AWS_ACCESS_KEY_ID}" >> ~/.aws/config'
- 'echo "aws_secret_access_key=${AWS_SECRET_ACCESS_KEY}" >> ~/.aws/config'
- 'echo "aws_session_token=${AWS_SESSION_TOKEN}" >> ~/.aws/config'
- 'echo "region=${AWS_REGION}" >> ~/.aws/config'
- 'aws s3 cp ./reports s3://${{BUCKET_NAME}}/ --recursive'