This repository shows how KICS GitHub Action can be set and was fully inspired by the documentation on KICS GitHub Actions Marketplace tutorial.
-
To check how the action was set, go to .github/workflows/kics-scan=action.yml file.
- You will see simple example of how to use KICS features in your GitHub Actions Pipeline.
-
To check results examples, go to Actions tab and select a workflow that is finished.
- You will see multiples failures! This is intended to generate outputs so you can check how KICS create Annotations and upload reports as Artifacts to be downloaded.
-
Finally, go to the Security tab on Code scanning alerts section and see how KICS uses sarif reports to generate scanning issues.