codethreat-appsec-github-action/action.yml at master · CodeThreat/codethreat-appsec-github-action · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
name: 'CodeThreat Security Scan'
description: 'Run CodeThreat security analysis and upload results to GitHub Security tab'
author: 'CodeThreat'
branding:
  icon: 'shield'
  color: 'purple'

inputs:
  # Authentication
  api-key:
    description: 'CodeThreat API key'
    required: true
  server-url:
    description: 'CodeThreat server URL'
    required: true
  organization-slug:
    description: 'CodeThreat organization slug (required - found in organization settings)'
    required: true

  # Repository configuration
  repository-url:
    description: 'Repository URL to scan (defaults to current repository)'
    required: false
    default: ${{ github.repositoryUrl }}
  branch:
    description: 'Branch to scan'
    required: false
    default: ${{ github.ref_name }}

  # Scan configuration
  wait-for-completion:
    description: 'Wait for scan completion before proceeding'
    required: false
    default: 'true'
  timeout:
    description: 'Scan timeout in seconds (default: 43200 = 12 hours)'
    required: false
    default: '43200'
  poll-interval:
    description: 'Status polling interval in seconds'
    required: false
    default: '30'

  # Output configuration
  output-format:
    description: 'Output format (json, sarif, csv, xml, junit)'
    required: false
    default: 'sarif'
  output-file:
    description: 'Output file name'
    required: false
    default: 'codethreat-results.sarif'
  upload-sarif:
    description: 'Automatically upload SARIF to GitHub Security tab'
    required: false
    default: 'true'

  # CI/CD behavior
  fail-on-critical:
    description: 'Fail the build if critical vulnerabilities are found'
    required: false
    default: 'false'
  fail-on-high:
    description: 'Fail the build if high severity vulnerabilities are found'
    required: false
    default: 'false'
  max-violations:
    description: 'Maximum number of violations before failing (0 = no limit)'
    required: false
    default: '0'

  # Advanced options
  skip-import:
    description: 'Skip repository import if already imported'
    required: false
    default: 'true'
  verbose:
    description: 'Enable verbose logging'
    required: false
    default: 'false'
  github-token:
    description: 'GitHub token for SARIF upload (pass secrets.GITHUB_TOKEN)'
    required: false

outputs:
  scan-id:
    description: 'ID of the completed scan'
  repository-id:
    description: 'ID of the imported repository'
  results-file:
    description: 'Path to the results file'
  violation-count:
    description: 'Total number of violations found'
  critical-count:
    description: 'Number of critical violations'
  high-count:
    description: 'Number of high severity violations'
  medium-count:
    description: 'Number of medium severity violations'
  low-count:
    description: 'Number of low severity violations'
  security-score:
    description: 'Security score (0-100)'
  scan-duration:
    description: 'Scan duration in seconds'
  scan-url:
    description: 'URL to view scan results in CodeThreat dashboard'

runs:
  using: 'node20'
  main: 'dist/index.js'