From 89d61899feff2532182e0208a2dec0a1a35720dc Mon Sep 17 00:00:00 2001
From: Nic Manoogian <nic.manoogian@doppler.com>
Date: Mon, 19 Aug 2024 16:31:24 -0400
Subject: [PATCH] Update federacy/scan-action to v0.1.5 and add Salus config

---
 .github/workflows/salus.yaml |  4 +++-
 salus-config.yaml            | 28 ++++++++++++++++++++++++++++
 2 files changed, 31 insertions(+), 1 deletion(-)
 create mode 100644 salus-config.yaml

diff --git a/.github/workflows/salus.yaml b/.github/workflows/salus.yaml
index a8af62f..fa07721 100644
--- a/.github/workflows/salus.yaml
+++ b/.github/workflows/salus.yaml
@@ -15,7 +15,9 @@ jobs:
       run: ./hack/inject-nosec.sh
     - name: Salus Scan
       id: salus_scan
-      uses: federacy/scan-action@0.1.2
+      uses: federacy/scan-action@0.1.5
+      env:
+        SALUS_CONFIGURATION: "file://salus-config.yaml"
       with:
         report_uri: file://./salus-report.txt
         report_format: txt
diff --git a/salus-config.yaml b/salus-config.yaml
new file mode 100644
index 0000000..c366522
--- /dev/null
+++ b/salus-config.yaml
@@ -0,0 +1,28 @@
+# https://github.com/coinbase/salus/blob/master/docs/configuration.md
+
+# Used in the report to identify the project being scanned.
+project_name: Doppler-Kubernetes-Operator
+
+# Defines where to send Salus reports and in what format.
+reports:
+  - uri: file://salus-report.txt
+    format: txt
+
+# All scanners to execute, or the String value "all"/"none"
+active_scanners:
+  - Gosec
+  - PatternSearch
+  - RepoNotEmpty
+  - GoOSV
+  - GoVersionScanner
+  - GoPackageScanner
+  - ReportGoDep
+  - Trufflehog
+
+# All scanners that will exit non-zero if they fail, or the String value "all"/"none"
+enforced_scanners: "all"
+
+scanner_configs:
+  GoVersionScanner:
+    error:
+      min_version: '1.22.0'