Update federacy/scan-action to v0.1.5 and add Salus config

DopplerHQ · Aug 19, 2024 · 976a07e · 976a07e
1 parent 86f4080
commit 976a07e
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 1 deletion.
diff --git a/.github/workflows/salus.yaml b/.github/workflows/salus.yaml
@@ -15,7 +15,7 @@ jobs:
       run: ./hack/inject-nosec.sh
     - name: Salus Scan
       id: salus_scan
-      uses: federacy/scan-action@0.1.2
+      uses: federacy/scan-action@0.1.5
       with:
         report_uri: file://./salus-report.txt
         report_format: txt

diff --git a/salus-config.yaml b/salus-config.yaml
@@ -0,0 +1,28 @@
+# https://github.com/coinbase/salus/blob/master/docs/configuration.md
+
+# Used in the report to identify the project being scanned.
+project_name: Doppler Kubernetes Operator
+
+# Defines where to send Salus reports and in what format.
+reports:
+  - uri: file://salus-report.txt
+    format: txt
+
+# All scanners to execute, or the String value "all"/"none"
+active_scanners:
+  - Gosec
+  - PatternSearch
+  - RepoNotEmpty
+  - GoOSV
+  - GoVersionScanner
+  - GoPackageScanner
+  - ReportGoDep
+  - Trufflehog
+
+# All scanners that will exit non-zero if they fail, or the String value "all"/"none"
+enforced_scanners: "all"
+
+scanner_configs:
+  GoVersionScanner:
+    error:
+      min_version: '1.22.0'