diff --git a/.github/workflows/salus.yaml b/.github/workflows/salus.yaml index a8af62f..fa07721 100644 --- a/.github/workflows/salus.yaml +++ b/.github/workflows/salus.yaml @@ -15,7 +15,9 @@ jobs: run: ./hack/inject-nosec.sh - name: Salus Scan id: salus_scan - uses: federacy/scan-action@0.1.2 + uses: federacy/scan-action@0.1.5 + env: + SALUS_CONFIGURATION: "file://salus-config.yaml" with: report_uri: file://./salus-report.txt report_format: txt diff --git a/salus-config.yaml b/salus-config.yaml new file mode 100644 index 0000000..c366522 --- /dev/null +++ b/salus-config.yaml @@ -0,0 +1,28 @@ +# https://github.com/coinbase/salus/blob/master/docs/configuration.md + +# Used in the report to identify the project being scanned. +project_name: Doppler-Kubernetes-Operator + +# Defines where to send Salus reports and in what format. +reports: + - uri: file://salus-report.txt + format: txt + +# All scanners to execute, or the String value "all"/"none" +active_scanners: + - Gosec + - PatternSearch + - RepoNotEmpty + - GoOSV + - GoVersionScanner + - GoPackageScanner + - ReportGoDep + - Trufflehog + +# All scanners that will exit non-zero if they fail, or the String value "all"/"none" +enforced_scanners: "all" + +scanner_configs: + GoVersionScanner: + error: + min_version: '1.22.0'