Iacsec sysdig assessment #73

	name: IaC Sec checks performed with Checkov

	permissions: read-all

	on:
	pull_request:
	types: [opened, reopened, synchronize, edited]





	jobs:
	IaC_Sec_Checkov_Scan:
	permissions: read-all


	name: 'Checkov IaC Sec Scan'
	runs-on: ubuntu-latest
	defaults:
	run:
	shell: bash

	steps:
	- uses: actions/checkout@v3


	- name: Check if pull request is opened/reopened
	id: pr_status
	uses: octokit/[email protected]
	with:
	route: GET /repos/RunCor399/Terraform-IaCSec/pulls/${{ github.event.number }}
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

	- name: Checkov GitHub Action
	uses: bridgecrewio/checkov-action@v12
	with:
	download_external_modules: true
	#if: ${{ steps.pr_status.outputs.data.state == 'open' \|\| steps.pr_status.outputs.data.state == 'reopened' }}

	with:
Check failure on line 42 in .github/workflows/IaC_Sec_checks.yml View workflow run for this annotation GitHub Actions / IaC Sec checks performed with Checkov Invalid workflow file `The workflow is not valid. .github/workflows/IaC_Sec_checks.yml (Line: 42, Col: 9): 'with' is already defined`
	#check: 'LOW,MEDIUM,HIGH,CRITICAL'
	output_format: cli,sarif
	output_file_path: console,results.sarif

	- name: Upload SARIF file
	uses: github/codeql-action/upload-sarif@v2

	if: success() \|\| failure()
	with:
	sarif_file: results.sarif
	ref: "refs/pull/${{ github.event.pull_request.number }}/merge"
	sha: ${{ github.event.pull_request.head.sha }}

Provide feedback