Merge pull request #17 from darryk10/darryk10-patch-2

Update README.md
falcosecurity · Nov 6, 2024 · a823ec8 · a823ec8
2 parents 5ce9d0b + 5a17d26
commit a823ec8
Show file tree

Hide file tree

Showing 2 changed files with 67 additions and 0 deletions.
diff --git a/.github/workflows/test-analyze-mode-report-customized.yaml b/.github/workflows/test-analyze-mode-report-customized.yaml
@@ -0,0 +1,53 @@
+on:
+  workflow_dispatch:
+
+name: Test Analyze Mode Custom Report
+
+jobs:
+  test-falco:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      actions: read
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v4
+
+    - name: Start Falco
+      uses: darryk10/falco-action/start@ddcff83af077b30af70f188ba7b5446c98041446
+      with:
+        mode: analyze
+        verbose: true
+
+    - name: Overwrite Source Code
+      shell: bash
+      run: |
+        echo "pwned" > ${{ github.workspace }}/pwn.txt
+    
+    - name: Read Sensitive File
+      run: |
+        sleep 3
+        docker run --rm --privileged ubuntu cat /etc/shadow
+        sleep 3
+
+    - name: Stop Falco
+      uses: darryk10/falco-action/stop@ddcff83af077b30af70f188ba7b5446c98041446
+      with:
+        mode: analyze
+        verbose: true
+
+  analyze:
+    runs-on: ubuntu-latest
+    needs: test-falco
+    permissions:
+      contents: read
+      actions: read
+    steps:
+    - name: Analyze
+      uses: darryk10/falco-action/analyze@ddcff83af077b30af70f188ba7b5446c98041446
+      with:
+        falco-version: '0.39.0'
+        extract-written-files: true
+        extract-chisels: true
+        extract-hashes: true
+
diff --git a/README.md b/README.md
@@ -102,6 +102,20 @@ jobs:
         falco-version: '0.39.0'
 ```
 
+### Report Customization
+The report produced by falco-action can be customized using the following inputs.
+
+| Option                 | Description              | Type    | Default | Required |
+|------------------------|--------------------------|---------|---------|----------|
+| `extract-connections`  | Extract connections      | boolean | true    | false    |
+| `extract-written-files`| Extract written files    | boolean | false   | false    |
+| `extract-processes`    | Extract processes        | boolean | true    | false    |
+| `extract-dns`          | Extract DNS              | boolean | true    | false    |
+| `extract-containers`   | Extract containers       | boolean | true    | false    |
+| `extract-chisels`      | Extract chisels          | boolean | false   | false    |
+| `extract-hashes`       | Extract hashes           | boolean | false   | false    |
+
+
 ### External Dependencies 
 Analyze mode currently supports two main external dependencies:
 - OpenAI - Using OpenAI you can generate an understanble summary report and customise it on your needs.