From c7ad4c19d12881166bee337a078ddeda7c2f4bac Mon Sep 17 00:00:00 2001
From: Akis Maziotis <a.maziotis@thebeat.co>
Date: Fri, 26 Nov 2021 16:20:24 +0200
Subject: [PATCH] Add security scanning template

---
 workflow-templates/security.properties.json | 12 +++++++++++
 workflow-templates/security.svg             |  1 +
 workflow-templates/security.yml             | 24 +++++++++++++++++++++
 3 files changed, 37 insertions(+)
 create mode 100644 workflow-templates/security.properties.json
 create mode 100644 workflow-templates/security.svg
 create mode 100644 workflow-templates/security.yml

diff --git a/workflow-templates/security.properties.json b/workflow-templates/security.properties.json
new file mode 100644
index 0000000..8d8bc92
--- /dev/null
+++ b/workflow-templates/security.properties.json
@@ -0,0 +1,12 @@
+{
+  "name": "Security scanning",
+  "description": "Keeping Infrastructure as Code Secure. Static code analysis for DockerFiles, Helm Charts, and Terraform IAC.",
+  "iconName": "security",
+  "categories": [
+      "Security",
+      "Scanning"
+  ],
+  "filePatterns": [
+      ".*"
+  ]
+}
diff --git a/workflow-templates/security.svg b/workflow-templates/security.svg
new file mode 100644
index 0000000..6550f47
--- /dev/null
+++ b/workflow-templates/security.svg
@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 64 64"><defs><linearGradient id="0" gradientUnits="userSpaceOnUse" y1="227.63" x2="0" y2="171.63"><stop stop-color="#2fae61"/><stop offset="1" stop-color="#4bdf88"/></linearGradient></defs><g transform="matrix(.92857 0 0 .92857-676.99-152.79)"><path d="m789.32 182.93c-.017-1.302-1.019-2.377-2.315-2.496-10.772-1.01-19.563-6.764-22.461-8.87-.606-.442-1.426-.442-2.032 0-2.893 2.106-11.683 7.863-22.456 8.87-1.296.119-2.293 1.194-2.315 2.496-.13 8.497 1.234 37.34 25.14 43.762.425.113.872.113 1.296 0 23.905-6.413 25.27-35.27 25.14-43.762" fill="url(#0)"/><path d="m773.85 193.97l-1.89-1.89c-.259-.259-.574-.389-.945-.389-.371 0-.686.13-.945.389l-9.116 9.13-4.085-4.099c-.259-.259-.574-.389-.945-.389-.371 0-.686.13-.945.389l-1.89 1.89c-.259.259-.389.574-.389.945 0 .37.13.686.389.945l5.03 5.03 1.89 1.89c.259.259.574.389.945.389.37 0 .685-.13.945-.389l1.89-1.89 10.06-10.06c.259-.259.389-.574.389-.945 0-.37-.13-.685-.389-.945" fill="#fff" fill-opacity=".851"/></g></svg>
\ No newline at end of file
diff --git a/workflow-templates/security.yml b/workflow-templates/security.yml
new file mode 100644
index 0000000..4df1f73
--- /dev/null
+++ b/workflow-templates/security.yml
@@ -0,0 +1,24 @@
+Name: Security scanning
+on:
+  pull_request:
+jobs:
+  security-scan:
+    runs-on: sre
+    name: security-checks
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v2
+      - name: Mkdir results-dir
+        run: mkdir -p results-dir
+      - name: Run Scan
+        uses: checkmarx/kics-action@v1.3
+        with:
+          path: '.'
+          fail_on: high
+          output_path: results-dir
+          output_formats: 'json'
+          token: ${{ secrets.GITHUB_TOKEN }}
+          enable_comments: true
+      - name: Display Scan results
+        run: |
+          jq -e '.' results-dir/results.json