name: Legitify Analyze
on:
workflow_dispatch:
schedule:
- cron: '0 11 * * 1-5'
jobs:
analyze:
runs-on: ubuntu-latest
steps:
- name: Legitify Action
uses: Legit-Labs/legitify@main
with:
github_token: ${{ secrets.PAT_FOR_LEGITIFY }}
ignore-policies: |
non_admins_can_create_public_repositories
requires_status_checks
Legitify Action
Strengthen the security of your GitHub repositories with automated analysis.
Legitify Analyze GitHub Action automates the process of analyzing your repositories for misconfigurations, security, and compliance issues. It helps identify and remediate issues across all GitHub assets with ease, improving the overall security posture of your source-code management.#
How to Provide GitHub Token
The github_token
input is required to authenticate the action with GitHub. It should be a Personal Access Token (PAT) stored in your repository secrets.
with:
github_token: ${{ secrets.PAT_FOR_LEGITIFY }}
How to Analyze Only the Current Repository
The analyze_self_only
input, when set to true
, limits the analysis to the repository from which the action is triggered.
with:
analyze_self_only: true
How to Specify Repositories for Analysis
The repositories
input allows you to specify a comma-separated list of repositories (in owner/repo
format) to be analyzed. If left empty, all accessible repositories will be analyzed.
with:
repositories: owner/repo1,owner/repo2
How to Set Legitify Base Version
The legitify_base_version
input sets the base version of Legitify to use. Non-breaking changes will be auto-updated.
with:
legitify_base_version: 1.0
How to Enable Scorecard Analysis
The scorecard
input allows you to enable the Scorecard tool as part of the Legitify analysis. Possible values are no
, yes
, or verbose
.
with:
scorecard: yes
How to Upload Results to GitHub Code Scanning
The upload_code_scanning
input determines whether the results of the analysis should be uploaded to GitHub Code Scanning. The default is true
.
with:
upload_code_scanning: true
How to Compile Legitify from Source
The compile_legitify
input, when set to true
, compiles Legitify from source using the specified legitify_base_version
.
with:
compile_legitify: true
How to Set Artifact Name for Private Repositories
The artifact_name
input defines the name of the artifact under which the analysis report will be saved if the repository is private.
with:
artifact_name: legitify-report
How to Ignore Specific Policies
The ignore-policies
input allows you to specify a list of policies (one per line) to ignore during the analysis.
with:
ignore-policies: |
non_admins_can_create_public_repositories
requires_status_checks
How to Pass Extra Arguments to Legitify
The extra
input provides additional command-line arguments for Legitify that are not covered by other inputs.
with:
extra: "--verbose"
Monitoring GitHub Actions Workflows
CICube is a GitHub Actions monitoring tool that provides you with detailed insights into your workflows to further optimize your CI/CD pipeline. With CICube, you will be able to track your workflow runs, understand where the bottlenecks are, and tease out the best from your build times. Go to cicube.io now and create a free account to better optimize your GitHub Actions workflows!