🚧 Pre-release: Active development. cicd-sensor-action is currently in pre-release and under active development. Feedback is very welcome.
GitHub Action for running cicd-sensor on a Linux GitHub Actions runner.
Published as cicd-sensor/cicd-sensor-action. See the GitHub-hosted runner guide for usage.
Project-local config and rules live under .cicd-sensor/:
repo
└── .cicd-sensor/
├── config.yaml
└── rules/
├── a.yaml
└── b.yaml
Use one or more YAML files under rules/.
Use config.yaml for project-local settings:
default_max_alerts_per_rule: 10
disable_baseline_rules: trueIf no project rules are present, baseline rules are still applied unless disabled in config.yaml.
| Name | Default | Description |
|---|---|---|
manager-url |
"" |
Optional cicd-sensor manager URL. |
manager-token |
"" |
Bearer token for the manager. Required when manager-url is set. |
enable-html-report |
true |
Upload the cicd-sensor-report HTML artifact. |
enable-attestation-artifact |
true |
Upload the cicd-sensor-attestation predicate artifact. |
enable-debug |
false |
Upload debug logs, Runtime Event Log output, and raw result data. |
socket-path |
/run/cicd-sensor/agent.sock |
Agent control socket path. |
| Name | Description |
|---|---|
attestation-artifact-id |
Artifact ID for cicd-sensor-attestation, or empty when disabled / failed. |
attestation-artifact-url |
Run-scoped URL for cicd-sensor-attestation, or empty when disabled / failed. |
See docs/development.md.