-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathaudit-config.yaml.sample
More file actions
84 lines (71 loc) · 2.68 KB
/
Copy pathaudit-config.yaml.sample
File metadata and controls
84 lines (71 loc) · 2.68 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
# pipeaudit configuration
#
# Copy this file to audit-config.yaml and fill in your values.
# Token is read from the GH_AUDIT_TOKEN environment variable (not stored here).
# GitHub organization to audit (required)
org: accuknox
# Output file path for the JSON report (default: stdout when set to "-")
output: report.json
# HTML report output path (optional, omit to skip HTML generation)
# html_output: report.html
# SARIF v2.1.0 report output path (optional, omit to skip SARIF generation)
# sarif_output: report.sarif
# CIS GitHub Benchmark v1.2.0 report in kube-bench JSON format (optional, GitHub only)
# cis_output: cis-report.json
# Log file path (optional, captures all repos scanned/skipped with details)
# log_file: audit.log
# Include archived repositories (default: false)
include_archived: false
# Include forked repositories (default: false)
include_forks: false
# Only scan repos updated (pushed to) within the last N months (optional, omit to scan all)
# updated_within_months: 3
# Skip identity/access audit (org members, teams, collaborators) (default: false)
skip_identity: false
# Verbosity level: 0 = warnings only, 1 = info, 2 = debug (default: 0)
verbosity: 0
# Specific repos to audit (optional, overrides org-wide scan).
# If omitted, all repos in the org are scanned on their default branch.
# Each entry can specify an optional branch; if omitted, the default branch is used.
#
# Supports regex patterns with `regex: true`:
# - repo: frontend-.* # matches all repos starting with "frontend-"
# regex: true
# - repo: .*-service # matches all repos ending with "-service"
# regex: true
# branch: release-.* # also regex-match branch names
#
# repos:
# - repo: my-org/frontend
# branch: main
# - repo: my-org/backend
# branch: develop
# - repo: my-org/infra
# - repo: ".*-microservice"
# regex: true
# -------------------------------------------------------------------
# GitLab configuration example
# -------------------------------------------------------------------
# To audit GitLab, set platform: gitlab and provide your group path.
# Token is read from GL_AUDIT_TOKEN or GITLAB_TOKEN environment variables.
#
# platform: gitlab
# org: my-gitlab-group # top-level group path
#
# # Self-hosted GitLab (optional, defaults to https://gitlab.com/api/v4)
# # base_url: https://gitlab.example.com/api/v4
#
# # Sub-groups to audit (optional)
# # groups:
# # - sub-group-a
# # - sub-group-b
#
# # Specific projects to audit (optional, overrides group-wide scan)
# # repos:
# # - my-group/project-a
# # - my-group/project-b
#
# skip_identity: false
# skip_group_settings: false
# skip_pipeline_security: false
# include_archived: false