Repo Audit

latest-releasestarscontributorslicense

Overview

Repository | View on Marketplace

This action will audit every repository in an organization. It features automatic fetching of repositories, policies execution and reporting.

Reports are automatically uploaded for GitHub Advanced Security-enabled repositories as well as written to the disk to use with other tools.

Setup

- name: Audit
uses: reposaur/repo-audit-action@v0.1.0
with:
# Paths to policies or directory of policies (one path per line).
# Default: ${{ github.workspace }}
policy: ''
# Path to the output directory to where SARIF reports will be written.
# Default: ${{ github.workspace }}/.reposaur
output: ''
# Maximum amount of errors that Reposaur can encounter before
# aborting policy execution. If the value is 0, execution will never
# stop on errors.
# Default: 0
max-errors: ''
env:
# A GitHub Token that can list your organization's repositories
# and upload SARIF reports to Code Scanning.
GITHUB_TOKEN: ''

Example

Since this action is meant to run for the whole organization, we usually create a policy repository to hold both the workflow and our custom policies. See reposaur/policy for an example.

The example below will run on every push and everyday at 23h00 UTC and can also be triggered manually.

name: Audit
on:
push:
schedule:
- cron: 0 23 * * *
workflow_dispatch:
jobs:
audit:
name: Audit
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
with:
repository: reposaur/policy
- id: app-token
name: Authenticate
uses: getsentry/action-github-app-token@v1
with:
app_id: ${{ secrets.MY_SECURITY_APP_ID }}
private_key: ${{ secrets.MY_SECURITY_APP_PRIVATE_KEY }}
- name: Audit
uses: reposaur/repo-audit-action@main
env:
GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}