GitHub Actions

Pre-Requirements

XEIZE Token

XEIZE_TOKEN 토큰을 발급 받아야 Github Actions에 적용이 가능합니다.

XEIZE_TOKEN 토큰이 없을 시 경우 담당자 및 [email protected]로 문의를 하시길 바랍니다.

GitHub Action 권한 설정

GitHub Actions을 통해 comment를 달기위해 아래와 같은 권한이 필요합니다. (예제를 참고하여 추가하시길 바랍니다.)

checks: write
contents: read
pull-requests: write

예제

SAST 적용

name: XEIZE SAST Workflow

on:
  pull_request:
jobs:
  sast:
    name: xez-sast
    runs-on: ubuntu-latest
    permissions:
      checks: write
      contents: read
      pull-requests: write
    env:
      XEIZE_GITHUB_API_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      XEIZE_TOKEN: ${{ secrets.XEIZE_TOKEN }}
    steps:
      - name: Checkout code
        uses: actions/checkout@v3

      - name: Run XEZ SAST
        run: |
          curl -L -o xez_ci "https://download.xeize.dev/ci/ci_linux_x64" -H "X-XEZ-TOKEN: $XEIZE_TOKEN" && chmod +x xez_ci
          ./xez_ci

Secret 적용

name: XEIZE SECRET Workflow

on:
  pull_request:
jobs:
  secret:
    name: xez-secret
    runs-on: ubuntu-latest
    permissions:
      checks: write
      contents: read
      pull-requests: write
    env:
      XEIZE_GITHUB_API_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      XEIZE_TOKEN: ${{ secrets.XEIZE_TOKEN }}
      MODE: secret
    steps:
      - name: Checkout code
        uses: actions/checkout@v3

      - name: Run XEZ Secret
        run: |
          curl -L -o xez_ci "https://download.xeize.dev/ci/ci_linux_x64" -H "X-XEZ-TOKEN: $XEIZE_TOKEN" && chmod +x xez_ci
          ./xez_ci

IaC 적용

name: XEIZE IaC Workflow

on:
  pull_request:
jobs:
  iac:
    name: xez-iac
    runs-on: ubuntu-latest
    permissions:
      checks: write
      contents: read
      pull-requests: write
    env:
      XEIZE_GITHUB_API_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      XEIZE_TOKEN: ${{ secrets.XEIZE_TOKEN }}
      MODE: iac
    steps:
      - name: Checkout code
        uses: actions/checkout@v3

      - name: Run XEZ IaC
        run: |
          curl -L -o xez_ci "https://download.xeize.dev/ci/ci_linux_x64" -H "X-XEZ-TOKEN: $XEIZE_TOKEN" && chmod +x xez_ci
          ./xez_ci

LEVEL 설정을 통한 Merge Block

name: XEIZE Workflow

on:
  pull_request:
jobs:
  sast:
    name: xez-sast
    runs-on: ubuntu-latest
    permissions:
      checks: write
      contents: read
      pull-requests: write
    env:
      XEIZE_GITHUB_API_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      XEIZE_TOKEN: ${{ secrets.XEIZE_TOKEN }}
      LEVEL: high
    steps:
      - name: Checkout code
        uses: actions/checkout@v3

      - name: Run XEZ SAST
        run: |
          curl -L -o xez_ci "https://download.xeize.dev/ci/ci_linux_x64" -H "X-XEZ-TOKEN: $XEIZE_TOKEN" && chmod +x xez_ci
          ./xez_ci

AUDIT LEVEL 설정을 통한 취약점 필터

name: XEIZE Workflow

on:
  pull_request:
jobs:
  sast:
    name: xez-sast
    runs-on: ubuntu-latest
    permissions:
      checks: write
      contents: read
      pull-requests: write
    env:
      XEIZE_GITHUB_API_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      XEIZE_TOKEN: ${{ secrets.XEIZE_TOKEN }}
      AUDIT_LEVEL: low
    steps:
      - name: Checkout code
        uses: actions/checkout@v3

      - name: Run XEZ SAST
        run: |
          curl -L -o xez_ci "https://download.xeize.dev/ci/ci_linux_x64" -H "X-XEZ-TOKEN: $XEIZE_TOKEN" && chmod +x xez_ci
          ./xez_ci

PreviousCI/CD Next상세 가이드

Last updated 23 days ago