From b3ef3e242d5818a547990198435af56b1946c5fc Mon Sep 17 00:00:00 2001
From: bryopsida <8363252+bryopsida@users.noreply.github.com>
Date: Fri, 24 Jun 2022 08:31:34 -0500
Subject: [PATCH] add kics scan

---
 .github/workflows/kics.yml | 33 +++++++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)
 create mode 100644 .github/workflows/kics.yml

diff --git a/.github/workflows/kics.yml b/.github/workflows/kics.yml
new file mode 100644
index 000000000..61f5e0542
--- /dev/null
+++ b/.github/workflows/kics.yml
@@ -0,0 +1,33 @@
+name: "KICS"
+on:
+  push:
+    branches: [ "master" ]
+  pull_request:
+  schedule:
+    - cron: '24 19 * * 3'
+jobs:
+  kics-scan:
+    name: KICS Scan
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+      - name: Run KICS
+        continue-on-error: true
+        run: |
+          docker pull checkmarx/kics:latest
+          docker run -v ${{ github.workspace }}:/path checkmarx/kics scan -p "/path" -o "/path/" --report-formats "sarif" --no-progress
+      - name: actions/upload-artifact
+        uses: actions/upload-artifact@v3
+        with:
+          name: kics-analysis
+          path: results.sarif
+      - name: Upload KICS scan results to GitHub Security tab
+        if: ${{ env.CODEQL_ENABLED }}
+        uses: github/codeql-action/upload-sarif@v1
+        with:
+          sarif_file: results.sarif
\ No newline at end of file