Once you have configured the GitHub actions, you can trigger a scan in the following ways:
The IaC scan is automatically triggered on every pull request and push request event. Once the GitHub actions are configured, it is automatically executed, and the scan is triggered with every push request and pull request.
In a push or pull request event, the scan scope is limited only to the changed or newly added files.
Here is an example of a push request.
on:
push:
branches:
- main
jobs:
Qualys_iac_scan:
runs-on: ubuntu-latest
name: Qualys IaC Scan
steps:
- name: Checkout
uses: actions/checkout@v2
with:
fetch-depth: 0
- name: Qualys IAC scan action step
uses: Qualys/github_action_qiac@main
id: qiac
env:
URL: ${{ secrets.URL }}
UNAME: ${{ secrets.USERNAME }}
PASS: ${{ secrets.PASSWORD }}
Here is an example of a pull request.
name: Qualys IAC Scan
on:
pull_request:
branches:
- main
jobs:
Qualys_iac_scan:
runs-on: ubuntu-latest
name: Qualys IaC Scan
steps:
- name: Checkout
uses: actions/checkout@v2
with:
fetch-depth: 0
- name: Qualys IAC scan action step
uses: Qualys/github_action_qiac@main
id: qiac
env:
URL: ${{ secrets.URL }}
UNAME: ${{ secrets.USERNAME }}
PASS: ${{ secrets.PASSWORD }}
Using the following script, you could manually trigger a scan for the entire repository.
name: Qualys IAC Scan
on: workflow_dispatch
jobs:
Qualys_iac_scan:
runs-on: ubuntu-latest
name: Qualys IaC Scan
steps:
- name: Checkout
uses: actions/checkout@v2
with:
fetch-depth: 0
- name: Qualys IAC scan action step
uses: Qualys/github_action_qiac@main
id: qiac
env:
URL: ${{ secrets.URL }}
UNAME: ${{ secrets.USERNAME }}
PASS: ${{ secrets.PASSWORD }}
with:
directory: 'path of directory to scan (optional)'
The scan is limited to the specified directory if the path is provided in the directory attribute. If the path is not provided, the entire repository is scanned.
You can schedule the IaC scans to be executed at a scheduled time on an hourly, daily, or weekly basis by using the GitHub actions. Use the cron notation to configure the scheduled time.
name: Qualys IAC Scan
on:
schedule:
- cron: '*/5 * * * *'
jobs:
Qualys_iac_scan:
runs-on: ubuntu-latest
name: Qualys IaC Scan
steps:
- name: Checkout
uses: actions/checkout@v2
with:
fetch-depth: 0
- name: Qualys IAC scan action step
uses: Qualys/github_action_qiac@main
id: qiac
env:
URL: ${{ secrets.URL }}
UNAME: ${{ secrets.USERNAME }}
PASS: ${{ secrets.PASSWORD }}
with:
directory: 'path of directory to scan (optional)'
The scan is limited to the specified directory if the path is provided in the directory attribute. If the path is not provided, the entire repository is scanned.
Next step: