Home

Trigger Scan

Once you have configured the GitHub actions, you can trigger a scan in the following ways:

Trigger Scan (Automatically)

Trigger Scan (Manually)

Trigger Scan (Scheduled)

Trigger Scan (Automatically)

The IaC scan is automatically triggered on every pull request and push request event. Once the GitHub actions are configured, it is automatically executed, and the scan is triggered with every push request and pull request.

In a push or pull request event, the scan scope is limited only to the changed or newly added files.

Here is an example of a push request.

name: Qualys IAC Scan

on:

 push:

   branches:

     - main

jobs:

   Qualys_iac_scan:

       runs-on: ubuntu-latest

       name: Qualys IaC Scan

       steps:

         - name: Checkout

           uses: actions/checkout@v2

           with:

               fetch-depth: 0

     

         - name: Qualys IAC scan action step

           uses: Qualys/github_action_qiac@main

           id: qiac

           env:

               URL: ${{ secrets.URL }}

               UNAME: ${{ secrets.USERNAME }}

               PASS: ${{ secrets.PASSWORD }}

Here is an example of a pull request.

name: Qualys IAC Scan

on:

 pull_request:

   branches:

     - main

jobs:

   Qualys_iac_scan:

       runs-on: ubuntu-latest

       name: Qualys IaC Scan

       steps:

         - name: Checkout

           uses: actions/checkout@v2

           with:

               fetch-depth: 0

         - name: Qualys IAC scan action step

           uses: Qualys/github_action_qiac@main

           id: qiac

           env:

               URL: ${{ secrets.URL }}

               UNAME: ${{ secrets.USERNAME }}

               PASS: ${{ secrets.PASSWORD }}

Trigger Scan (Manually)

Using the following script, you could manually trigger a scan for the entire repository.

name: Qualys IAC Scan

on: workflow_dispatch

jobs:

   Qualys_iac_scan:

       runs-on: ubuntu-latest

       name: Qualys IaC Scan

       steps:

         - name: Checkout

           uses: actions/checkout@v2

           with:

               fetch-depth: 0

     

         - name: Qualys IAC scan action step

           uses: Qualys/github_action_qiac@main

           id: qiac

           env:

               URL: ${{ secrets.URL }}

               UNAME: ${{ secrets.USERNAME }}

               PASS: ${{ secrets.PASSWORD }}

           with:

              directory: 'path of directory to scan (optional)'

The scan is limited to the specified directory if the path is provided in the directory attribute. If the path is not provided, the entire repository is scanned.

Trigger Scan (Scheduled)

You can schedule the IaC scans to be executed at a scheduled time on an hourly, daily, or weekly basis by using the GitHub actions. Use the cron notation to configure the scheduled time.

name: Qualys IAC Scan

on:

 schedule:

    - cron:  '*/5 * * * *'

jobs:

   Qualys_iac_scan:

       runs-on: ubuntu-latest

       name: Qualys IaC Scan

       steps:

         - name: Checkout

           uses: actions/checkout@v2

           with:

               fetch-depth: 0

     

         - name: Qualys IAC scan action step

           uses: Qualys/github_action_qiac@main

           id: qiac

           env:

               URL: ${{ secrets.URL }}

               UNAME: ${{ secrets.USERNAME }}

               PASS: ${{ secrets.PASSWORD }}

           with:

              directory: 'path of directory to scan (optional)'

The scan is limited to the specified directory if the path is provided in the directory attribute. If the path is not provided, the entire repository is scanned.

Next step:

Upload SARIF File on GitHub