You're viewing an older version of this GitHub Action. Do you want to see the latest version instead?
GitHub Action
IAM SARIF Report
v2.0.0
Validate your IAM Policies and SCPs with AWS Policy Validator, and convert those results into SARIF documents for reporting.
To generate findings, iam-sarif-report makes AWS API requests. The AWS Principal you use must be allowed to use the access-analyzer:ValidatePolicy command.
{
"Effect": "Allow",
"Action": "access-analyzer:ValidatePolicy",
"Resource": "*"
}See the action.yaml for detailed usage information.
on: [push]
jobs:
example:
permissions:
security-events: write
actions: read
contents: read
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
# setup aws access
- uses: aws-actions/configure-aws-credentials@v3
with:
role-to-assume: arn:aws:iam::111111111111:role/my-github-actions-role-test
aws-region: eu-west-1
# validate some policies, and get some SARIF back
# the action creates .sarif file for each policy in the policies directory
- uses: georgealton/iam-sarif-report@v1
with:
policies: policies/
results: results
# Public repositories / Organizations with GitHub Advanced Security
# upload sarif files using CodeQL
- uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: resultspipx run iam-sarif-report tests/data/policy_checks/policies/arn-region-not-allowed.json