kics

OPSEXP-2948 Prepare for v25 release #561

	name: kics

	on:
	pull_request:
	branches:
	- master
	- 'next/**'
	paths:
	- 'playbooks/**'
	- 'roles/**'
	- '.github/workflows/kics.yml'
	push:
	branches: [master]
	paths:
	- 'playbooks/**'
	- 'roles/**'
	- '.github/workflows/kics.yml'

	permissions:
	security-events: write

	jobs:
	kics:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
	- name: Run KICS Scan
	uses: checkmarx/kics-github-action@3246fb456a46d1ea8848ae18793c036718b19fe0 # v2.1.5
	with:
	path: 'playbooks,roles'
	ignore_on_exit: results
	output_path: report-dir/
	output_formats: 'sarif'
	token: ${{ secrets.GITHUB_TOKEN }}
	enable_jobs_summary: true
	platform_type: ansible
	disable_secrets: true
	- name: Upload SARIF file
	uses: github/codeql-action/upload-sarif@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3.28.10
	with:
	sarif_file: report-dir/results.sarif

Provide feedback