Skip to content

Commit 70c4311

Browse files
sureshcsdpsureshcsdp
authored
Update docs with Github scan-action guidance (#109)
1 parent 418c66c commit 70c4311

2 files changed

Lines changed: 45 additions & 1 deletion

File tree

README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@
1010
**Languages / Langues :**
1111
🇬🇧 [English](README.md) | 🇫🇷 [Français](README.fr.md)
1212

13-
**Docs:** [AWS Setup](docs/aws.md) · [Azure Setup](docs/azure.md) · [CI/CD Guide](docs/ci.md) · [Detection Rules](docs/rules.md) · [Example Outputs](docs/example-outputs.md) · [Docker Hub](https://hub.docker.com/r/getcleancloud/cleancloud)
13+
**Docs:** [AWS Setup](docs/aws.md) · [Azure Setup](docs/azure.md) · [CI/CD Guide](docs/ci.md) · [Detection Rules](docs/rules.md) · [Example Outputs](docs/example-outputs.md) · [Docker Hub](https://hub.docker.com/r/getcleancloud/cleancloud) · [GitHub Action](https://github.com/marketplace/actions/cleancloud-scan)
1414

1515
---
1616

docs/ci.md

Lines changed: 44 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -59,6 +59,50 @@ For OIDC setup, enforcement options, output formats, and advanced patterns — r
5959

6060
---
6161

62+
## Using the GitHub Action
63+
64+
The simplest way to add CleanCloud to GitHub Actions — one step, no pip install needed.
65+
66+
### AWS (OIDC)
67+
68+
```yaml
69+
- uses: aws-actions/configure-aws-credentials@v4
70+
with:
71+
role-to-assume: arn:aws:iam::${{ vars.AWS_ACCOUNT_ID }}:role/CleanCloudCIReadOnly
72+
aws-region: us-east-1
73+
74+
- uses: cleancloud-io/scan-action@v1
75+
with:
76+
provider: aws
77+
all-regions: 'true'
78+
fail-on-confidence: HIGH
79+
fail-on-cost: '100'
80+
output: json
81+
output-file: scan-results.json
82+
```
83+
84+
### Azure (Workload Identity)
85+
86+
```yaml
87+
- uses: azure/login@v2
88+
with:
89+
client-id: ${{ secrets.AZURE_CLIENT_ID }}
90+
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
91+
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
92+
93+
- uses: cleancloud-io/scan-action@v1
94+
with:
95+
provider: azure
96+
fail-on-confidence: HIGH
97+
fail-on-cost: '100'
98+
output: json
99+
output-file: scan-results.json
100+
```
101+
102+
Full input reference and options: [cleancloud-io/scan-action →](https://github.com/marketplace/actions/cleancloud-scan)
103+
104+
---
105+
62106
## Using the Docker Image
63107

64108
No Python setup required — pull and run. Useful for pipelines where you don't control the runner environment or want to pin to an exact CleanCloud version.

0 commit comments

Comments
 (0)