ENG-25676 add additional configuration options (#4)

Author: bhenderson-r7

.github/workflows/pull_request_example.yml

@@ -16,3 +16,11 @@ jobs:
           api_key: ${{ secrets.ics_api_key }}
           base_url: ${{ secrets.ics_base_url }}
           config_name: AWS CIS Benchmark 1.4
+      - name: Attach scan artifacts
+        if: always()
+        uses: actions/upload-artifact@v3
+        with:
+          name: mimics-scan-artifacts
+          path: |
+            ./log/mimics*.log
+            ./ics_scan.*

.github/workflows/pull_request_with_advanced_security_center_example.yml

@@ -16,6 +16,14 @@ jobs:
           api_key: ${{ secrets.ics_api_key }}
           base_url: ${{ secrets.ics_base_url }}
           config_name: AWS CIS Benchmark 1.4
+      - name: Attach scan artifacts
+        if: always()
+        uses: actions/upload-artifact@v3
+        with:
+          name: mimics-scan-artifacts
+          path: |
+            ./log/mimics*.log
+            ./ics_scan.*
       - name: Upload SARIF file
         if: always()
         uses: github/codeql-action/upload-sarif@v2

README.md

@@ -48,6 +48,15 @@ jobs:
           api_key: ${{ secrets.ics_api_key }}
           base_url: ${{ secrets.ics_base_url }}
           config_name: AWS CIS Benchmark 1.4
+      # the following is optional but recommended to retrieve scan reports and logs
+      - name: Attach scan artifacts
+        if: always()
+        uses: actions/upload-artifact@v3
+        with:
+          name: mimics-scan-artifacts
+          path: |
+            ./log/mimics*.log
+            ./ics_scan.*
       # the following is optional but recommended to surface results to Github Advanced Security
       - name: Upload the sarif report to Github Advanced Security
         if: always()

action.yml

@@ -3,15 +3,31 @@ author: Rapid7
 description: >
   Scans a cloudformation template and saves results to disk.
 inputs:
-  base_url:
-    description: URL of ICS server
-    required: true
   api_key:
     description: Api key for server at base_url
     required: true
+  base_url:
+    description: URL of ICS server
+    required: true
   config_name:
     description: Name of insightCloudSec configuration to run scan with
     required: true
+  log_level:
+    description: Sets log level ["trace", "debug", "info", "warn", "error", "fatal"] (default "info")
+    required: false
+    default: "info"
+  log_path:
+    description: Path to write log file
+    required: false
+    default: "./log/mimics.log"
+  report_formats:
+    description: Formats of scan result report artifacts (all,sarif,html,junitxml) (default "all")
+    required: false
+    default: "all"
+  report_path:
+    description: Path to write report files
+    required: false
+    default: "./"
   target:
     description: File(s) to scan
     required: false
@@ -30,7 +46,11 @@ runs:
     - ${{ inputs.target }}
     - -c
     - ${{ inputs.config_name }}
+    - --log-level
+    - ${{ inputs.log_level }}
     - --log-path
-    - ./mimics.log
+    - ${{ inputs.log_path }}
+    - --report-path
+    - ${{ inputs.report_path }}
     - --report-formats
-    - all
+    - ${{ inputs.report_formats }}