Infrastructure as Code

The Infrastructure as Code (iac) component focuses on analyzing your infrastructure code for security vulnerabilities. This component helps in identifying misconfigurations and security risks in your infrastructure setup, ensuring that your cloud resources are configured securely before deployment.

The iac accept a following inputs:

Name	Description	Required	Default Value
`api-url`	URL of the DevGuard API	No	`https://api.main.devguard.org`
`asset-name`	Name of the asset to be scanned	Yes
`path`	Path to the source code to be scanned	No	`.`

Usage Example: Here’s an example of how to call this reusable workflow from another workflow file:

name: DevGuard Workflow
 
on:
    push
 
jobs:
    devguard-iac:
        uses: l3montree-dev/devguard-action/.github/workflows/iac.yml@main
        with:
          api-url: https://api.main.devguard.org
          asset-name: 'myOrgnaization/projects/myProject/assets/myAsset'
        secrets:
          devguard-token: ${{ secrets.DEVGUARD_TOKEN }}

Static Application Security Testing Software Composition Analysis