From c3f4e0e22bbc0700054804eb04bd89f19b64ebfc Mon Sep 17 00:00:00 2001
From: Ben <ben@armosec.io>
Date: Thu, 20 Apr 2023 21:35:45 +0300
Subject: [PATCH 1/6] Adding miscofiguration scanning to enable viewing the
 issues in GitHub

---
 .github/workflows/example-yaml-scanning.yaml | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)
 create mode 100644 .github/workflows/example-yaml-scanning.yaml

diff --git a/.github/workflows/example-yaml-scanning.yaml b/.github/workflows/example-yaml-scanning.yaml
new file mode 100644
index 00000000..82070366
--- /dev/null
+++ b/.github/workflows/example-yaml-scanning.yaml
@@ -0,0 +1,16 @@
+name: Kubescape scanning for misconfigurations
+on: [push, pull_request]
+jobs:
+  kubescape-scan:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+    - uses: kubescape/github-action@main
+      continue-on-error: true
+      with:
+        format: sarif
+        outputFile: results.sarif
+    - name: Upload Kubescape scan results to Github Code Scanning
+      uses: github/codeql-action/upload-sarif@v2
+      with:
+        sarif_file: results.sarif
\ No newline at end of file

From 9c0f01d47f2cd3deebcce1b62a62e3bc117f157a Mon Sep 17 00:00:00 2001
From: Ben <ben@armosec.io>
Date: Thu, 20 Apr 2023 21:38:28 +0300
Subject: [PATCH 2/6] excluding CIS from results

---
 .github/workflows/example-yaml-scanning.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/example-yaml-scanning.yaml b/.github/workflows/example-yaml-scanning.yaml
index 82070366..7112ac69 100644
--- a/.github/workflows/example-yaml-scanning.yaml
+++ b/.github/workflows/example-yaml-scanning.yaml
@@ -6,6 +6,7 @@ jobs:
     steps:
     - uses: actions/checkout@v3
     - uses: kubescape/github-action@main
+      framework: AllControls
       continue-on-error: true
       with:
         format: sarif

From 39c6263da4a3a8d0c695f8dd88b07015cf81c801 Mon Sep 17 00:00:00 2001
From: Ben <ben@armosec.io>
Date: Thu, 20 Apr 2023 21:52:25 +0300
Subject: [PATCH 3/6] fixing property name

---
 .github/workflows/example-yaml-scanning.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/example-yaml-scanning.yaml b/.github/workflows/example-yaml-scanning.yaml
index 7112ac69..7ae9da6e 100644
--- a/.github/workflows/example-yaml-scanning.yaml
+++ b/.github/workflows/example-yaml-scanning.yaml
@@ -6,7 +6,7 @@ jobs:
     steps:
     - uses: actions/checkout@v3
     - uses: kubescape/github-action@main
-      framework: AllControls
+      frameworks: AllControls
       continue-on-error: true
       with:
         format: sarif

From f9f1368fe012ff473e5aff921fd45836989d648a Mon Sep 17 00:00:00 2001
From: Ben <ben@armosec.io>
Date: Thu, 20 Apr 2023 21:53:28 +0300
Subject: [PATCH 4/6] misplaced property

---
 .github/workflows/example-yaml-scanning.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/example-yaml-scanning.yaml b/.github/workflows/example-yaml-scanning.yaml
index 7ae9da6e..b7f089e3 100644
--- a/.github/workflows/example-yaml-scanning.yaml
+++ b/.github/workflows/example-yaml-scanning.yaml
@@ -6,9 +6,9 @@ jobs:
     steps:
     - uses: actions/checkout@v3
     - uses: kubescape/github-action@main
-      frameworks: AllControls
       continue-on-error: true
       with:
+        frameworks: AllControls
         format: sarif
         outputFile: results.sarif
     - name: Upload Kubescape scan results to Github Code Scanning

From 89bd7bed774bf5eae393c56e50b6fb843cd30626 Mon Sep 17 00:00:00 2001
From: David Wertenteil <dwertent@armosec.io>
Date: Sun, 23 Apr 2023 08:15:39 +0300
Subject: [PATCH 5/6] core(workflows): Adding permissions

---
 .github/workflows/example-yaml-scanning.yaml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/example-yaml-scanning.yaml b/.github/workflows/example-yaml-scanning.yaml
index b7f089e3..af667d3f 100644
--- a/.github/workflows/example-yaml-scanning.yaml
+++ b/.github/workflows/example-yaml-scanning.yaml
@@ -2,6 +2,9 @@ name: Kubescape scanning for misconfigurations
 on: [push, pull_request]
 jobs:
   kubescape-scan:
+    permissions:
+      contents: write
+      pull-requests: write
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v3
@@ -14,4 +17,4 @@ jobs:
     - name: Upload Kubescape scan results to Github Code Scanning
       uses: github/codeql-action/upload-sarif@v2
       with:
-        sarif_file: results.sarif
\ No newline at end of file
+        sarif_file: results.sarif

From 5bfcb8be2474e23fef40c8e7c00f0ccce9aed13a Mon Sep 17 00:00:00 2001
From: Ben <ben@armosec.io>
Date: Sun, 23 Apr 2023 08:22:35 +0300
Subject: [PATCH 6/6] adding write privileges to cover event

---
 .github/workflows/example-yaml-scanning.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/example-yaml-scanning.yaml b/.github/workflows/example-yaml-scanning.yaml
index af667d3f..a484cf5e 100644
--- a/.github/workflows/example-yaml-scanning.yaml
+++ b/.github/workflows/example-yaml-scanning.yaml
@@ -5,6 +5,7 @@ jobs:
     permissions:
       contents: write
       pull-requests: write
+      security-events: write
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v3