{"id":23649255,"url":"https://github.com/cycodelabs/cimon-action","last_synced_at":"2025-09-01T00:31:08.500Z","repository":{"id":135379648,"uuid":"608690232","full_name":"CycodeLabs/cimon-action","owner":"CycodeLabs","description":"Runtime Security Solution for your CI/CD Pipeline","archived":false,"fork":false,"pushed_at":"2024-04-03T16:14:23.000Z","size":625,"stargazers_count":72,"open_issues_count":1,"forks_count":3,"subscribers_count":3,"default_branch":"main","last_synced_at":"2024-04-14T01:06:01.981Z","etag":null,"topics":["cicd","ebpf","github-actions","hardening","linux","security","security-hardening","supply-chain-security"],"latest_commit_sha":null,"homepage":"https://cimon.build","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/CycodeLabs.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2023-03-02T14:41:23.000Z","updated_at":"2024-04-13T19:10:56.000Z","dependencies_parsed_at":"2023-04-12T12:16:40.359Z","dependency_job_id":"8405bc60-8e6e-4c7b-9e72-a22fe12157eb","html_url":"https://github.com/CycodeLabs/cimon-action","commit_stats":{"total_commits":72,"total_committers":4,"mean_commits":18.0,"dds":0.2777777777777778,"last_synced_commit":"7220b13a88b8c6b8d60dcf3362c2a8bd3602d1b0"},"previous_names":[],"tags_count":26,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CycodeLabs%2Fcimon-action","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CycodeLabs%2Fcimon-action/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CycodeLabs%2Fcimon-action/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CycodeLabs%2Fcimon-action/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/CycodeLabs","download_url":"https://codeload.github.com/CycodeLabs/cimon-action/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":231641760,"owners_count":18404719,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cicd","ebpf","github-actions","hardening","linux","security","security-hardening","supply-chain-security"],"created_at":"2024-12-28T15:24:42.986Z","updated_at":"2024-12-28T15:24:44.226Z","avatar_url":"https://github.com/CycodeLabs.png","language":"JavaScript","readme":"# 🦫 Secure your CI with Cimon\n\n![](./pics/cimon-cover.png)\n\n\u003ca href=\"https://cycode.com/cygives/\" alt=\"Cimon is part of Cygives, the community hub for free \u0026 open developer security tools.\"/\u003e\n \u003cpicture\u003e\n \u003csource media=\"(prefers-color-scheme: dark)\" srcset=\"./assets/images/Cygives-darkmode.svg\"\u003e\n \u003csource media=\"(prefers-color-scheme: light)\" srcset=\"./assets/images/Cygives-lightmode.svg\"\u003e\n \u003cimg alt=\"Cygives Banner\" src=\"./assets/images/Cygives-lightmode.svg\"\u003e\n \u003c/picture\u003e\n\u003c/a\u003e\n\n[Cimon](https://cimon.build) (pronounced \"Simon\") is a runtime security solution that detects and stops software supply-chain attacks on your pipeline, including those targeting SolarWinds and CodeCov, through easy onboarding and a developer-friendly experience.\n\nBy utilizing the revolutionary eBPF technology, Cimon monitors and mitigates attacks within the kernel, denying access to users' assets as soon as they arise.\n\nThis action helps seamlessly deploy the agent into any desired GitHub Actions build. The action is based on the NodeJS engine and contains simple `pre` and `post` scripts to deploy and gracefully shut down the agent.\n\nLearn more about Cimon in our [docs](https://docs.cimon.build).\n\n## 🏃‍♂️ Getting Started with Cimon\n\nGetting started with Cimon is as simple as introducing a single step in the pipeline. Cimon Action should be the first step in each of your jobs.\n\nWe recommend starting Cimon in “Detect Mode” to allow it to learn your environment before applying preventive policies.\n\n```yaml\n- uses: cycodelabs/cimon-action@v0\n```\n\n## 🔨 Usage\n\nThe action supports the following parameters:\n\n| Name | Default | Description |\n| ------------------------ | --------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |\n| `client-id` | | Cimon client ID for authentication |\n| `secret` | | Cimon secret for authentication |\n| `url` | | Cimon endpoint for authentication |\n| `prevent` | `false` | Enable prevention mode |\n| `allowed-ips` | | A comma or white space separated list of allowed IP addresses |\n| `allowed-hosts` | | A comma or white space separated list of allowed domain names. The left-most label can be the wildcard character (`*`) to match multiple subdomains (e.g. `*.example.com`). |\n| `ignored-ip-nets` | | A comma or white space separated list of ignored IP networks in CIDR notation, e.g. 10.0.0.0/8, 172.16.0.0/12. This setting is mandatory if your workflow runs containers attached to a custom network with configured sub-range. In other words, inter-container networking is usually ignored by Cimon. Cimon implicitly ignores 10.0.0.0/8 and 172.16.0.0/12 networks. |\n| `github-token` | `${{ github.token }}` | GitHub token (used to overcome GitHub rate limiting) |\n| `report-job-summary` | `true` | Report results through job summary output |\n| `report-process-tree` | `false` | Enable to report the process tree |\n| `slack-webhook-endpoint` | | Slack webhook endpoint to report security events |\n| `apply-fs-events` | `false` | Enable processing filesystem events and display them in the process tree report |\n| `log-level` | `info` | Log level (Used for debugging) |\n| `feature-gates` | | Set of key=value pairs that describe Cimon features |\n| `fail-on-error` | `false` | Fail the CI if Cimon encountered an error |\n\n## ⚙️ Scenarios\n\n### Running Cimon on detect mode\n\n```yaml\nsteps:\n - uses: cycodelabs/cimon-action@v0\n```\n\n### Running Cimon on prevent mode\n\n```yaml\nsteps:\n - uses: cycodelabs/cimon-action@v0\n with:\n prevent: true\n allowed-hosts: \u003e\n cycode.com\n```\n\n### Running Cimon on detect mode with a process tree and file system events\n\n```yaml\nsteps:\n - uses: cycodelabs/cimon-action@v0\n with:\n report-process-tree: true\n apply-fs-events: true\n```\n\n### Running Cimon with enhanced Cycode capabiltiies\n\nYou can read more about it [here](https://docs.cimon.build/#cimon-with-cycode).\n\n```yaml\nsteps:\n - uses: cycodelabs/cimon-action@v0\n with:\n client-id: ${{ secrets.CIMON_CLIENT_ID }}\n secret: ${{ secrets.CIMON_SECRET }}\n```\n\n## 🛡️ Security Report\n\nEach pipeline run will report its findings through a security report embedded within the pipeline summary in GitHub Actions.\n\nHere is an example of a Cimon report:\n\n![](./pics/detect-report.png)\n\nThe report, created as a job summary, contains the profile of the running job based on the configuration and includes a snippet to assist the user with transitioning from detection to prevention.\n\nWhen the policy is set to \"prevent\", any security anomalies matching the profile are displayed on the report:\n\n![](./pics/prevent-report.png)\n\n## 🪚 Development\n\nContributions to GitHub Action are welcome. After changes were made to the `src` folder, these changes should be reflected to the `dist` folder through the following build process:\n\n1. Install or update package dependencies:\n ```\n npm install\n ```\n2. Compile JavaScript source files into single entrypoint files with [ncc]:\n ```\n npm run all\n ```\n\nThe build script will update the actions' entry points code in the [dist](dist) directory, which should be added to the Git repository.\n\n[ncc]: https://github.com/vercel/ncc\n\n## 🪪 License\n\n[Apache License 2.0](./LICENSE.md)\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcycodelabs%2Fcimon-action","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcycodelabs%2Fcimon-action","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcycodelabs%2Fcimon-action/lists"}