{"id":18420369,"url":"https://github.com/kubeshop/monokle-action","last_synced_at":"2025-04-07T13:31:58.981Z","repository":{"id":61642110,"uuid":"545464132","full_name":"kubeshop/monokle-action","owner":"kubeshop","description":"Run this GitHub action to validate your Kubernetes resources with the Monokle SARIF validator.","archived":false,"fork":false,"pushed_at":"2024-06-13T06:57:32.000Z","size":1532,"stargazers_count":5,"open_issues_count":3,"forks_count":1,"subscribers_count":5,"default_branch":"main","last_synced_at":"2025-03-22T19:24:00.386Z","etag":null,"topics":["devsecops","github-actions","kubernetes","sarif","sarif-report","scanner","security","validation"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/kubeshop.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-10-04T12:21:26.000Z","updated_at":"2024-06-13T06:57:27.000Z","dependencies_parsed_at":"2024-06-14T08:02:04.293Z","dependency_job_id":null,"html_url":"https://github.com/kubeshop/monokle-action","commit_stats":{"total_commits":24,"total_committers":2,"mean_commits":12.0,"dds":0.04166666666666663,"last_synced_commit":"e5f5e0dcc0f085b18b0f9de19234cbc2b522d3bb"},"previous_names":[],"tags_count":9,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kubeshop%2Fmonokle-action","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kubeshop%2Fmonokle-action/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kubeshop%2Fmonokle-action/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kubeshop%2Fmonokle-action/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/kubeshop","download_url":"https://codeload.github.com/kubeshop/monokle-action/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247661838,"owners_count":20975132,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["devsecops","github-actions","kubernetes","sarif","sarif-report","scanner","security","validation"],"created_at":"2024-11-06T04:21:21.991Z","updated_at":"2025-04-07T13:31:55.383Z","avatar_url":"https://github.com/kubeshop.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\n  \u003cimg src=\"docs/images/large-icon-256.png\" alt=\"Monokle Logo\" width=\"128\" height=\"128\"/\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://github.com/kubeshop/monokle-action/releases\"\u003e\n    \u003cimg title=\"Release\" src=\"https://img.shields.io/github/v/release/kubeshop/monokle-action\"/\u003e\n  \u003c/a\u003e\n\n  \u003ca href=\"https://github.com/kubeshop/monokle-core/tree/main/packages/validation\"\u003e\n    \u003cimg title=\"mit licence\" src=\"https://img.shields.io/badge/License-MIT-yellow.svg\"/\u003e\n  \u003c/a\u003e\n\u003c/p\u003e\n\n# Welcome to Monokle Action\n\nMonokle Action is a GitHub Action for static analysis of Kubernetes resources.\n\nUse it to prevent misconfigurations within Kustomize, Helm or default Kubernetes resources. The output is available as a SARIF file which you can upload to GitHub CodeScan.\n\nUnder the hood it uses [@monokle/validation][monokle-validation] which allows you to configure validation rules extensively.\n\n[Explore a demo pull request][demo-pr]\n\n## Table of content\n\n- [Usage](#usage)\n  - [Understanding the Action's result](#understanding-the-actions-result)\n  - [Validate the output of Kustomize](#validate-the-output-of-kustomize)\n  - [Validate the output of Helm](#validate-the-output-of-helm)\n  - [Validate default Kubernetes resources](#validate-default-kubernetes-resources)\n  - [Validate and upload to GitHub CodeScan](#validate-and-upload-to-github-codescan)\n- [Configuration](#configuration)\n  - [Action inputs](#action-inputs)\n  - [@monokle/validation rules](#monoklevalidation-rules)\n\n## Usage\n\n### Understanding the Action's result\n\nThe action will find problems for you.\n\nYou can configure the validator whether a problem is an error or a warning.\n\nThe action fails when at least one error is found. Only warnings will not result in a failure and allow you to still merge. This allows for transition periods in your policies.\n\n### Validate the output of Kustomize\n\n```yaml\non: push\n\njobs:\n  validate:\n    name: Validate Kustomize with Monokle\n    runs-on: ubuntu-latest\n    steps:\n      - id: checkout\n        uses: actions/checkout@master\n      - id: bake\n        uses: azure/k8s-bake@v2.2\n        with:\n          renderEngine: \"kustomize\"\n          kustomizationPath: \"./kustomize-happy-cms/overlays/local\"\n      - id: validate\n        uses: kubeshop/monokle-action@v0.2.0\n        with:\n          path: ${{ steps.bake.outputs.manifestsBundle }}\n```\n\n### Validate the output of Helm\n\n```yaml\non: push\n\njobs:\n  validate:\n    name: Validate Helm with Monokle\n    runs-on: ubuntu-latest\n    steps:\n      - id: checkout\n        uses: actions/checkout@master\n      - id: bake\n        uses: azure/k8s-bake@v2.2\n        with:\n          renderEngine: \"helm\"\n          helmChart: \"./helm-yellow-wordpress\"\n      - id: validate\n        uses: kubeshop/monokle-action@v0.2.0\n        with:\n          path: ${{ steps.bake.outputs.manifestsBundle }}\n```\n\n### Validate default Kubernetes resources\n\n```yaml\non: push\n\njobs:\n  validate:\n    name: Validate Kubernetes resources with Monokle\n    runs-on: ubuntu-latest\n    steps:\n      - id: checkout\n        uses: actions/checkout@master\n      - id: validate\n        uses: kubeshop/monokle-action@v0.2.0\n        with:\n          path: __path_to_file_or_directory_with_kubernetes_yaml_files__\n```\n\n### Validate and upload to GitHub CodeScan\n\n```yaml\non: push\n\njobs:\n  validate:\n    runs-on: ubuntu-latest\n    permissions:\n      security-events: write\n    name: Validate Kustomize with Monokle\n    steps:\n      - id: checkout\n        uses: actions/checkout@master\n      - id: bake\n        uses: azure/k8s-bake@v2.2\n        with:\n          renderEngine: \"kustomize\"\n          kustomizationPath: \"./kustomize-happy-cms/overlays/local\"\n      - id: validate\n        uses: kubeshop/monokle-action@v0.2.0\n        with:\n          path: ${{ steps.bake.outputs.manifestsBundle }}\n      - id: upload-sarif\n        if: always()\n        uses: github/codeql-action/upload-sarif@v2\n        with:\n          sarif_file: ${{ steps.validate.outputs.sarif }}\n```\n\n## Configuration\n\n### Action inputs\n\n**[path]** Relative path to a directory or a YAML file with Kubernetes resources.\n\n**[config]** Relative path to the Monokle validation configuration file.\n\n### @monokle/validation rules\n\nThe Monokle Action looks for a Monokle Validation configuration.\n\nThe default path is found at `./monokle.validation.yaml`.\n\n[Learn more about Monokle Validation configuration][monokle-validation-docs]\n\n**Example**\n\n```yaml\nplugins:\n  yaml-syntax: true\n  kubernetes-schema: true\nrules:\n  yaml-syntax/no-bad-alias: \"warn\"\n  yaml-syntax/no-bad-directive: false\n  open-policy-agent/no-last-image: \"err\"\n  open-policy-agent/cpu-limit: \"err\"\n  open-policy-agent/memory-limit: \"err\"\n  open-policy-agent/memory-request: \"err\"\nsettings:\n  kubernetes-schema:\n    schemaVersion: v1.24.2\n```\n\n[monokle-validation]: https://github.com/kubeshop/monokle-core/tree/main/packages/validation\n[monokle-validation-docs]: https://github.com/kubeshop/monokle-core/blob/main/packages/validation/docs/configuration.md\n[demo-pr]: https://github.com/kubeshop/monokle-demo/pull/1\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkubeshop%2Fmonokle-action","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkubeshop%2Fmonokle-action","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkubeshop%2Fmonokle-action/lists"}