-
Notifications
You must be signed in to change notification settings - Fork 3
63 lines (54 loc) · 1.45 KB
/
test-live-mode.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
on:
workflow_dispatch:
name: Test Live Mode
jobs:
test-falco-live:
runs-on: ubuntu-latest
permissions:
contents: read
actions: read
steps:
- name: Start Falco
uses: darryk10/falco-action/start@dbd1251c3b5e2aef470b1e08b883629ee53ab373
with:
mode: live
falco-version: '0.39.0'
verbose: true
- name: Checkout
uses: actions/checkout@v4
- name: Read Sensitive File
run: |
sleep 3
docker run --rm --privileged ubuntu cat /etc/shadow
sleep 3
- name: Stop Falco
uses: darryk10/falco-action/stop@dbd1251c3b5e2aef470b1e08b883629ee53ab373
with:
mode: live
verbose: true
test-falco-live-custom-rule:
runs-on: ubuntu-latest
permissions:
contents: read
actions: read
steps:
- name: Start Falco
uses: darryk10/falco-action/start@dbd1251c3b5e2aef470b1e08b883629ee53ab373
with:
mode: live
falco-version: '0.39.0'
custom-rule-file: '${{ github.workspace }}/rules/falco_cicd_rules.yaml'
verbose: true
- name: Checkout
uses: actions/checkout@v4
- name: Overwrite Source Code
shell: bash
run: |
sleep 3
echo "pwned" > ${{ github.workspace }}/pwn.txt
sleep 3
- name: Stop Falco
uses: darryk10/falco-action/stop@dbd1251c3b5e2aef470b1e08b883629ee53ab373
with:
mode: live
verbose: true