From e9023fbbfa319f7e3d2ec4bcfe1b3173fc564b38 Mon Sep 17 00:00:00 2001
From: "jit-ci[bot]" <91912817+jit-ci[bot]@users.noreply.github.com>
Date: Thu, 2 Nov 2023 16:49:23 +0000
Subject: [PATCH] Create an initial security.yml file

---
 .github/workflows/jit-security.yml | 33 ++++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)
 create mode 100644 .github/workflows/jit-security.yml

diff --git a/.github/workflows/jit-security.yml b/.github/workflows/jit-security.yml
new file mode 100644
index 00000000..52283b99
--- /dev/null
+++ b/.github/workflows/jit-security.yml
@@ -0,0 +1,33 @@
+name: Workflows generated by the MVS plan
+'on':
+  workflow_dispatch:
+    inputs:
+       client_payload:
+          description: The Client payload
+          required: true
+
+permissions:
+  contents: read
+  id-token: write
+
+jobs:
+  enrich:
+    if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'enrich'
+    runs-on: ubuntu-20.04
+    timeout-minutes: 20
+    steps:
+    - name: enrichment
+      uses: jitsecurity-controls/jit-github-action@v4.0.4
+      with:
+        security_control: registry.jit.io/control-enrichment-slim:latest
+
+  secret-detection:
+    if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'secret-detection'
+    runs-on: ubuntu-20.04
+    timeout-minutes: 20
+    steps:
+    - name: gitleaks
+      uses: jitsecurity-controls/jit-github-action@v4.0.4
+      with:
+        security_control: registry.jit.io/control-gitleaks-alpine:latest
+        security_control_output_file: /tmp/report.json
\ No newline at end of file