Merge branch 'master' of https://github.com/david-a-wheeler/flawfinder

2021-06-27 16:28:54 -04:00 · 2021-06-27 16:28:54 -04:00 · 8951154ac9
parent 51c988dc47 45c084d82d
commit 8951154ac9
5 changed files with 83 additions and 0 deletions
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@ -0,0 +1,27 @@
+on: [push]
+
+jobs:
+  flawfinder:
+    name: Flawfinder
+    runs-on: ubuntu-latest
+    steps:
+      # To use this repository's private action,
+      # you must check out the repository
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Flawfinder action step
+        uses: ./ # Uses an action in the root directory
+        with:
+          arguments: '--sarif ./setup.py'
+          output: 'flawfinder_results.sarif'
+
+      - name: Upload a Build Artifact
+        uses: actions/upload-artifact@v2.2.4
+        with:
+          path: flawfinder_results.sarif   
+
+      - name: Upload analysis results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v1
+        with:
+          sarif_file: ${{github.workspace}}/flawfinder_results.sarif
--- a/10
+++ b/10
@ -0,0 +1,10 @@
+# Container image that runs your code
+FROM python:3
+
+# Copies your code file from your action repository to the filesystem path `/` of the container
+COPY entrypoint.sh /entrypoint.sh
+
+RUN pip install flawfinder
+
+# Code file to execute when the docker container starts up (`entrypoint.sh`)
+ENTRYPOINT ["/entrypoint.sh"]
--- a/README.md
+++ b/README.md
@ -94,6 +94,28 @@ vulnerabilities in programs that cannot be built or cannot be linked.
 Flawfinder also doesn't get as confused by macro definitions
 and other oddities that more sophisticated tools have trouble with.

+# Flawfinder Github Action
+
+## Usage
+
+See [action.yml](https://github.com/david-a-wheeler/flawfinder/blob/main/action.yml)
+
+Create a .yml file under .github/workflows with the following contents:
+
+### Basic:
+```yml
+- name: Flawfinder
+  uses: david-a-wheeler/flawfinder@v1.0
+  with:
+    arguments: '--sarif ./'
+    output: 'flawfinder_results.sarif'
+```
+
+### Input options:
+- arguments: Flawfinder command arguments. 
+Visit https://github.com/david-a-wheeler/flawfinder/blob/master/README.md#usage to check all parameters.
+- output: Flawfinder output file name. Can be uploaded to Github.
+
 # Contributions

 We love contributions!  For more information on contributing, see
--- a/action.yml
+++ b/action.yml
@ -0,0 +1,17 @@
+name: 'Flawfinder'
+description: 'Execute Flawfinder'
+inputs:
+  arguments:
+    description: 'Command arguments to be sent to Flawfinder'
+    required: true
+    default: ''
+  output:
+    description: 'Output file name'
+    required: true
+    default: ''
+runs:
+  using: 'docker'
+  image: 'Dockerfile'
+  args:
+    - ${{ inputs.arguments }}
+    - ${{ inputs.output }}
--- a/entrypoint.sh
+++ b/entrypoint.sh
@ -0,0 +1,7 @@
+#!/bin/sh -l
+# $1 arguments
+# $2 output filename
+
+flawfinder $1 > $2
+
+echo "Executed with success."