walkero
/
flawfinder
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

update actions files and readme.

This commit is contained in:
Yong Yan 2021-06-24 11:56:59 -07:00
parent c53794a24b
commit fc471e1c63
5 changed files with 43 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
.github/workflows/main.yml vendored
View File

@ -4,10 +4,6 @@ jobs:
flawfinder: flawfinder:
name: Flawfinder name: Flawfinder
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
steps: steps:
# To use this repository's private action, # To use this repository's private action,
# you must check out the repository # you must check out the repository
@ -17,9 +13,15 @@ jobs:
- name: Flawfinder action step - name: Flawfinder action step
uses: ./ # Uses an action in the root directory uses: ./ # Uses an action in the root directory
with: with:
command: '--sarif ./ > flawfinder-results.sarif' arguments: '--sarif ./'
output: 'flawfinder_results.sarif'
- name: Upload a Build Artifact
uses: actions/upload-artifact@v2.2.4
with:
path: flawfinder_results.sarif
- name: Upload analysis results to GitHub Security tab - name: Upload analysis results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v1 uses: github/codeql-action/upload-sarif@v1
with: with:
sarif_file: ./flawfinder-results.sarif sarif_file: ${{github.workspace}}/flawfinder_results.sarif

7
Dockerfile
View File

@ -1,14 +1,9 @@
# Container image that runs your code # Container image that runs your code
FROM ubuntu:20.04 FROM python:3
# Copies your code file from your action repository to the filesystem path `/` of the container # Copies your code file from your action repository to the filesystem path `/` of the container
COPY entrypoint.sh /entrypoint.sh COPY entrypoint.sh /entrypoint.sh
RUN apt update -y
RUN apt install python3-pip -y
RUN pip install flawfinder RUN pip install flawfinder
# Code file to execute when the docker container starts up (`entrypoint.sh`) # Code file to execute when the docker container starts up (`entrypoint.sh`)

21
README.md
View File

@ -94,6 +94,27 @@ vulnerabilities in programs that cannot be built or cannot be linked.
Flawfinder also doesn't get as confused by macro definitions Flawfinder also doesn't get as confused by macro definitions
and other oddities that more sophisticated tools have trouble with. and other oddities that more sophisticated tools have trouble with.
# Flawfinder Github Action
## Usage
See [action.yml](https://github.com/david-a-wheeler/flawfinder/blob/main/action.yml)
Create a .yml file under .github/workflows with the following contents:
### Basic:
````yml
- name: Flawfinder
uses: david-a-wheeler/flawfinder@v1.0
with:
arguments: '--sarif ./'
output: 'flawfinder_results.sarif'
````
### Input options:
- arguments: Flawfinder command arguments.
Visit https://github.com/david-a-wheeler/flawfinder/blob/master/README.md#usage to check all parameters.
- output: Flawfinder output file name. Can be uploaded to Github.
# Contributions # Contributions
We love contributions! For more information on contributing, see We love contributions! For more information on contributing, see

15
action.yml
View File

@ -1,12 +1,17 @@
name: 'Flawfinder' name: 'Flawfinder'
description: 'Execute Flawfinder' description: 'Execute Flawfinder'
inputs: inputs:
command: arguments:
description: 'Command to be sent to Flawfinder' description: 'Command arguments to be sent to Flawfinder'
required: false required: true
default: '--help' default: ''
output:
description: 'Output file name'
required: true
default: ''
runs: runs:
using: 'docker' using: 'docker'
image: 'Dockerfile' image: 'Dockerfile'
args: args:
- ${{ inputs.command }} - ${{ inputs.arguments }}
- ${{ inputs.output }}

4
entrypoint.sh
View File

@ -1,5 +1,7 @@
#!/bin/sh -l #!/bin/sh -l
# $1 arguments
# $2 output filename
flawfinder $1 flawfinder $1 > $2
echo "Executed with success." echo "Executed with success."