update actions files and readme.

This commit is contained in:
Yong Yan 2021-06-24 11:56:59 -07:00
parent c53794a24b
commit fc471e1c63
5 changed files with 43 additions and 18 deletions

View File

@ -4,10 +4,6 @@ jobs:
flawfinder:
name: Flawfinder
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
steps:
# To use this repository's private action,
# you must check out the repository
@ -17,9 +13,15 @@ jobs:
- name: Flawfinder action step
uses: ./ # Uses an action in the root directory
with:
command: '--sarif ./ > flawfinder-results.sarif'
arguments: '--sarif ./'
output: 'flawfinder_results.sarif'
- name: Upload a Build Artifact
uses: actions/upload-artifact@v2.2.4
with:
path: flawfinder_results.sarif
- name: Upload analysis results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: ./flawfinder-results.sarif
sarif_file: ${{github.workspace}}/flawfinder_results.sarif

View File

@ -1,14 +1,9 @@
# Container image that runs your code
FROM ubuntu:20.04
FROM python:3
# Copies your code file from your action repository to the filesystem path `/` of the container
COPY entrypoint.sh /entrypoint.sh
RUN apt update -y
RUN apt install python3-pip -y
RUN pip install flawfinder
# Code file to execute when the docker container starts up (`entrypoint.sh`)

View File

@ -94,6 +94,27 @@ vulnerabilities in programs that cannot be built or cannot be linked.
Flawfinder also doesn't get as confused by macro definitions
and other oddities that more sophisticated tools have trouble with.
# Flawfinder Github Action
## Usage
See [action.yml](https://github.com/david-a-wheeler/flawfinder/blob/main/action.yml)
Create a .yml file under .github/workflows with the following contents:
### Basic:
````yml
- name: Flawfinder
uses: david-a-wheeler/flawfinder@v1.0
with:
arguments: '--sarif ./'
output: 'flawfinder_results.sarif'
````
### Input options:
- arguments: Flawfinder command arguments.
Visit https://github.com/david-a-wheeler/flawfinder/blob/master/README.md#usage to check all parameters.
- output: Flawfinder output file name. Can be uploaded to Github.
# Contributions
We love contributions! For more information on contributing, see

View File

@ -1,12 +1,17 @@
name: 'Flawfinder'
description: 'Execute Flawfinder'
inputs:
command:
description: 'Command to be sent to Flawfinder'
required: false
default: '--help'
arguments:
description: 'Command arguments to be sent to Flawfinder'
required: true
default: ''
output:
description: 'Output file name'
required: true
default: ''
runs:
using: 'docker'
image: 'Dockerfile'
args:
- ${{ inputs.command }}
- ${{ inputs.arguments }}
- ${{ inputs.output }}

View File

@ -1,5 +1,7 @@
#!/bin/sh -l
# $1 arguments
# $2 output filename
flawfinder $1
flawfinder $1 > $2
echo "Executed with success."