Skip to content

Github action that scan potential vulnerabilities in code and stores output in json file

License

Notifications You must be signed in to change notification settings

MTES-MCT/codescanalerts-action

Repository files navigation

codescanalerts-action

units-test

Github action that fetches Github code-scanning alerts and report results as JSON.

Usage

First, you need to store your repositories read-only token in repo secrets as CODESCANALERTS_TOKEN.

jobs:
  scan:
    runs-on: ubuntu-latest
    steps:
      - uses: "MTES-MCT/codescanalerts-action@main"
        with:
          token: ${{ secrets.CODESCANALERTS_TOKEN }}
          repositories: MTES-MCT/action-bidonvilles,MTES-MCT/partaj
          output: codescanalerts.json
          state: open

Hacking

To test locally, install act. Put secrets CODESCANALERTS_TOKEN=*** in .secrets file. Launch:

npm run all
act -j units # unit tests
act -j action # test Github action locally

About

Github action that scan potential vulnerabilities in code and stores output in json file

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published