Skip to content

ValidUSA/security-code-scan-results-action

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

25 Commits
README.md
README.md
 
 
action.yml
action.yml
 
 

Repository files navigation

Security-Code-Scan Results Action

This action is designed to run as part of a workflow that builds projects referencing NuGet SecurityCodeScan.VS2019.

It produces a GitHub compatible SARIF file for uploading to the repository 'Code scanning alerts'.

Usage

See action.yml

Input Parameters

sarif_directory: (optional) The output directory where SARIF files should be collected.

Workflow Examples

on:
  push:

jobs:
  SCS:
    runs-on: ubuntu-latest
    steps:     
      - uses: actions/checkout@v2
      
      - name: Set up projects
        uses: security-code-scan/[email protected]

      - name: Build
        run: |
          dotnet restore
          dotnet build
        
      - name: Convert sarif for uploading to GitHub
        uses: security-code-scan/[email protected]
        
      - name: Upload sarif	
        uses: github/codeql-action/upload-sarif@v1

For .NET 4.x example see FullDotNetWebApp demo repository.

About

GitHub Action to integrate https://github.com/security-code-scan/security-code-scan into CI/CD process.

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 1

v1.0.0 Latest
Jan 4, 2023

Packages

No packages published