Security Scan and Comment Action
ActionsRuns various open source security tools and then comments on PRs with results
1.0.10
LatestBy dacoburn
Tags
(2)The purpose of this action is to run various security tools, process their output, and then comment the results on a PR. It is expected to only run this on PRs
name: Security Scan Workflow
on:
pull_request:
types: [opened, synchronize, edited]
jobs:
security-scan:
runs-on: ubuntu-latest
permissions:
pull-requests: write
contents: read
steps:
- name: Checkout code
uses: actions/[email protected]
- name: Run Security Scan and Comment Action
uses: dacoburn/[email protected]
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
trufflehog_exclude_dir: "node_modules/*,vendor,.git/*,.idea"
bandit_exclude_dir: "tests,migrations,tests,test,.venv,venv"
bandit_rules: "B101,B102,B105,B106,B107,B110,B603,B605,B607"
gosec_rules: "medium"
gosec_exclude_dir: "tests,migrations,tests,test,.venv,venv"
trivy_rules: ""
trivy_exclude_dir: "/path/to/ignore"
Security Scan and Comment Action is not certified by GitHub. It is provided by a third-party and is governed by separate terms of service, privacy policy, and support documentation.
About
1.0.10
LatestBy dacoburn
Tags
(2)Security Scan and Comment Action is not certified by GitHub. It is provided by a third-party and is governed by separate terms of service, privacy policy, and support documentation.