Skip to content

smartrent/github-action-sobelow

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
action.yml
action.yml
 
 
empty.sarif
empty.sarif
 
 
sobelow.sh
sobelow.sh
 
 

Repository files navigation

Sobelow Action

This is a GitHub Action for Sobelow, the security-focused static analyzer for the Phoenix Framework.

The most basic workflow looks like this:

on: [push]

jobs:
  sobelow_job:
    runs-on: ubuntu-latest
    name: Sobelow Job
    steps:
      - uses: actions/checkout@v2
      - id: run-action
        uses: sobelow/action@v1
      - uses: github/codeql-action/upload-sarif@v3
        with:
          sarif_file: results.sarif

This will scan your Phoenix application, and add findings to the Security tab of your repository.

One option is supported:

  • flags: accepts arbitrary Sobelow flags.

The following example uses flags to suppress Config findings:

on: [push]

jobs:
  sobelow_job:
    runs-on: ubuntu-latest
    name: Sobelow Job
    steps:
      - uses: actions/checkout@v2
      - id: run-action
        uses: sobelow/action@v1
        with:
          flags: '-i Config'
      - uses: github/codeql-action/upload-sarif@v3
        with:
          sarif_file: results.sarif

About

No description, website, or topics provided.

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

0 stars

Watchers

7 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages