Convert to a composite action #10
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ericwb
force-pushed
the
composite-action
branch
3 times, most recently
from
2a61821
to
5229e3c
Compare
sigmavirus24
reviewed
May 2, 2024
Convert the current docker container based action into a composite action. A composite action no longer requires a Dockerfile or entrypoint script. The actual action YAML now parameterizes the key selected arguments of Bandit into official inputs into the action. The output of the code scan is to generate a JSON file using Bandit's SARIF format. This can be uploaded and rendered nicely into GitHub's ecosystem as a "Code Scanning" application. https://docs.github.com/en/actions/creating-actions/creating-a-composite-action Signed-off-by: Eric Brown <[email protected]>
You can copy-and-paste this example action workflow: As long as you have some vulnerable code in your repo, the results will appear in the Security -> Code scanning tab. For example: |
|
I totally missed this one, sorry about that. Taking a look now! |
|
How do you see this working with #6 , I guess that's no longer needed now (which I am totally fine with)? |
|
Any further thoughts on this one before merging? |
sigmavirus24
approved these changes
Jun 23, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Convert the current docker container based action into a composite action. A composite action no longer requires a Dockerfile or entrypoint script.
The actual action YAML now parameterizes the key selected arguments of Bandit into official inputs into the action.
The output of the code scan is to generate a JSON file using Bandit's SARIF format. This can be uploaded and rendered nicely into GitHub's ecosystem as a "Code Scanning" application.
https://docs.github.com/en/actions/creating-actions/creating-a-composite-action