pplotka / local-php-security-checker-github-actions Goto Github PK
View Code? Open in Web Editor NEWRun Local PHP Security Checker via GitHub Actions.
License: GNU Affero General Public License v3.0
Run Local PHP Security Checker via GitHub Actions.
License: GNU Affero General Public License v3.0
Hi,
If you do not select a license for this repository, according to GitHub,
"the default copyright laws apply, meaning that you retain all rights to your source code and no one may reproduce, distribute, or create derivative works from your work."
Would you please choose a license for this project, so it clears what can be done and what cannot ๐ ?
using this code, the output is empty and no output shows anywhere. using similar example from readme.
name: Security scanner
on: [push, pull_request]
jobs:
security-checker:
name: Local PHP Security Checker
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Local PHP Security Checker
id: local_php_security_checker
continue-on-error: true
uses: docker://pplotka/local-php-security-checker-github-actions:latest
with:
format: markdown
- name: Security Checker Output
id: security_output
run: |
echo "${{ steps.local_php_security_checker.outputs.security }}"
echo "${{ steps.local_php_security_checker.outputs.security }}" > security_checker_output.log
echo "::set-output name=sec_msg::$(cat security_checker_output.log)"
- name: Check if Vulns exist
id: vulns_exist
run: |
if grep -q "No packages have known vulnerabilities" security_checker_output.log; then
echo "::set-output name=found_vulns::false"
else
echo "::set-output name=found_vulns::true"
fi
- name: Slack Notification on Failure
uses: rtCamp/action-slack-notify@v2
if: "${{ steps.vulns_exist.outputs.found_vulns == 'true' }}"
env:
SLACK_CHANNEL: foobarbaz
SLACK_COLOR: "${{ job.status == 'success' && 'good' || 'danger' }}"
SLACK_MESSAGE: ${{ steps.security_output.outputs.sec_msg }}
SLACK_TITLE: PHP SECURITY ISSUES FOUND
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
SLACK_LINK_NAMES: true
except no output is shown anywhere from any of the steps or from running image locally, with docker,
docker run --rm -it -w /app -v $(pwd):/app pplotka/local-php-security-checker-github-actions --format=yaml
gives no output.
it should give output by default and also have output option.
Would be nice if had an argument in action.yml specifying output file or output env var that would go into >> $GITHUB_ENV
or something that could be referenced.
Also if you had a working slack reporting example in the readme that would be cool.
Appreciate you looking into this! ๐ฏ
I would like to use the output from local-php-security-checker using this github action.
Rather than adding the binary to my docker image or writing a script to download and run this binary myself,
if would be nice if there was an option to be used in the with block that can specify an output file.
Currently, it doesn't look like there is a good way to do this with this actions current state.
If there is a way to do this, can you include it in the README.md or add an output option to a file or variable that can be referenced.
I want to include the output of this in a slack notification. something like the following.
As a rough idea of what i'm trying to achieve.
name: Security scanner
on: [push, pull_request]
jobs:
security:
name: Local PHP Security Checker
runs-on: ubuntu-latest
outputs:
security: ${{ steps.local_php_security_checker.output }}
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Local PHP Security Checker
id: local_php_security_checker
uses: docker://pplotka/local-php-security-checker-github-actions
with:
format: markdown
path: ./composer.lock
slackNotification:
name: Slack Notification
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Slack Notification
uses: rtCamp/action-slack-notify@v2
env:
SLACK_CHANNEL: FooBarBaz
SLACK_MESSAGE: ${{ join(steps.local_php_security_checker.outputs.security, '\n') }}
SLACK_TITLE: BarFoo
SLACK_USERNAME: Foobar
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
How can I achieve this?
Awesome project by the way. I was getting ready to create similar project because i too want to use this as a github action in my workflow and then i found your project which is awesome!
Great work!!! ๐ฏ
Consider adding a version of Local PHP Security Checker to output.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.