pplotka / local-php-security-checker-github-actions Goto Github PK
View Code? Open in Web Editor NEWRun Local PHP Security Checker via GitHub Actions.
License: GNU Affero General Public License v3.0
local-php-security-checker-github-actions's People
Contributors
Stargazers
Watchers
local-php-security-checker-github-actions's Issues
Add license
Hi,
If you do not select a license for this repository, according to GitHub,
"the default copyright laws apply, meaning that you retain all rights to your source code and no one may reproduce, distribute, or create derivative works from your work."
Would you please choose a license for this project, so it clears what can be done and what cannot ๐ ?
Sync description with Docker Hub
Output no longer shows by default and unable to get output
using this code, the output is empty and no output shows anywhere. using similar example from readme.
name: Security scanner
on: [push, pull_request]
jobs:
security-checker:
name: Local PHP Security Checker
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Local PHP Security Checker
id: local_php_security_checker
continue-on-error: true
uses: docker://pplotka/local-php-security-checker-github-actions:latest
with:
format: markdown
- name: Security Checker Output
id: security_output
run: |
echo "${{ steps.local_php_security_checker.outputs.security }}"
echo "${{ steps.local_php_security_checker.outputs.security }}" > security_checker_output.log
echo "::set-output name=sec_msg::$(cat security_checker_output.log)"
- name: Check if Vulns exist
id: vulns_exist
run: |
if grep -q "No packages have known vulnerabilities" security_checker_output.log; then
echo "::set-output name=found_vulns::false"
else
echo "::set-output name=found_vulns::true"
fi
- name: Slack Notification on Failure
uses: rtCamp/action-slack-notify@v2
if: "${{ steps.vulns_exist.outputs.found_vulns == 'true' }}"
env:
SLACK_CHANNEL: foobarbaz
SLACK_COLOR: "${{ job.status == 'success' && 'good' || 'danger' }}"
SLACK_MESSAGE: ${{ steps.security_output.outputs.sec_msg }}
SLACK_TITLE: PHP SECURITY ISSUES FOUND
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
SLACK_LINK_NAMES: trueexcept no output is shown anywhere from any of the steps or from running image locally, with docker,
docker run --rm -it -w /app -v $(pwd):/app pplotka/local-php-security-checker-github-actions --format=yamlgives no output.
it should give output by default and also have output option.
Would be nice if had an argument in action.yml specifying output file or output env var that would go into >> $GITHUB_ENV
or something that could be referenced.
Also if you had a working slack reporting example in the readme that would be cool.
Appreciate you looking into this! ๐ฏ
Add output that can be used with another step or job
I would like to use the output from local-php-security-checker using this github action.
Rather than adding the binary to my docker image or writing a script to download and run this binary myself,
if would be nice if there was an option to be used in the with block that can specify an output file.
Currently, it doesn't look like there is a good way to do this with this actions current state.
If there is a way to do this, can you include it in the README.md or add an output option to a file or variable that can be referenced.
I want to include the output of this in a slack notification. something like the following.
As a rough idea of what i'm trying to achieve.
name: Security scanner
on: [push, pull_request]
jobs:
security:
name: Local PHP Security Checker
runs-on: ubuntu-latest
outputs:
security: ${{ steps.local_php_security_checker.output }}
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Local PHP Security Checker
id: local_php_security_checker
uses: docker://pplotka/local-php-security-checker-github-actions
with:
format: markdown
path: ./composer.lock
slackNotification:
name: Slack Notification
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Slack Notification
uses: rtCamp/action-slack-notify@v2
env:
SLACK_CHANNEL: FooBarBaz
SLACK_MESSAGE: ${{ join(steps.local_php_security_checker.outputs.security, '\n') }}
SLACK_TITLE: BarFoo
SLACK_USERNAME: Foobar
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}How can I achieve this?
Awesome project by the way. I was getting ready to create similar project because i too want to use this as a github action in my workflow and then i found your project which is awesome!
Great work!!! ๐ฏ
Add version to ouput
Consider adding a version of Local PHP Security Checker to output.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.