Skip to content
/ brakeman-linter-action Public
forked from devmasx/brakeman-linter-action

GitHub Action to run Brakeman against your code.

License

MIT license
3 stars 66 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

cookpad/brakeman-linter-action

BranchesTags
 
 

Repository files navigation

Brakeman results parser github action

Brakeman is a static analysis tool which checks Ruby on Rails applications for security vulnerabilities.

You can read more about Brakeman itself here.

This action helps make sure that brakeman results get accurately added to pull requests, in the event of a new issue.

Currently we recommend hardcoding the brakeman version (e.g. 5.2.2) to prevent the unintended consequences of pulling down the latest version regardless of context.

Config options

These are the (required or recommended) options you can set for the runner.

  • GITHUB_TOKEN (required): the github token, naturally :)
  • REPORT_PATH: Where on the action runner you want the report to go, e.g. "/tmp/report.json". If not set, just outputs a json string.
  • PROJECT_PATH: The path of the project you want to scan (in case you have multiple apps in a repo). Defaults to the value of the GITHUB_WORKSPACE envvar.
  • GITHUB_LATEST_SHA: recommend setting this, it tells the runner where to put review comments. Easiest set as ${{ github.event.pull_request.head.sha }}
  • CUSTOM_MESSAGE_CONTENT: Something custom you want to add to the PR comments, e.g. a runbook or an emoji or a friendly message. Note that if you want a line break in CUSTOM_MESSAGE_CONTENT it is recommended to use <br /> tags.

Usage

- name: Brakeman
  uses: cookpad/[email protected]
  env:
    GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}

Custom report

- name: Install gems
  run: |
    gem install brakeman -v 5.2.2
- name: brakeman report
  run: |
    brakeman -f json > tmp/brakeman.json || exit 0
- name: Brakeman
  uses: cookpad/[email protected]
  env:
    GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
    REPORT_PATH: tmp/brakeman.json

Custom path

- name: Brakeman
  uses: cookpad/[email protected]
  env:
    GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
    PROJECT_PATH: my_rails_app

Example Workflow

name: Brakeman

on: [push]

jobs:
  build:
    runs-on: ubuntu-20.04
    steps:
    - uses: actions/checkout@v1
    - name: Brakeman
      uses: cookpad/[email protected]
      env:
        GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
        GITHUB_LATEST_SHA: ${{ github.event.pull_request.head.sha }}
        CUSTOM_MESSAGE_CONTENT: "This is a cool, friendly comment!<br />Thank you for improving our security!"

Remember: if you want a line break in CUSTOM_MESSAGE_CONTENT it is recommended to use <br /> tags.

About

GitHub Action to run Brakeman against your code.

Resources

Readme

License

MIT license

Code of conduct

Code of conduct

Security policy

Security policy
Activity
Custom properties

Stars

3 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases 8

v2.2.0 Latest
Oct 10, 2024
+ 7 releases

Languages

  • Ruby 99.1%
  • Dockerfile 0.9%