This repository has been archived by the owner on Mar 24, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 8
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Haoxi Tan
committed
Jun 5, 2023
1 parent
d13c224
commit b050a1a
Showing
1 changed file
with
9 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,5 +1,13 @@ | ||
| # pypi auto scanner | ||
|
|
||
| A github action that fetches the latest pypi packages and scans them. Report any issues found in issues. | ||
| A github action that fetches the latest pypi packages and scans them using semgrep rules in [h4sh-semgrep-rules](https://github.com/h4sh5/h4sh-semgrep-rules). Currently stores the JSON report in github action artifacts. | ||
|
|
||
| ## Fetching the latest report | ||
|
|
||
| You will need a Github API token to do this. Export the token to `GH_TOKEN` by running `export GH_TOKEN=ghp...` | ||
|
|
||
| Then run `./fetch_latest_report.sh` and `unzip report.zip` | ||
|
|
||
| You can parse the JSON report for stuff using `parse-semgrep-json.py` as an example. | ||
|
|
||
|
|