Light

symfonycorp / security-checker-action Goto Github PK

View Code? Open in Web Editor NEW

148.0 4.0 9.0 17 KB

The PHP Security Checker

Home Page: https://symfony.com/

php security cve

security-checker-action's Introduction

PHP Security Checker

This action checks your composer.lock for known vulnerabilities in your package dependencies.

Inputs

lock optional The path to the composer.lock file (defaults to the repository root directory).
format optional The output format (defaults to ansi, supported: ansi, junit, markdown, json, or yaml).
disable-exit-code optional Set it to 1 if you don't want the step to fail in case of detected vulnerabilities

Outputs

vulns A JSON payload containing all detected vulnerabilities

Usage

If you want the step to fail whenever there is a security issue in one of your dependencies, use this action:

steps:
    - uses: actions/checkout@v2
    - uses: symfonycorp/security-checker-action@v5

To speed up security checks, you can cache the vulnerability database:

steps:
    - uses: actions/checkout@v2
    - uses: actions/cache@v2
      id: cache-db
      with:
          path: ~/.symfony/cache
          key: db
    - uses: symfonycorp/security-checker-action@v5

If the composer.lock is not in the repository root directory, pass is as an input:

steps:
    - uses: actions/checkout@v2
    - uses: symfonycorp/security-checker-action@v5
      with:
          lock: subdir/composer.lock

Instead of failing, you can also get the vulnerabilities as a JSON output and do something with them in another step:

steps:
    - uses: actions/checkout@v2
    - uses: symfonycorp/security-checker-action@v5
      with:
          disable-exit-code: 1
      id: security-check
    - name: Display the vulnerabilities as JSON
      run: echo ${{ steps.security-check.outputs.vulns }}

security-checker-action's People

Contributors

Stargazers

Watchers

Forkers

smoench tucksaun irtyamine eonx-com rgeraads ebrigham1 back-2-95 tripolonelm spaze

security-checker-action's Issues

Cache path not working on v5

As per docs on master:

To speed up security checks, you can cache the vulnerability database:
steps:
- uses: actions/checkout@v2
- uses: actions/cache@v2
id: cache-db
with:
path: ~/.symfony/cache
key: db
- uses: symfonycorp/security-checker-action@v4

Using the @v5 version i get this in logs when running the post run cache action:

Warning: Path Validation Error: Path(s) specified in the action for caching do(es) not exist, hence no cache is being saved.

Does @v5 (symfony-cli) use the same cache or a different path?

Also relates to #10

Please create the v3 release

Please create the v3 release. There's a v3 tag here https://github.com/symfonycorp/security-checker-action/releases/tag/v3 but only v2 release.

This is why the GitHub Actions page offers v2 only
https://github.com/marketplace/actions/the-php-security-checker

V2 stopped working for me due to a missing symfonycorp/cli Docker image.

Missing release for v5

https://github.com/symfonycorp/security-checker-action/releases doesn't show v5

Getting a deprecation warning about this step in the action in V3 / V4

Warning: The set-output command is deprecated and will be disabled soon. Please upgrade to using Environment Files. For more information see: https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/

Support human-readable step output

Please support a human-readable output additional to json, so it can be captured and added to Pull Requests easily.

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.