GitHub Action for Shisho
name: "Run tests with Shisho"
on:
push:
jobs:
test:
runs-on: ubuntu-latest
steps:
- name: Checkout HEAD
uses: actions/checkout@v1
- name: Run Shisho
uses: flatt-security/shisho-action@main
with:
ruleset-path: "./rules"
You can integrate Shisho with GitHub code scanning as follows:
name: "Run tests with Shisho"
on:
push:
jobs:
test:
runs-on: ubuntu-latest
steps:
- name: Checkout HEAD
uses: actions/checkout@v1
- name: Run Shisho
uses: flatt-security/shisho-action@main
with:
ruleset-path: "./rules"
target-path: "./"
output-format: "sarif"
output-path: "shisho.sarif"
succeed-always: true
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: ./shisho.sarif
This action has the following inputs that can be used as step.with
keys:
Name | Type | Default | Description |
---|---|---|---|
ruleset-path (required) |
String | Path of Shisho rule sets | |
target-path |
String | /github/workspace/ |
Path of files to search over |
output-format |
String | Output format (one of json , console , and sarif ) |
|
output-path |
String | /dev/stdout |
Path of output files (When you specify /dev/stdout , you can output the results to standard output) |
succeed-always |
bool | false |
Whether to force exit code to be 0 regardless of findings. |
paths-ignore |
String | Comma-separated lists of path patterns to ignore. Example: node_modules/*,foo/,./bar |