Closed mds1 closed 1 year ago
Actually, I don't like this approach, so I'll probably close this PR 😅
It seems you can set this action up two ways:
I think the ideal approach is to have the slither step always pass, and have the code scanning step fail if there's new findings, OR findings which have not been dismissed in the code scanning UI, but I haven't figured out a way to do this yet
@mds1 I haven't looked into it much, but maybe this feature from Github can be useful: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#defining-the-severities-causing-pull-request-check-failure
Heh was literally just reading that page now, thank you!
For posterity, that is exactly the section to use. For testing I set it to All
which you can see causes the CI failure in code scanning
The existing docs require that slither never exits with an error if you want the code scanning integration. However, you can tell a GitHub Actions step to run regardless of previous steps' status as shown in this PR. Tested this out in https://github.com/ScopeLift/foundry-template/pull/1 and it seems to work as expected