Closed josepalafox closed 3 years ago
As part of integrating security into the app dev lifecycle users are interested in initiating code scans using GitHub Actions.
A hosted GitHub Action would enable developers of open source software and public repos on GitHub.com to scan code on a PR. https://docs.github.com/en/free-pro-team@latest/actions
An additional action added to a workflow https://docs.github.com/en/free-pro-team@latest/rest/reference/actions#workflows to upload a SARIF formatted report will surface the alerts in the Github.com as described in #77
Action is created: https://github.com/sobelow/action
I'll publish v1 and update docs this week, and that should wrap up the Action/CI issues!
Hosted action here: https://github.com/marketplace/actions/sobelow
As part of integrating security into the app dev lifecycle users are interested in initiating code scans using GitHub Actions.
A hosted GitHub Action would enable developers of open source software and public repos on GitHub.com to scan code on a PR. https://docs.github.com/en/free-pro-team@latest/actions
An additional action added to a workflow https://docs.github.com/en/free-pro-team@latest/rest/reference/actions#workflows to upload a SARIF formatted report will surface the alerts in the Github.com as described in #77