v1

loadsmart · Mar 17, 2020 · d137d5c · d137d5c
commit d137d5c
Show file tree

Hide file tree

Showing 5 changed files with 40 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -0,0 +1,2 @@
+# sast-check
+Run SAST checks using GitHub Actions
diff --git a/action.yml b/action.yml
@@ -0,0 +1,15 @@
+name: 'SAST Check'
+description: 'Run SAST checks in your code'
+inputs:
+  path: 
+    description: 'Path to run SAST checks on'
+    required: false
+    default: '.'
+outputs:
+    result: 
+        description: 'Output of SAST checks'
+runs:
+  using: 'docker'
+  image: 'docker/Dockerfile'
+  args:
+    - ${{ inputs.path }}
diff --git a/docker/.dockerignore b/docker/.dockerignore
@@ -0,0 +1,2 @@
+*
+!sast-check.sh
diff --git a/docker/Dockerfile b/docker/Dockerfile
@@ -0,0 +1,8 @@
+FROM python:3.8-alpine
+
+RUN pip install bandit
+
+ADD sast-check.sh /bin/sast-check
+RUN chmod +x /bin/sast-check
+
+ENTRYPOINT [ "/bin/sast-check" ]
diff --git a/docker/sast-check.sh b/docker/sast-check.sh
@@ -0,0 +1,13 @@
+#!/bin/sh
+
+set -euo pipefail
+bandit --version
+bandit -r -a vuln -ii -ll -x .git,.svn,.mvn,.idea,dist,bin,obj,backup,docs,tests,test,tmp,reports,venv "$@"
+# EXITCODE=$?
+
+# RESULT="${RESULT//'%'/'%25'}"
+# RESULT="${RESULT//$'\n'/'%0A'}"
+# RESULT="${RESULT//$'\r'/'%0D'}"
+# echo "::set-output name=result::${RESULT}"
+
+# exit ${EXITCODE}
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		# sast-check
		Run SAST checks using GitHub Actions