Skip to content

Release v1.0.0 #9

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 15 commits into from
Apr 28, 2023
Merged

Release v1.0.0 #9

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
15 commits
Select commit Hold shift + click to select a range
2c29fb3
Fix input problem
ctcampbell Apr 28, 2023
9608cd2
Change inputs processing
ctcampbell Apr 28, 2023
96515a8
Add some logging
ctcampbell Apr 28, 2023
01f7213
Fix typo
ctcampbell Apr 28, 2023
003cf46
Test
ctcampbell Apr 28, 2023
f665f47
Test
ctcampbell Apr 28, 2023
8fe8364
Try again
ctcampbell Apr 28, 2023
24d14af
Comment out test.yml test
ctcampbell Apr 28, 2023
cb27039
Update action.yml
ctcampbell Apr 28, 2023
ab23ffe
Fix file paths
ctcampbell Apr 28, 2023
20debd7
Fix cweFile path
ctcampbell Apr 28, 2023
888e2b8
Change to process.argv[1]
ctcampbell Apr 28, 2023
1eb7183
Update build
ctcampbell Apr 28, 2023
021c84f
Update test.yml
ctcampbell Apr 28, 2023
6030a76
Update npm run all
ctcampbell Apr 28, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 6 additions & 1 deletion .github/workflows/test.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,4 +21,9 @@ jobs:
- uses: actions/checkout@v3
- uses: ./
with:
milliseconds: 1000
sarifFile: test-data/webgoat.sarif
- name: Archive SARIF output
uses: actions/upload-artifact@v3
with:
name: sarif-output
path: test-data/webgoat.sarif
15 changes: 14 additions & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,22 @@ Compare a CodeQL SARIF results file to a security standard CWE list and annotate
## Usage in GitHub Actions

```
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2
with:
category: "/language:${{matrix.language}}"
upload: false
output: sarif-results

- name: Annotate CodeQL SARIF with OWASP Top 10 2021 tag
uses: ctcampbell/codeql-sarif-security-standard-annotator@v1
with:
sarifFile: sarif-results/${{matrix.language}}.sarif

- name: Upload SARIF
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: sarif-results/${{matrix.language}}.sarif
```

```
Expand All @@ -25,5 +39,4 @@ inputs:
outputFile:
required: false
description: 'The output SARIF file path, defaults to the input SARIF file path'
default: '${{ inputs.sarifFile }}'
```
15 changes: 3 additions & 12 deletions action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,23 +7,14 @@ inputs:
description: 'The CodeQL SARIF result file'
cweFile:
required: false
description: 'The CWE list XML file'
default: '${{ github.action_path }}/security-standards/owasp-top10-2021.xml'
description: 'The CWE list XML file, defaults to OWASP Top 10 2021'
securityStandardTag:
required: false
description: 'The security standard tag to add to the SARIF file'
default: 'owasp-top10-2021'
outputFile:
required: false
description: 'The output SARIF file path, defaults to the input SARIF file path'
default: '${{ inputs.sarifFile }}'
runs:
using: 'composite'
steps:
- run: |
node '${{ github.action_path }}/dist/index.js' \
--sarifFile '${{ inputs.sarifFile }}' \
--cweFile '${{ inputs.cweFile }}' \
--securityStandardTag '${{ inputs.securityStandardTag }}' \
--outputFile '${{ inputs.outputFile }}'
shell: bash
using: 'node16'
main: 'dist/index.js'
Loading