This action uses irulescan to scan iRules within your repository for security issues during execution of a GitHub Actions Workflow.

This action scans all irules in the repository and returns the result of findings in YAML format. The workflow step will not fail by default, hence the execution of the workflow job succeeds even when security issues are found. The goal is to provide the findings to let you choose what to do with them.

irulescan-action will scan files with .tcl and .irule extensions only.

In the simplest form the below workflow scans iRules in the whole repository. Please take a look at the provided examples for more details.

jobs:
  irulescan-action:
    runs-on: ubuntu-latest
    name: "Workflow"
    steps:
      - name: Checkout
        uses: actions/checkout@v3

      - name: Run irulescan-action
        uses: simonkowallik/irulescan-action@main

Some behavior can be modified, see inputs below.

All inputs are optional.

• scandir: Use scandir to scan a custom subdirectory within the repository.

• expected_results_file: Specify a relative path to a YAML file with expected results. If the actual result of irulescan does not match the expected result, a diff will be returned and the job step will fail.

• cmd: Specify a custom command to execute within the container.

• result: result will be populated with the output results. It can be accessed using ${{ steps.<iruescan-action-step-id>.outputs.result }}.

The example/ folder contains example iRules and a YAML file with expected results.

.github/workflows contains several example workflows, click on the icons below to inspect the workflow: