Skip to content

Wake Detect

Actions
Runs Wake static analysis
0.1.0
Latest
By Ackee-Blockchain
Star (3)

Tags

 (2)
securityreporting

Wake Detect GitHub Action

white

This GitHub Action runs the Wake static analysis tool. It's configurable via several optional inputs and it outputs a SARIF file if specified.

Usage

The action is used in a workflow file with the uses keyword. Here's an example of action with SARIF export:

steps:
  - name: Run static analysis
    uses: Ackee-Blockchain/wake-detect-action@0.1.0
    with:
      export-sarif: true
    id: wake-detect

  - name: Upload SARIF
    uses: github/codeql-action/upload-sarif@v2
    with:
      sarif_file: ${{ steps.wake-detect.outputs.sarif }}
      checkout_path: ${{ github.workspace }}

Inputs (optional)

  • working-directory: The working directory for the action.
  • export-sarif: If set, the action will export a SARIF file.
  • config-path: Path to the configuration file relative to the working directory.
  • compile-allow-paths: Paths that are allowed for the compiler.
  • compile-evm-version: EVM version to compile for.
  • compile-ignore-paths: Paths that the compiler should ignore.
  • compile-include-paths: Paths that should be included in the compilation.
  • compile-optimizer-enabled: Enable the optimizer during compilation.
  • compile-optimizer-runs: Number of runs for the optimizer.
  • compile-remappings: Remappings for the compiler.
  • compile-target-version: Target version for the compiler.
  • compile-via-ir: Compile via IR.
  • detect-min-impact: Minimum impact level for detection.
  • detect-min-confidence: Minimum confidence level for detection.
  • detect-paths: Paths for detection.
  • detect-only: Only detect vulnerabilites with these detectors.
  • detect-exclude: Exclude these detectors.
  • detect-ignore-paths: Paths to ignore during detection.
  • detect-exclude-paths: Paths to exclude during detection.

For more information about the parameters, see the Wake documentation.

Outputs

  • sarif: Exported SARIF file path relative to the repository root.

Exit codes

It returns zero (success) if there are no detections or if SARIF export is enabled. Otherwise, it returns non-zero exit code.

Code scanning preview

When SARIF file is exported, GitHub provides UI for these detections.

image

Limitations

  • Currently, the action only takes the latest version of Wake for the sake of the newest detectors.

Contributors (2)

@jaczkal@michprev

Resources

Wake Detect is not certified by GitHub. It is provided by a third-party and is governed by separate terms of service, privacy policy, and support documentation.

About

Runs Wake static analysis
0.1.0
Latest
By Ackee-Blockchain

Tags

 (2)
securityreporting

Contributors (2)

@jaczkal@michprev

Resources

Wake Detect is not certified by GitHub. It is provided by a third-party and is governed by separate terms of service, privacy policy, and support documentation.