This action uses irulescan to scan iRules within your repository for security issues during execution of a GitHub Actions Workflow.
This action scans all irules in the repository and returns the result of findings in YAML format. The workflow step will not fail by default, hence the execution of the workflow job succeeds even when security issues are found. The goal is to provide the findings to let you choose what to do with them.
irulescan-action
will scan files with .tcl
and .irule
extensions only.
In the simplest form the below workflow scans iRules in the whole repository. Please take a look at the provided examples for more details.
jobs:
irulescan-action:
runs-on: ubuntu-latest
name: "Workflow"
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Run irulescan-action
uses: simonkowallik/irulescan-action@main
Some behavior can be modified, see inputs below.
All inputs are optional.
-
scandir
: Usescandir
to scan a custom subdirectory within the repository. -
expected_results_file
: Specify a relative path to a YAML file with expected results. If the actual result of irulescan does not match the expected result, a diff will be returned and the job step will fail. -
cmd
: Specify a custom command to execute within the container.
result
:result
will be populated with the output results. It can be accessed using${{ steps.<iruescan-action-step-id>.outputs.result }}
.
The example/
folder contains example iRules and a YAML file with expected results.
.github/workflows
contains several example workflows, click on the icons below to inspect the workflow: