File tree Expand file tree Collapse file tree 3 files changed +79
-0
lines changed Expand file tree Collapse file tree 3 files changed +79
-0
lines changed Original file line number Diff line number Diff line change 1+ FROM golang AS builder
2+ RUN wget https://get.symfony.com/cli/installer -O - | bash
3+
4+ FROM scratch
5+ COPY --from=builder /root/.symfony/bin/symfony /
6+ COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
7+ CMD ["/symfony" , "check:security" ]
Original file line number Diff line number Diff line change 1+ PHP Security Checker
2+ ====================
3+
4+ This action checks your ` composer.lock ` for known vulnerabilities in your package dependencies.
5+
6+ Inputs
7+ ------
8+
9+ * ` composer ` * optional* The path to the ` composer.lock ` file (defaults to the repository root directory).
10+ * ` disable-exit-code ` * optional* Set it to ` 1 ` if you don't want the step to fail in case of detected vulnerabilities
11+
12+ Outputs
13+ -------
14+
15+ * ` vulns ` A JSON payload containing all detected vulnerabilities
16+
17+ Usage
18+ -----
19+
20+ If you want the step to fail whenever there is a security issue in one of your
21+ dependencies, use this action:
22+
23+ steps:
24+ - uses: actions/checkout@v2
25+ - uses: symfonycorp/security-checker-action@v1
26+
27+ If the ` composer.lock ` is not in the repository root directory, pass is as an
28+ input:
29+
30+ steps:
31+ - uses: actions/checkout@v2
32+ - uses: symfonycorp/security-checker-action@v1
33+ with:
34+ lock: subdir/composer.lock
35+
36+ Instead of failing, you can also get the vulnerabilities as a JSON output and
37+ do something with them in another step:
38+
39+ steps:
40+ - uses: actions/checkout@v2
41+ - uses: symfonycorp/security-checker-action@v1
42+ with:
43+ disable-exit-code: 1
44+ id: security-check
45+ - name: Display the vulnerabilities as JSON
46+ run: echo ${{ steps.security-check.outputs.vulns }}
Original file line number Diff line number Diff line change 1+ name : ' The PHP Security Checker'
2+ description : ' Checks composer.json for known vulnerabilities in your package dependencies'
3+ branding :
4+ icon : ' umbrella'
5+ color : ' gray-dark'
6+ inputs :
7+ lock :
8+ description : ' The path to composer.lock is stored (root directory by default)'
9+ required : false
10+ default : ' ./composer.lock'
11+ disable-exit-code :
12+ description : ' Whether to fail when issues are detected (false by default)'
13+ required : false
14+ default : 0
15+ outputs :
16+ vulns :
17+ description : ' The detected vulnerabilities as JSON'
18+ runs :
19+ using : ' docker'
20+ image : ' Dockerfile'
21+ args :
22+ - /symfony
23+ - check:security
24+ - " --dir"
25+ - ${{ inputs.lock }}
26+ - " --disable-exit-code=${{ inputs.disable-exit-code }}"
You can’t perform that action at this time.
0 commit comments