This action allows you to run the Amarna static analyzer against your project, from within a GitHub Actions workflow.
To learn more about Amarna itself, visit its GitHub repository.
Create .github/workflows/amarna.yml
:
name: Amarna Analysis
on: [push]
jobs:
analyze:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: crytic/[email protected]
Key | Description |
---|---|
sarif |
If provided, the path of the SARIF file to produce, relative to the repo root (see Github Code Scanning integration). |
amarna-args |
Extra arguments to pass to Amarna. |
amarna-version |
The version of amarna-analyzer to use. By default, the latest release in PyPI is used. |
target |
The path to the root of the project to be analyzed by Amarna. Can be a directory or a file. Defaults to the repo root. |
The action supports the Github Code Scanning integration, which will push Amarna's alerts to the Security tab of the Github project (see About code scanning). This integration eases the triaging of findings and improves the continious integration.
To enable the integration, use the sarif
option, and upload the Sarif file to codeql-action
:
name: Amarna Analysis
on: [push]
jobs:
analyze:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Run Amarna
uses: crytic/[email protected]
id: amarna
continue-on-error: true
with:
sarif: results.sarif
target: 'src/'
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: ${{ steps.amarna.outputs.sarif }}
checkout_path: '/github/workspace'
Here:
continue-on-error: true
is required to let the SARIF upload step runs if Amarna finds issuesid: amarna
is the name used in forsteps.amarna.outputs.sarif
target: 'src/'
means Amarna will analyze thesrc/
directory