Skip to content

Sobelow

Actions
Security-focused static analysis for the Phoenix Framework
v1
Latest
By sobelow
Star (8)

Tags

 (2)
securitycode-quality

Sobelow Action

This is a GitHub Action for Sobelow, the security-focused static analyzer for the Phoenix Framework.

The most basic workflow looks like this:

on: [push]

jobs:
  sobelow_job:
    runs-on: ubuntu-latest
    name: Sobelow Job
    steps:
      - uses: actions/checkout@v2
      - id: run-action
        uses: sobelow/action@v1
      - uses: github/codeql-action/upload-sarif@v1
        with:
          sarif_file: results.sarif

This will scan your Phoenix application, and add findings to the Security tab of your repository.

Two options are supported:

  • report: if set to "false", this will not generate a report, and will output findings to stdout.
  • flags: accepts arbitrary Sobelow flags.

The following example uses flags to suppress Config findings:

on: [push]

jobs:
  sobelow_job:
    runs-on: ubuntu-latest
    name: Sobelow Job
    steps:
      - uses: actions/checkout@v2
      - id: run-action
        uses: sobelow/action@v1
        with:
          flags: '-i Config'
      - uses: github/codeql-action/upload-sarif@v1
        with:
          sarif_file: results.sarif

Contributors (1)

@GriffinMB

Resources

Sobelow is not certified by GitHub. It is provided by a third-party and is governed by separate terms of service, privacy policy, and support documentation.

About

Security-focused static analysis for the Phoenix Framework
v1
Latest
By sobelow

Tags

 (2)
securitycode-quality

Contributors (1)

@GriffinMB

Resources

Sobelow is not certified by GitHub. It is provided by a third-party and is governed by separate terms of service, privacy policy, and support documentation.