Skip to content
/ shellcheck-scan Public

Code Scanning GitHub Action wrapper for shellcheck. Add rich support for shellcheck to your CI/CD.

License

GPL-3.0 license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

reactive-firewall/shellcheck-scan

Use this GitHub action with your project
Add this Action to an existing workflow or create a new one
View on Marketplace
BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

31 Commits
.github
.github
 
 
bin
bin
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
action.yml
action.yml
 
 

Repository files navigation

ShellCheck SARIF Analysis Action

A GitHub Action that generates SARIF analysis results by running ShellCheck on shell scripts in your repository.

Overview

This action utilizes ShellCheck (a third-party static analysis tool) to analyze shell scripts and generates results in SARIF format. The SARIF output integrates with GitHub Code Scanning to help track shell script quality and potential security issues.

Features

  • 🔍 Leverages ShellCheck for shell script analysis
  • 📊 Generates SARIF format output for GitHub Code Scanning
  • 🎯 Configurable file matching patterns
  • ⚡ Supports multiple shell dialects (Bash, POSIX, Dash, KSH, BusyBox)
  • 🔒 Built-in integration with GitHub Security features

Dependencies

This action depends on:

  • ShellCheck - A static analysis tool for shell scripts
  • Python 3.13 (automatically set up by the action)
  • SARIF tooling (automatically installed by the action)

Usage

Add the following to your GitHub Actions workflow:

- name: Run ShellCheck Analysis
  uses: reactive-firewall/shellcheck-scan@v1
  with:
    # Optional: Specify paths to scan (defaults to git-tracked shell scripts)
    path: 'scripts/'
    
    # Optional: Custom glob pattern for matching files
    match: '**/*.{sh,bash,ksh}'
    
    # Optional: Set minimum severity level (style, info, warning, error)
    severity: 'warning'
    
    # Optional: Specify shell dialect (bash, sh, dash, ksh, busybox)
    shell-format: 'bash'

Inputs

Input Description Required Default
path File or directory to scan No Auto-detected
match Glob pattern for matching files No **/*.{bash,sh,command}
severity Minimum severity level No style
shell-format Shell dialect to use No AUTOMATIC
publish-artifacts Upload results as artifacts No true

Requirements

This action requires:

  • GitHub Actions
  • Required permissions:
    • security-events: write (for uploading SARIF results)
    • contents: read (for scanning repository contents)

Examples

Basic Usage

name: ShellCheck Analysis

on: [push, pull_request]

jobs:
  shellcheck:
    runs-on: ubuntu-latest
    permissions:
      security-events: write
      contents: read
    steps:
      - uses: actions/checkout@v4
      - uses: reactive-firewall/shellcheck-scan@v1

Custom Configuration

- uses: reactive-firewall/shellcheck-scan@v1
  with:
    path: 'scripts/'
    severity: 'warning'
    shell-format: 'bash'
    match: '**/*.bash'

License

This project is licensed under the GNU General Public License v3.0 - see the LICENSE file for details.

Contributing

Contributions are welcome! Please feel free to submit a Pull Request.

Support

If you encounter any problems, please file an issue along with a detailed description.

Last Updated: 2024-12-21

About

Code Scanning GitHub Action wrapper for shellcheck. Add rich support for shellcheck to your CI/CD.

Resources

Readme

License

GPL-3.0 license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases 3

Version v1.1 Latest
Dec 22, 2024
+ 2 releases

Packages

No packages published

Languages