Skip to content

🛡️ irulescan-action is a static security analyzer for iRules for use with Github Actions

License

Notifications You must be signed in to change notification settings

simonkowallik/irulescan-action

Use this GitHub action with your project
Add this Action to an existing workflow or create a new one
View on Marketplace

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

irulescan-action

Functional Tests

This action uses irulescan to scan iRules within your repository for security issues during execution of a GitHub Actions Workflow.

This action scans all irules in the repository and returns the result of findings in YAML format. The workflow step will not fail by default, hence the execution of the workflow job succeeds even when security issues are found. The goal is to provide the findings to let you choose what to do with them.

irulescan-action will scan files with .tcl and .irule extensions only.

Usage

In the simplest form the below workflow scans iRules in the whole repository. Please take a look at the provided examples for more details.

jobs:
  irulescan-action:
    runs-on: ubuntu-latest
    name: "Workflow"
    steps:
      - name: Checkout
        uses: actions/checkout@v3

      - name: Run irulescan-action
        uses: simonkowallik/irulescan-action@main

Some behavior can be modified, see inputs below.

inputs

All inputs are optional.

  • scandir: Use scandir to scan a custom subdirectory within the repository.

  • expected_results_file: Specify a relative path to a YAML file with expected results. If the actual result of irulescan does not match the expected result, a diff will be returned and the job step will fail.

  • cmd: Specify a custom command to execute within the container.

outputs

  • result: result will be populated with the output results. It can be accessed using ${{ steps.<iruescan-action-step-id>.outputs.result }}.

Examples

The example/ folder contains example iRules and a YAML file with expected results.

.github/workflows contains several example workflows, click on the icons below to inspect the workflow:

Demo: Successful

Demo: Failing workflow step

Demo: Custom CMD

Demo: Advanced Usage