{"id":22862417,"url":"https://github.com/dylibso/modsurfer-validate-action","last_synced_at":"2025-08-24T17:14:03.732Z","repository":{"id":167306583,"uuid":"586083059","full_name":"dylibso/modsurfer-validate-action","owner":"dylibso","description":"Run `modsurfer validate` in a GitHub Action. Modsurfer helps to debug and observe WebAssembly modules and components.","archived":false,"fork":false,"pushed_at":"2023-02-22T06:41:43.000Z","size":6,"stargazers_count":8,"open_issues_count":0,"forks_count":0,"subscribers_count":4,"default_branch":"main","last_synced_at":"2025-04-30T21:51:56.757Z","etag":null,"topics":["action","binary-scan","ci","linter","security","wasm","webassembly"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dylibso.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2023-01-06T22:31:14.000Z","updated_at":"2024-06-03T13:16:20.000Z","dependencies_parsed_at":null,"dependency_job_id":"f71eb339-1fb2-46e7-bc71-9942d848a55c","html_url":"https://github.com/dylibso/modsurfer-validate-action","commit_stats":null,"previous_names":["dylibso/modsurfer-validate-action"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/dylibso/modsurfer-validate-action","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dylibso%2Fmodsurfer-validate-action","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dylibso%2Fmodsurfer-validate-action/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dylibso%2Fmodsurfer-validate-action/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dylibso%2Fmodsurfer-validate-action/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dylibso","download_url":"https://codeload.github.com/dylibso/modsurfer-validate-action/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dylibso%2Fmodsurfer-validate-action/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":271911912,"owners_count":24842637,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-24T02:00:11.135Z","response_time":111,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["action","binary-scan","ci","linter","security","wasm","webassembly"],"created_at":"2024-12-13T10:13:29.146Z","updated_at":"2025-08-24T17:14:03.726Z","avatar_url":"https://github.com/dylibso.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# Modsurfer `validate` GitHub Action\n\n## Overview\n\nModsurfer by [Dylibso](https://dylib.so) is an application to help teams debug and observe their \nWebAssembly modules and components. It scans WASM binaries and extracts critical information about\nthe code contained within, as well as makes WASM code searchable and visible to the teams creating\nand executing it. See a demo of the Modsurfer application here: https://modsurfer.app\n\nThis GitHub Action runs Modsurfer's CLI, [found here](https://github.com/dylibso/modsurfer), using\nthe `validate` command. This command expects two inputs: \n- **path** (`-p` from the CLI): pointing to the .wasm file to validate\n- **check** (`-c` from the CLI): pointing to the YAML file (default: `mod.yaml`) to validate against\n\n## Usage\n\nTo use this action, add the following step in your workflow:\n\n```yaml\n    # ...\n    steps:\n      - uses: actions/checkout@v3\n      - name: modsurfer validate\n        uses: dylibso/modsurfer-validate-action@main\n        with:\n            path: path/to/your.wasm\n            check: path/to/mod.yaml\n```\n\nAn example `mod.yaml` (a \"check file\") could be: \n\n```yaml\n# For more information about other checkfile options, see the documentation at https://dev.dylib.so/docs/modsurfer/cli#checkfile\nvalidate:\n  # mandate that WASI support is allowed or not\n  allow_wasi: false\n  # define requirements for existence (or non-existence) of a module's import functions\n  imports:\n    include:\n    # specify the function and its signature, optionally scoping it to a particular module name / namespace\n    - name: http_get\n      namespace: env\n      params: \n      - I32\n      - I32\n      results:\n      - I32\n    # or, simply use the function name\n    - log_message\n    - proc_exit\n    exclude: \n    - fd_write\n    # declare module-wide requirements for existence (or non-existence) of imports from modules / namespaces\n    namespace:\n      include:\n        - env\n      exclude:\n        - some_future_deprecated_module_name\n        - wasi_snapshot_preview1\n  # define requirements for existence (or non-existence) of a module's export functions\n  exports: \n  # set a threshold for maximum number of exports\n    max: 2\n    include:\n    - name: _start\n      params: []\n      results: []\n    - name: bar\n      params:\n      - I32\n      - I32\n      results:\n      - I32\n    exclude:\n      - main\n      - foo\n  # restrict binary size of a module (supports suffixes listed here: https://docs.rs/parse-size/1.0.0/parse_size/index.html)\n  size:\n    max: 4MB\n  # restrict WASM code complexity to a risk profile (low, medium, high) based on Cyclomatic Complexity analysis\n  complexity:\n    max_risk: low\n```\n\nWhen a module fails to validate against the provided check file, a report is printed (seen below), \nand will issue a non-zero exit code, failing the CI workflow. \n\n```\n┌────────┬──────────────────────────────────────────────────┬──────────┬──────────┬───────────────────┬────────────┐\n│ Status │ Property                                         │ Expected │ Actual   │ Classification    │ Severity   │\n╞════════╪══════════════════════════════════════════════════╪══════════╪══════════╪═══════════════════╪════════════╡\n│ FAIL   │ allow_wasi                                       │ false    │ true     │ ABI Compatibility │ |||||||||| │\n├────────┼──────────────────────────────────────────────────┼──────────┼──────────┼───────────────────┼────────────┤\n│ FAIL   │ complexity.max_risk                              │ \u003c= low   │ medium   │ Resource Limit    │ |          │\n├────────┼──────────────────────────────────────────────────┼──────────┼──────────┼───────────────────┼────────────┤\n│ FAIL   │ exports.exclude.main                             │ excluded │ included │ Security          │ |||||      │\n├────────┼──────────────────────────────────────────────────┼──────────┼──────────┼───────────────────┼────────────┤\n│ FAIL   │ exports.include.bar                              │ included │ excluded │ ABI Compatibility │ |||||||||| │\n├────────┼──────────────────────────────────────────────────┼──────────┼──────────┼───────────────────┼────────────┤\n│ FAIL   │ exports.max                                      │ \u003c= 100   │ 151      │ Security          │ ||||||     │\n├────────┼──────────────────────────────────────────────────┼──────────┼──────────┼───────────────────┼────────────┤\n│ FAIL   │ imports.include.http_get                         │ included │ excluded │ ABI Compatibility │ ||||||||   │\n├────────┼──────────────────────────────────────────────────┼──────────┼──────────┼───────────────────┼────────────┤\n│ FAIL   │ imports.include.log_message                      │ included │ excluded │ ABI Compatibility │ ||||||||   │\n├────────┼──────────────────────────────────────────────────┼──────────┼──────────┼───────────────────┼────────────┤\n│ FAIL   │ imports.namespace.exclude.wasi_snapshot_preview1 │ excluded │ included │ ABI Compatibility │ |||||||||| │\n├────────┼──────────────────────────────────────────────────┼──────────┼──────────┼───────────────────┼────────────┤\n│ FAIL   │ imports.namespace.include.env                    │ included │ excluded │ ABI Compatibility │ ||||||||   │\n├────────┼──────────────────────────────────────────────────┼──────────┼──────────┼───────────────────┼────────────┤\n│ FAIL   │ size.max                                         │ \u003c= 4MB   │ 4.4 MiB  │ Resource Limit    │ |          │\n└────────┴──────────────────────────────────────────────────┴──────────┴──────────┴───────────────────┴────────────┘\n```","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdylibso%2Fmodsurfer-validate-action","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdylibso%2Fmodsurfer-validate-action","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdylibso%2Fmodsurfer-validate-action/lists"}