{"id":28425255,"url":"https://github.com/metamask/action-security-code-scanner","last_synced_at":"2025-06-26T01:32:30.319Z","repository":{"id":224791491,"uuid":"715552491","full_name":"MetaMask/action-security-code-scanner","owner":"MetaMask","description":"A GitHub action aggregating SAST tools to scan code for vulnerabilities","archived":false,"fork":false,"pushed_at":"2025-06-04T17:23:37.000Z","size":148,"stargazers_count":7,"open_issues_count":1,"forks_count":3,"subscribers_count":54,"default_branch":"main","last_synced_at":"2025-06-05T10:50:29.280Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/MetaMask.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":null,"patreon":null,"open_collective":"metamask","ko_fi":null,"tidelift":null,"community_bridge":null,"liberapay":null,"issuehunt":null,"otechie":null,"custom":null}},"created_at":"2023-11-07T11:25:22.000Z","updated_at":"2025-06-04T17:20:25.000Z","dependencies_parsed_at":"2024-02-27T19:31:21.618Z","dependency_job_id":"cda56ee5-b34f-4ab5-a039-5d52171657be","html_url":"https://github.com/MetaMask/action-security-code-scanner","commit_stats":null,"previous_names":["metamask/security-code-scanner","metamask/action-security-code-scanner"],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/MetaMask/action-security-code-scanner","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MetaMask%2Faction-security-code-scanner","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MetaMask%2Faction-security-code-scanner/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MetaMask%2Faction-security-code-scanner/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MetaMask%2Faction-security-code-scanner/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/MetaMask","download_url":"https://codeload.github.com/MetaMask/action-security-code-scanner/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MetaMask%2Faction-security-code-scanner/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":261982709,"owners_count":23240126,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-06-05T10:36:43.586Z","updated_at":"2025-06-26T01:32:30.309Z","avatar_url":"https://github.com/MetaMask.png","language":"JavaScript","readme":"# `MetaMask/action-security-code-scanner`\n\n## Overview\n\nThe Security Code Scanner GitHub Action is designed to enhance the security of your repositories by\nperforming thorough code scans. Currently, it utilizes the Appsec CodeQL scanner,\nbut the scope is planned to expand to include other security actions,\nproviding a more comprehensive security analysis.\n\n## Inputs\n\n- **`repo`**: (Required) The name of the repository you want to scan.\n- **`slack_webhook`**: (Required) Slack webhook URL.\n\n- **`project_metrics_token`**: (optional) Token belonging to a mixpanel project that is used to track build passes \u0026 failures.\n- **`paths_ignored`**: (optional) Code paths which are to be ignored. Each should be listed on a new line.\n- **`rules_excluded`**: (optional) Code scanning rules to exclude. Each should be listed on a new line.\n\n## Setup\n\nTo use the Security Code Scanner, create a `security-code-scanner.yml` file in your repository's `.github/workflows/` folder:\n\n```yaml\nname: 'MetaMask Security Code Scanner'\n\non:\n  push:\n    branches:\n      - main\n  pull_request:\n  workflow_dispatch:\n\njobs:\n  run-security-scan:\n    runs-on: ubuntu-latest\n    permissions:\n      actions: read\n      contents: read\n      security-events: write\n    steps:\n      - name: MetaMask Security Code Scanner\n        uses: MetaMask/action-security-code-scanner@v1\n        with:\n          repo: ${{ github.repository }}\n          paths_ignored: |\n            .storybook/\n            '**/__snapshots__/'\n            '**/*.snap'\n            '**/*.stories.js'\n            '**/*.stories.tsx'\n            '**/*.test.browser.ts*'\n            '**/*.test.js*'\n            '**/*.test.ts*'\n            '**/fixtures/'\n            '**/jest.config.js'\n            '**/jest.environment.js'\n            '**/mocks/'\n            '**/test*/'\n            docs/\n            e2e/\n            merged-packages/\n            node_modules\n            storybook/\n            test*/\n          rules_excluded: |\n            rule1\n          project_metrics_token: ${{ secrets.SECURITY_SCAN_METRICS_TOKEN }}\n          slack_webhook: ${{ secrets.APPSEC_BOT_SLACK_WEBHOOK }}\n```\n\n## Secrets\n\nRepositories in the MetaMask GitHub organization will pass the following secrets to the scanner to assist with logging and monitoring. However, these values can be replaced if used in other contexts.\n\n- SECURITY_SCAN_METRICS_TOKEN\n- APPSEC_BOT_SLACK_WEBHOOK\n\n## Features\n\n- **CodeQL Analysis**: Leverages [MetaMask/Appsec-CodeQL](https://github.com/MetaMask/codeql-action), a wrapper around GitHub's [CodeQL engine](https://codeql.github.com/), to identify vulnerabilities in the codebase.\n\n## Disclaimer\n\nThis action is developed for the MetaMask engineering team, and may require additional configuration if used in other organizations.\n","funding_links":["https://opencollective.com/metamask"],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmetamask%2Faction-security-code-scanner","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmetamask%2Faction-security-code-scanner","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmetamask%2Faction-security-code-scanner/lists"}