{"id":49952661,"url":"https://github.com/rigs-it/xanitizer-action","last_synced_at":"2026-05-17T20:09:12.221Z","repository":{"id":65155275,"uuid":"292637061","full_name":"RIGS-IT/xanitizer-action","owner":"RIGS-IT","description":"GitHub action to download and install Xanitizer, and to run a Xanitizer security analysis in a GitHub workflow.","archived":false,"fork":false,"pushed_at":"2021-01-11T10:02:24.000Z","size":404,"stargazers_count":10,"open_issues_count":0,"forks_count":3,"subscribers_count":2,"default_branch":"master","last_synced_at":"2026-01-01T03:35:22.448Z","etag":null,"topics":["action","analysis","security","security-tools","vulnerability-detection","xanitizer"],"latest_commit_sha":null,"homepage":"https://www.xanitizer.com","language":"TypeScript","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/RIGS-IT.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-09-03T17:31:48.000Z","updated_at":"2025-02-16T20:44:06.000Z","dependencies_parsed_at":"2023-01-04T12:32:30.422Z","dependency_job_id":null,"html_url":"https://github.com/RIGS-IT/xanitizer-action","commit_stats":{"total_commits":9,"total_committers":2,"mean_commits":4.5,"dds":0.2222222222222222,"last_synced_commit":"87d13138fb113b727cbe040c744a15a2b4fe5316"},"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"purl":"pkg:github/RIGS-IT/xanitizer-action","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RIGS-IT%2Fxanitizer-action","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RIGS-IT%2Fxanitizer-action/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RIGS-IT%2Fxanitizer-action/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RIGS-IT%2Fxanitizer-action/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/RIGS-IT","download_url":"https://codeload.github.com/RIGS-IT/xanitizer-action/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RIGS-IT%2Fxanitizer-action/sbom","scorecard":{"id":116718,"data":{"date":"2025-08-11","repo":{"name":"github.com/RIGS-IT/xanitizer-action","commit":"87d13138fb113b727cbe040c744a15a2b4fe5316"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":1.7,"checks":[{"name":"SAST","score":0,"reason":"no SAST tool detected","details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Code-Review","score":0,"reason":"Found 0/9 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Vulnerabilities","score":0,"reason":"34 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-7r3h-m5j6-3q42","Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8","Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92","Warn: Project is vulnerable to: GHSA-h5c3-5r3r-rr8q","Warn: Project is vulnerable to: GHSA-rmvr-2pp2-xj38","Warn: Project is vulnerable to: GHSA-xx4v-prfh-6cgc","Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg","Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275","Warn: Project is vulnerable to: GHSA-gxpj-cx7g-858c","Warn: Project is vulnerable to: GHSA-w573-4hg7-7wgq","Warn: Project is vulnerable to: GHSA-fjxv-7rqg-78g4","Warn: Project is vulnerable to: GHSA-43f8-2h32-f4cj","Warn: Project is vulnerable to: GHSA-896r-f27r-55mw","Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h","Warn: Project is vulnerable to: GHSA-29mw-wpgm-hmr9","Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm","Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv","Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3","Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h","Warn: Project is vulnerable to: GHSA-w7rc-rwvf-8q5r","Warn: Project is vulnerable to: GHSA-r683-j2x4-v87g","Warn: Project is vulnerable to: GHSA-5fw9-fq32-wv5p","Warn: Project is vulnerable to: GHSA-hj48-42vr-x3v9","Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp","Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6","Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw","Warn: Project is vulnerable to: GHSA-jgrx-mgxx-jf9v","Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3","Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7","Warn: Project is vulnerable to: GHSA-6fc8-4gx4-v693","Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q","Warn: Project is vulnerable to: GHSA-c4w7-xm78-47vh"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-16T01:29:24.017Z","repository_id":65155275,"created_at":"2025-08-16T01:29:24.018Z","updated_at":"2025-08-16T01:29:24.018Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33153665,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-17T09:28:26.183Z","status":"ssl_error","status_checked_at":"2026-05-17T09:27:52.702Z","response_time":107,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["action","analysis","security","security-tools","vulnerability-detection","xanitizer"],"created_at":"2026-05-17T20:09:10.520Z","updated_at":"2026-05-17T20:09:12.214Z","avatar_url":"https://github.com/RIGS-IT.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# `xanitizer-action`\r\n\r\nThe `xanitizer-action` runs a security analysis in a GitHub workflow using [Xanitizer](https://www.xanitizer.com)\r\nto automatically detect vulnerabilities in your code by:\r\n\r\n- Downloading and installing the latest version of Xanitizer.\r\n- Running a security analysis with default or with project specific settings.\r\n- Optionally breaking the build in case of e.g. some finding has a rating that is equal or larger than a defined value.\r\n- Exporting the detected vulnerabilties as report files\r\n  which can optionally be archived using the `actions/upload-artifact` action\r\n  or uploaded via the `github/codeql-action/upload-sarif` action\r\n  into the GitHub code scanning alert section of your repository.\r\n\r\n\r\n## License\r\n\r\nThis project is released under the\r\n[MIT License](https://github.com/RIGS-IT/xanitizer-action/blob/master/LICENSE).\r\n\r\nThe underlying Xanitizer, used in this action, is licensed under the \r\n[Xanitizer End-User Clickwrap License Aggreement](https://www.xanitizer.com/xanitizer-license-agreement/)\r\nand needs a separate license file.\r\nLicenses are free of charge for open source projects and for educational usage.\r\nTo get more information about the Xanitizer licenses and how to obtain a license file, \r\nplease consult [Licensing and Pricing](https://www.xanitizer.com/xanitizer-pricing/).\r\n\r\n\r\n## Prerequisites\r\n\r\nTo use this `xanitizer-action` in a GitHub workflow, some prerequisites have to be fullfilled.\r\n\r\n### Xanitizer license\r\n\r\nXanitizer needs a license file to be executed.\r\nFor this, the content of the license file has to be stored as a GitHub secret, e.g. `XANITIZER_LICENSE` inside the repository settings\r\n([Creating and storing encrypted secrets](https://docs.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets)).\r\nAfter storing the content as a GitHub secret, the license can be referenced like this:\r\n\r\n```yaml\r\n- uses: RIGS-IT/xanitizer-action@v1\r\n  with:\r\n    license: ${{ secrets.XANITIZER_LICENSE }}\r\n```\r\n\r\n### Prerequisite for Java Projects\r\n\r\nXanitizer needs a compiled Java project, because Xanitizer does not only look at the source code,\r\nbut it primarily analyzes the byte code.\r\nAs a static application security testing (SAST) tool, Xanitizer requires that all dependencies of analyzed\r\nartifacts can be successfully resolved.\r\nSo you have to compile your project before running the security analysis, e.g. via Maven:\r\n\r\n```yaml\r\n  # Compile the code for Java projects and get all libraries, e.g. via Maven\r\n- run: mvn -B compile\r\n\r\n  # Run the security analysis with default settings\r\n- name: Xanitizer Security Analysis\r\n  uses: RIGS-IT/xanitizer-action@v1\r\n  with:\r\n    license: ${{ secrets.XANITIZER_LICENSE }}\r\n```\r\n\r\n### Prerequisite for JavaScript Projects\r\n\r\nXanitizer requires that all dependencies of artifacts being analyzed can be successfully resolved.\r\nTo support this all used libraries have to be installed before running the security analysis, e.g. via `npm install`:\r\n\r\n```yaml\r\n  # Install all dependend libraries for JavaScript/TypeScript project, e.g. via npm\r\n- run: npm install\r\n\r\n  # Run the security analysis with default settings\r\n- name: Xanitizer Security Analysis\r\n  uses: RIGS-IT/xanitizer-action@v1\r\n  with:\r\n    license: ${{ secrets.XANITIZER_LICENSE }}\r\n```\r\n\r\n\r\n## Usage\r\n\r\nThis action can be run on `ubuntu-latest` and `windows-latest` GitHub Actions runners.\r\n\r\nAn example workflow which runs a Xanitizer security analysis \r\nand then archives the findings list reports \r\nand uploads the findings into the GitHub code scanning alert section of your repository\r\ncan be found [here](https://github.com/RIGS-IT/xanitizer-action/blob/master/workflows/xanitizer.yml).\r\n\r\n### Basic\r\n\r\nThe basic configuration runs a security analysis with the Xanitizer default settings\r\nand exports a `Xanitizer-Findings-List.pdf` and `Xanitizer-Findings-List.sarif` report \r\ncontaining all problematic findings with their details in the root directory of the repository that has been checked out.\r\n\r\n```yaml\r\nname: \"Xanitizer Security Analysis\"\r\n\r\non:\r\n  # Run the workflow on each push\r\n  # push:\r\n  # Run the workflow each day at 5 am\r\n  # schedule:\r\n  #   - cron: '0 5 * * *'\r\n  # Run the workflow manually\r\n  workflow_dispatch:\r\n\r\njobs:\r\n  xanitizer-security-analysis:\r\n    # Xanitizer runs on ubuntu-latest and windows-latest.\r\n    runs-on: ubuntu-latest\r\n\r\n    steps:\r\n      # Check out the repository\r\n    - uses: actions/checkout@v2\r\n\r\n      # Compile the code for Java projects and get all libraries, e.g. via Maven\r\n    - run: mvn -B compile\r\n\r\n      # Install all dependent libraries for JavaScript/TypeScript project, e.g. via npm\r\n    - run: npm install\r\n\r\n      # Run the security analysis with default settings\r\n    - name: Xanitizer Security Analysis\r\n      uses: RIGS-IT/xanitizer-action@v1\r\n      with:\r\n        license: ${{ secrets.XANITIZER_LICENSE }}\r\n```\r\n\r\n### Integration into the GitHub Code Scanning Alert Section \r\n\r\nIn the basic configuration, Xanitizer exports a `Xanitizer-Findings-List.sarif` report \r\ncontaining all problematic findings with their details into the root directory of the repository that has been checked out.\r\nThis exported SARIF file can be uploaded to the GitHub code scanning alert section of your repository\r\nvia the `github/codeql-action/upload-sarif` action.\r\n\r\n```yaml\r\nsteps:\r\n  # Check out the repository\r\n- uses: actions/checkout@v2\r\n\r\n  # Compile the code for Java projects and get all libraries, e.g. via Maven\r\n- run: mvn -B compile\r\n\r\n  # Install all dependent libraries for JavaScript/TypeScript project, e.g. via npm\r\n- run: npm install\r\n\r\n  # Run the security analysis with default settings\r\n- name: Xanitizer Security Analysis\r\n  uses: RIGS-IT/xanitizer-action@v1\r\n  with:\r\n    license: ${{ secrets.XANITIZER_LICENSE }}\r\n\r\n  # Uploads results.sarif to GitHub using the upload-sarif action\r\n- uses: github/codeql-action/upload-sarif@v1\r\n  with:\r\n    sarif_file: Xanitizer-Findings-List.sarif\r\n```\r\n\r\n### Exporting and Archiving Overview and Finding Lists Reports\r\n\r\nIf none of the parameters `overviewReportOutputFile`, `overviewReportOutputFiles`,\r\n`findingsListReportOutputFile`, or `findingsListReportOutputFiles` are specified,\r\nXanitizer exports only a `Xanitizer-Findings-List.pdf` and `Xanitizer-Findings-List.sarif` report \r\ncontaining all problematic findings with their details into the root directory of the repository that has been checked out.\r\n\r\nTo export and archive an overview report or to export and archive a findings list report in another format, you can use:\r\n\r\n```yaml\r\nsteps:\r\n  # Check out the repository\r\n- uses: actions/checkout@v2\r\n\r\n  # Compile the code for Java projects and get all libraries, e.g. via Maven\r\n- run: mvn -B compile\r\n\r\n  # Install all dependent libraries for JavaScript/TypeScript project, e.g. via npm\r\n- run: npm install\r\n\r\n  # Run the security analysis with a configuration file\r\n- name: Xanitizer Security Analysis\r\n  uses: RIGS-IT/xanitizer-action@v1\r\n  with:\r\n    license: ${{ secrets.XANITIZER_LICENSE }}\r\n    overviewReportOutputFile: relative/path/to/the/Overview-Report.pdf\r\n    findingsListReportOutputFiles: relative/path/to/the/Findings-List.pdf,relative/path/to/the/Findings-List.html\r\n    # Findings list reports have to contain also non problematic findings\r\n    # onlyProblemsInFindingsListReport: false\r\n    # Findings list reports contain no details e.g. all steps of a path\r\n    # generateDetailsInFindingsListReport: false\r\n\r\n  # Archiving\r\n- uses: actions/upload-artifact@v2\r\n  with:\r\n    name: Xanitizer-Reports\r\n    path: relative/path/to/the\r\n```\r\n\r\nPlease note that the HTML report format is not only a single HTML file, it's a list of files with a subdirectory containing images.\r\n\r\n\r\n### Configuration File\r\n\r\nTo improve the accuracy of the security analysis, \r\nthe `xanitizer-action` can also be executed based on a Xanitizer configuration file containing project specific settings.\r\nThis configuration file can only be edited with the standalone version of Xanitizer not directly with the GitHub action.\r\n\r\n```yaml\r\nsteps:\r\n  # Check out the repository\r\n- uses: actions/checkout@v2\r\n\r\n  # Compile the code for Java projects and get all libraries, e.g. via Maven\r\n- run: mvn -B compile\r\n\r\n  # Install all dependent libraries for JavaScript/TypeScript project, e.g. via npm\r\n- run: npm install\r\n\r\n  # Run the security analysis with a configuration file\r\n- name: Xanitizer Security Analysis\r\n  uses: RIGS-IT/xanitizer-action@v1\r\n  with:\r\n    license: ${{ secrets.XANITIZER_LICENSE }}\r\n    configFile: relative/path/to/the/configuration/file\r\n```\r\n\r\n### Another Checkout Path\r\n\r\nIt is possible to use the parameter `path` of the Git checkout action [`actions/checkout@v2`](https://github.com/actions/checkout#usage)\r\nto check out the repository to a path under $GITHUB_WORKSPACE.\r\nIf this parameter is used, the corresponding parameter `checkoutPath` of this action `xanitizer-action`\r\nhas to be set to the same value.\r\n\r\n```yaml\r\nsteps:\r\n  # Check out the repository\r\n- uses: actions/checkout@v2\r\n  with:\r\n    path: path/to/checkout\r\n\r\n  # Compile the code for Java projects and get all libraries, e.g. via Maven\r\n- run: |\r\n    cd path/to/checkout\r\n    mvn -B compile\r\n\r\n  # Install all dependent libraries for JavaScript/TypeScript project, e.g. via npm\r\n- run: |\r\n    cd path/to/checkout\r\n    npm install\r\n\r\n  # Run the security analysis with default settings\r\n- name: Xanitizer Security Analysis\r\n  uses: RIGS-IT/xanitizer-action@v1\r\n  with:\r\n    license: ${{ secrets.XANITIZER_LICENSE }}\r\n    checkoutPath: path/to/checkout\r\n```\r\n\r\n### Break the Build\r\n\r\nNormally, Xanitizer will no break any build, unless the `xanitizer-action` is configured to do so.\r\nBreaking the build is not recommended if the SARIF report file should be uploaded to the GitHub code scanning alert section of your repository,\r\nbecause no SARIF report file is generated if the build breaks.\r\n\r\n```yaml\r\nsteps:\r\n  # Check out the repository\r\n- uses: actions/checkout@v2\r\n\r\n  # Compile the code for Java projects and get all libraries, e.g. via Maven\r\n- run: mvn -B compile\r\n\r\n  # Install all dependent libraries for JavaScript/TypeScript project, e.g. via npm\r\n- run: npm install\r\n\r\n  # Run the security analysis, breaking the build if necessary\r\n- name: Xanitizer Security Analysis\r\n  uses: RIGS-IT/xanitizer-action@v1\r\n  with:\r\n    license: ${{ secrets.XANITIZER_LICENSE }}\r\n    # Whether the task should fail if in an exiting Xanitizer configuration file there are search paths configured that do not exist.\r\n    # haltOnMissingSearchPaths: true\r\n    # A comma - separated list of issue groups that will let the task fail if for any of them, a Xanitizer error issue occurs.\r\n    # haltOnIssues: WORKSPACE_ERRORS, CALL_GRAPH_ERRORS, ANALYSIS_ERRORS, MIGRATION_ERRORS\r\n    # Whether the task should fail if there are findings with a rating equal or higher than the value defined for `findingsRatingThreshold`.\r\n    haltOnFindings: true\r\n    # A rating value. Only used if the parameter `haltOnFindings` is set.\r\n    findingsRatingThreshold: 5.0\r\n```\r\n\r\n## Inputs\r\n\r\nSee [action.yml](https://github.com/RIGS-IT/xanitizer-action/blob/master/action.yml) for all supported input parameters.\r\n\r\n## Outputs\r\n\r\nAll output streams of the running Xanitizer installation will be redirected to the GitHub action logging framework.\r\n\r\nFurthermore, the status messages containing i.a. the result of the security analysis are exported and can be used by subsequent steps\r\nvia the parameter `security_analysis`.\r\n\r\n```yaml\r\nsteps:\r\n  # Check out the repository\r\n- uses: actions/checkout@v2\r\n\r\n  # Compile the code for Java projects and get all libraries, e.g. via Maven\r\n- run: mvn -B compile\r\n\r\n  # Install all dependent libraries for JavaScript/TypeScript project, e.g. via npm\r\n- run: npm install\r\n\r\n  # Run the security analysis with default settings\r\n- name: Xanitizer Security Analysis\r\n  id: xanitizer\r\n  uses: RIGS-IT/xanitizer-action@v1\r\n  with:\r\n    license: ${{ secrets.XANITIZER_LICENSE }}\r\n\r\n  # Use the output from the `xanitizer` step\r\n- run: echo \"Status messages from Xanitizer's security analysis - ${{ steps.xanitizer.outputs.security_analysis }}\"\r\n```\r\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frigs-it%2Fxanitizer-action","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frigs-it%2Fxanitizer-action","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frigs-it%2Fxanitizer-action/lists"}