https://github.com/ajinabraham/njsscan-action
nodejsscan Github Action
https://github.com/ajinabraham/njsscan-action
action code-anaysis code-review githubactions njsscan njsscan-action nodejs nodejsscan nodesast sast staticanalysis
Last synced: 6 months ago
JSON representation
nodejsscan Github Action
- Host: GitHub
- URL: https://github.com/ajinabraham/njsscan-action
- Owner: ajinabraham
- License: apache-2.0
- Created: 2020-05-21T22:11:54.000Z (over 5 years ago)
- Default Branch: master
- Last Pushed: 2024-11-11T05:22:25.000Z (11 months ago)
- Last Synced: 2025-04-12T06:15:29.501Z (6 months ago)
- Topics: action, code-anaysis, code-review, githubactions, njsscan, njsscan-action, nodejs, nodejsscan, nodesast, sast, staticanalysis
- Language: Dockerfile
- Size: 41 KB
- Stars: 27
- Watchers: 2
- Forks: 3
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# njsscan action
njsscan finds insecure code patterns in your node.js applications.## Example Usage
Add the following file .github/workflows/njsscan.yml to your node.js repositories in Github to enable njsscan in your CI/CD or DevSecOps pipeline.
```yaml
name: njsscan
on:
push:
branches: [ master ]
pull_request:
branches: [ master ]
jobs:
njsscan:
runs-on: ubuntu-latest
name: njsscan check
steps:
- name: Checkout the code
uses: actions/checkout@v4.2.2
- uses: actions/setup-python@v5.3.0
with:
python-version: '3.12'
- name: nodejsscan scan
id: njsscan
uses: ajinabraham/njsscan-action@master
with:
args: '.'
```### Github Code Scanning SARIF upload
```yaml
name: njsscan
on:
push:
branches: [ master ]
pull_request:
branches: [ master ]
jobs:
njsscan:
runs-on: ubuntu-latest
name: njsscan code scanning
steps:
- name: Checkout the code
uses: actions/checkout@v4.2.2
- uses: actions/setup-python@v5.3.0
with:
python-version: '3.12'
- name: nodejsscan scan
id: njsscan
uses: ajinabraham/njsscan-action@master
with:
args: '. --sarif --output results.sarif || true'
- name: Upload njsscan report
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: results.sarif
```
For configuration, see: https://github.com/ajinabraham/njsscan#configure-njsscan