-
Notifications
You must be signed in to change notification settings - Fork 72
50 lines (44 loc) · 1.51 KB
/
security.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
name: Security
on: [push, pull_request]
jobs:
check:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: software-mansion/setup-scarb@v1
with:
scarb-version: "2.3.1"
- name: Install Semgrep
run: |
pip install semgrep==1.45.0
- name: Run Semgrep
run: semgrep --config https://github.com/avnu-labs/semgrep-cairo-rules/releases/download/v0.0.1/cairo-rules.yaml ./src > semgrep-output.txt
- name: Save Semgrep Output as an Artifact
uses: actions/upload-artifact@v3
with:
name: semgrep-cairo
path: semgrep-output.txt
- name: Build cairo programs
run: scarb build
- name: Cache Cargo dependencies
uses: actions/cache@v2
with:
path: |
~/.cargo
key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
# - name: Check if Caracal is installed
# id: check-caracal
# run: |
# if ! command -v caracal &> /dev/null; then
# echo "Caracal is not installed. Installing..."
# cargo install --git https://github.com/crytic/caracal --profile release --force
# else
# echo "Caracal is already installed."
# fi
# - name: Run Caracal
# run: caracal detect . > caracal-output.txt
# - name: Save Caracal Output as an Artifact
# uses: actions/upload-artifact@v3
# with:
# name: caracal-cairo
# path: caracal-output.txt