spotbugs-findsecbugs-action/starter-workflow.yml at ad86ba63ef8bf1a8b18c296cd79c135fec8b6575 · advanced-security/spotbugs-findsecbugs-action · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
name: SpotBugs with FindSecBugs

on:
  push:
    branches: [ main ]
  pull_request:
    branches: [ main ]

jobs:
    spotbugs:
      runs-on: ubuntu-latest
      permissions:
        actions: read
        contents: read
        security-events: write

      steps:
        - name: Checkout
          uses: actions/checkout@4.2.2
        # this needs to be appropriately configured for your project
        - name: Setup Java
          uses: actions/setup-java@4.7.0
          with:
            distribution: 'microsoft'
            java-version: 11
        # Setup SBT
        - name: Setup SBT
          uses: sbt/setup-sbt@26ab4b0fa1c47fa62fc1f6e51823a658fb6c760c # v1.1.7
        # do your build steps. This example uses sbt to create a .jar file, which will go into the target/scala-2.13 folder
        - name: Publish locally with sbt
          run: sbt publishLocal
        # now run SpotBugs and upload the results to Code Scanning
        - name: Run SpotBugs with FindSecBugs
          uses: advanced-security/spotbugs-findsecbugs-action@45266478cb8627da923977dacd1fa413fdb616a5 # v1.0.6
          with:
            # set these appropriately for your project - the defaults are shown here for context
            # make sure to set a SHA256 checksum that matches the version you want to use of SpotBugs
            # check https://github.com/spotbugs/spotbugs/releases
            # you can switch off checksum checking by setting the checksum to '', but this is not recommended
            spotbugs_target: 'target/scala-2.13' # cannot have globs
            # setting the path_prefix is important if you are seeing "Preview unavailable" on alerts
            # path_prefix: "src/scala/"
            # spotbugs_filename_glob: '*.jar'
            # upload_sarif: 'true'
            # no_cache: 'false'
            # spotbugs_version: '4.7.3'
            # spotbugs_checksum: 'f02e2f1135b23f3edfddb75f64be0491353cfeb567b5a584115aa4fd373d4431'
            # findsecbugs_version: '1.12.0'
            # java_distribution: 'microsoft'
            # java_version: '11'
            # base_path: "/home/runner/work/"
            # bug_categories: 'SECURITY' # or 'SECURITY,MALICIOUS_CODE' or 'CORRECTNESS,PERFORMANCE,SECURITY'