smart-accounts-kit/.github/workflows/security-code-scanner.yml at main · MetaMask/smart-accounts-kit · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
name: MetaMask Security Code Scanner

on:
  workflow_call:
    secrets:
      SECURITY_SCAN_METRICS_TOKEN:
        required: false
      APPSEC_BOT_SLACK_WEBHOOK:
        required: false
  workflow_dispatch:

jobs:
  run-security-scan:
    name: Run security scan
    runs-on: ubuntu-latest
    permissions:
      actions: read
      contents: read
      security-events: write
    steps:
      - name: Analyse code
        uses: MetaMask/action-security-code-scanner@v1
        with:
          repo: ${{ github.repository }}
          paths_ignored: |
            '**/jest.config.js'
            '**/jest.environment.js'
            '**/mocks/'
            '**/test/'
            'node_modules'
            'packages/delegator-e2e'
          rules_excluded: example
          project_metrics_token: ${{ secrets.SECURITY_SCAN_METRICS_TOKEN }}
          slack_webhook: ${{ secrets.APPSEC_BOT_SLACK_WEBHOOK }}