GithubHelp home page GithubHelp logo

clj-holmes / clj-holmes-action Goto Github PK

View Code? Open in Web Editor NEW
4.0 1.0 1.0 11 KB

Action to execute clj-holmes in Clojure/Clojurescript projects.

Dockerfile 22.07% Shell 77.93%
clojure security code-scanning sast

clj-holmes-action's Introduction

clj-holmes action

Action to execute clj-holmes in Clojure/Clojurescript projects.

Getting Started

Simply add the following snippet to your GitHub actions workflow.

- name: Scan
  uses: clj-holmes/clj-holmes-action@main

Inputs

It's also possible to specify the following:

  • rule-repository, it can be an public or private git repository [Default: git://clj-holmes/clj-holmes-rules#main]
  • output-type (json, sarif or stdout) [Default: sarif]
  • output-file [Default: clj_holmes_scan_results.txt]
  • fail-on-result (true or false) [Default: false]
- name: Scan
  uses: clj-holmes/clj-holmes-action@main
  with:
    rules-repository: 'git://org/private-rules-repo#main'
    output-type: 'json'
    output-file: 'scan-results.json'
    fail-on-result: 'true'
  env:
    GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

clj-holmes-action's People

Contributors

mthbernardes avatar rafaeldelboni avatar rancorzinho avatar

Stargazers

avatar avatar avatar avatar

Watchers

avatar

Forkers

argvader

clj-holmes-action's Issues

Security Policy violation SECURITY.md

Allstar has detected that this repository’s SECURITY.md security policy is out of compliance. Status:
Security policy not enabled.
A SECURITY.md file can give users information about what constitutes a vulnerability and how to report one securely so that information about a bug is not publicly visible. Examples of secure reporting methods include using an issue tracker with private issue support, or encrypted email with a published key.

To fix this, add a SECURITY.md file that explains how to handle vulnerabilities found in your repository. Go to https://github.com/clj-holmes/clj-holmes-action/security/policy to enable.

For more information, see https://docs.github.com/en/code-security/getting-started/adding-a-security-policy-to-your-repository.

This issue will auto resolve when the policy is in compliance.

Issue created by Allstar. See https://github.com/ossf/allstar/ for more information. For questions specific to the repository, please contact the owner or maintainer.

#error Value out of range for int: 3375571391

Hello clj-holmes-action maintainers,
I am receiving the following error while using this github action to scan clojure code. Any idea how it can be resolved?

Fetching rules from github Done ** ERROR: ** Exception: #error { :cause Value out of range for int: 33755713[9](https://github.com/orgname/reck/actions/runs/9160349224/job/25182762764#step:5:10)1 :via [{:type java.util.concurrent.ExecutionException :message java.lang.IllegalArgumentException: Value out of range for int: 3375571391 :at [java.util.concurrent.FutureTask report FutureTask.java 122]} {:type java.lang.IllegalArgumentException :message Value out of range for int: 3375571391 :at [clojure.lang.RT intCast RT.java 1248]}] :trace [[clojure.lang.RT intCast RT.java 1248] [clojure.lang.RT intCast RT.java 1218] [progrock.core$interval_str invokeStatic core.clj 47] [progrock.core$render invokeStatic core.clj 92] [progrock.core$print invokeStatic core.clj 98] [progrock.core$print invoke core.clj 98] [progrock.core$print invokeStatic core.clj [clj_holmes.logic.progress$add_watch_to_counter$fn__519 invoke progress.clj 10] [clojure.lang.ARef notifyWatches ARef.java 81] [clojure.lang.Atom swap Atom.java 41] [clojure.core$swap_BANG_ invokeStatic core.clj 2354] [clj_holmes.engine$check_rules_in_code_structure invokeStatic engine.clj 9] [clj_holmes.engine$scan_STAR_$fn__1238 invoke engine.clj 21] [clojure.core$pmap$fn__8467$fn__8468 invoke core.clj 7024] [clojure.core$binding_conveyor_fn$fn__5758 invoke core.clj 2032] [clojure.lang.AFn call AFn.java 18] [java.util.concurrent.FutureTask run FutureTask.java 264] [java.util.concurrent.ThreadPoolExecutor runWorker ThreadPoolExecutor.java [11](https://github.com/orgname/reck//actions/runs/9160349224/job/25182762764#step:5:12)28] [java.util.concurrent.ThreadPoolExecutor$Worker run ThreadPoolExecutor.java 628] [java.lang.Thread run Thread.java 829] [com.oracle.svm.core.thread.JavaThreads threadStartRoutine JavaThreads.java 596] [com.oracle.svm.core.posix.thread.PosixJavaThreads pthreadStartRoutine PosixJavaThreads.java 192]]}

Security Policy violation Branch Protection

Allstar has detected that this repository’s Branch Protection security policy is out of compliance. Status:
No protection found for branch main

This issue will auto resolve when the policy is in compliance.

Issue created by Allstar. See https://github.com/ossf/allstar/ for more information. For questions specific to the repository, please contact the owner or maintainer.

No

No rules seem to be used when the default rules database is used.

Action setup:

      - name: Scan
        uses: clj-holmes/clj-holmes-action@main
        with:
     #     rules-repository: 'git://clj-holmes/clj-holmes-rules#main'
          output-type: 'sarif'
          output-file: 'clj-holmes-results.sarif'
          fail-on-result: 'false'
          verbose: 'true'
        env:
          GITHUB_TOKEN: ${{ secrets.TOKEN }}

The results don't show the rules used and as a result the are no violations found.

{"$schema":"https://schemastore.azurewebsites.net/schemas/json/sarif-2.1.0-rtm.5.json","version":"2.1.0","runs":[{"tool":{"driver":{"name":"clj-holmes","informationUri":"https://github.com/clj-holmes/clj-holmes","version":"1.4.3","rules":[]}},"results":[]}]}

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.