/psalm-github-security-scan

Psalm Security Scanning for GitHub Actions used by Mbin

Primary LanguageDockerfile

Psalm Github Security Scan by and for Mbin

Run Psalm’s Security Analysis as a Github action (a more general version can be found here).

name: Psalm Security Scan

on: [push, pull_request]

jobs:
  psalm-security-scan:
    name: Psalm
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v3

      - name: Psalm Security Scan
        uses: docker://ghcr.io/mbinorg/psalm-security-scan
        
      - name: Import Security Analysis results into GitHub Security Code Scanning
        uses: github/codeql-action/upload-sarif@v2
        with:
          sarif_file: results.sarif

Specify Psalm version

You can also specify a version.

-        uses: docker://ghcr.io/mbinorg/psalm-security-scan
+        uses: docker://ghcr.io/mbinorg/psalm-security-scan:5.7.7