Run Psalm’s Security Analysis as a Github action (a more general version can be found here).
name: Psalm Security Scan
on: [push, pull_request]
jobs:
psalm-security-scan:
name: Psalm
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Psalm Security Scan
uses: docker://ghcr.io/mbinorg/psalm-security-scan
- name: Import Security Analysis results into GitHub Security Code Scanning
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: results.sarif
You can also specify a version.
- uses: docker://ghcr.io/mbinorg/psalm-security-scan
+ uses: docker://ghcr.io/mbinorg/psalm-security-scan:5.7.7