This action requires that you've enabled code scanning (currently in beta).
DeepCode Code Scanning Github Action allows to integrate DeepCode's bug finding capabilities within your code scanning pipeline. When a commit is triggered, DeepCode finds bugs and security vulnerabilities and report them as part of your repository's code scanning alerts.
-
Here is a video how to get it:
-
If you prefer the text version, here is how to get the DeepCode token:
- Login with your DeepCode account.
- Under Account you can find a section "Deepcode API tokens".
- Create a new token by clicking on "Create new session token".
- Copy the token and use it to create a secret in your Github repository (next section).
-
Here is a video how to get it:
-
If you prefer the text version, here is how to create the secret:
- Navigate to the Settings of your repository.
- Under Secrets create a new secret by clicking on the "New secret" button.
- The secret name should be
DEEPCODE_TOKEN. Please note the capital letters and the underscore, this is important and will be used later when setting up the Github action. - Paste the token value you copied earlier.
- Press "Add secret" and you are now ready to setup the Github action.
Create a file .github/workflows/deepcode-analysis.yml and insert the following snippet:
name: A DeepCode analysis
on:
# Trigger the workflow on push or pull request, but only for the master branch
push:
branches:
- master
pull_request:
branches:
- master
jobs:
Deepcode-Build:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Perform DeepCode analysis
uses: georgismitev/deepcode-code-scanning-analysis@master
env:
DEEPCODE_TOKEN: ${{ secrets.DEEPCODE_TOKEN }}
- name: Upload report
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: output.sarif- In case you need to contact us or you want to provide feedback, we love to hear from you - here is how to get in touch with us.
- If you want to report an issue go here.