Awesome
Amarna Action
This action allows you to run the Amarna static analyzer against your project, from within a GitHub Actions workflow.
To learn more about Amarna itself, visit its GitHub repository.
How to use
Create .github/workflows/amarna.yml:
name: Amarna Analysis
on: [push]
jobs:
analyze:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: crytic/amarna-action@v0.1.1
Options
| Key | Description |
|---|---|
sarif | If provided, the path of the SARIF file to produce, relative to the repo root (see Github Code Scanning integration). |
amarna-args | Extra arguments to pass to Amarna. |
amarna-version | The version of amarna-analyzer to use. By default, the latest release in PyPI is used. |
target | The path to the root of the project to be analyzed by Amarna. Can be a directory or a file. Defaults to the repo root. |
Github Code Scanning integration
The action supports the Github Code Scanning integration, which will push Amarna's alerts to the Security tab of the Github project (see About code scanning). This integration eases the triaging of findings and improves the continious integration.
How to use
To enable the integration, use the sarif option, and upload the Sarif file to codeql-action:
name: Amarna Analysis
on: [push]
jobs:
analyze:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Run Amarna
uses: crytic/amarna-action@v0.1.1
id: amarna
continue-on-error: true
with:
sarif: results.sarif
target: 'src/'
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: ${{ steps.amarna.outputs.sarif }}
checkout_path: '/github/workspace'
Here:
continue-on-error: trueis required to let the SARIF upload step runs if Amarna finds issuesid: amarnais the name used in forsteps.amarna.outputs.sariftarget: 'src/'means Amarna will analyze thesrc/directory