Merge branch 'master' into dart-analyze--azure-ci-snippet

DeepSourceCorp · Jan 31, 2024 · 249e368 · 249e368
2 parents 9f8e0dc + 3b46b83
commit 249e368
Show file tree

Hide file tree

Showing 3 changed files with 67 additions and 3 deletions.
diff --git a/analyzers/slither/CI/circleci.yaml b/analyzers/slither/CI/circleci.yaml
@@ -0,0 +1,34 @@
+version: 2.1
+
+jobs:
+  run-slither:
+    docker:
+      - image: cimg/python:3.12.1-node
+    steps:
+      - checkout
+      - run:
+          name: Install Slither
+          command: |
+            python -m pip install --upgrade pip
+            pip3 install slither-analyzer
+      - run:
+          name: Run Slither
+          command: |
+            # make sure to modify the solidity compiler version
+            export SOLC_VERSION=0.4.15
+            solc-select install $SOLC_VERSION
+            # make sure to modify the path to your contracts
+            slither . --sarif slither.sarif --fail-none
+      # Make sure you set the `DEEPSOURCE_DSN` env variable as a secret in your project.
+      - run:
+          name: Upload SARIF report to DeepSource
+          command: |
+            # Install the DeepSource CLI
+            curl https://deepsource.io/cli | sh
+            # Send the report to DeepSource
+            ./bin/deepsource report --analyzer slither --analyzer-type community --value-file slither.sarif
+
+workflows:
+  run-slither-workflow:
+    jobs:
+      - run-slither
diff --git a/analyzers/slither/CI/github-actions.yaml b/analyzers/slither/CI/github-actions.yaml
@@ -6,7 +6,7 @@ on:
   # Note that both `push` and `pull_request` triggers should be present for GitHub to consistently present slither
   # SARIF reports.
   push:
-    branches: [ main, master ]
+    branches: [main, master]
   pull_request:
 
 jobs:
@@ -16,11 +16,11 @@ jobs:
       contents: read
       security-events: write
     env:
-        DEEPSOURCE_DSN: ${{ secrets.DEEPSOURCE_DSN }}
+      DEEPSOURCE_DSN: ${{ secrets.DEEPSOURCE_DSN }}
     steps:
       - uses: actions/checkout@v3
         with:
-            ref: ${{ github.event.pull_request.head.sha }}
+          ref: ${{ github.event.pull_request.head.sha }}
 
       - name: Run Slither
         uses: crytic/[email protected]

diff --git a/analyzers/solhint/CI/circleci.yaml b/analyzers/solhint/CI/circleci.yaml
@@ -0,0 +1,30 @@
+version: 2.1
+
+jobs:
+  run-solhint:
+    docker:
+      - image: cimg/node:16.20.2
+    steps:
+      - checkout
+      - run:
+          name: Install Solhint
+          command: |
+            npm install solhint@^4.1.1 # version installed should be greater than 4.1.1
+      - run:
+          name: Run solhint
+          command: |
+            # make sure to modify the path to your contracts
+            npx solhint '*.sol' -f sarif > solhint.sarif || true
+      # Make sure you set the `DEEPSOURCE_DSN` env variable as a secret in your project.
+      - run:
+          name: Upload SARIF report to DeepSource
+          command: |
+            # Install the DeepSource CLI
+            curl https://deepsource.io/cli | sh
+            # Send the report to DeepSource
+            ./bin/deepsource report --analyzer solhint --analyzer-type community --value-file solhint.sarif
+
+workflows:
+  run-solhint-workflow:
+    jobs:
+      - run-solhint