Skip to content

Commit

Permalink
Merge pull request #34 from crytic/dev-readme-020
Browse files Browse the repository at this point in the history
Update README before release
  • Loading branch information
elopez authored Sep 9, 2022
2 parents 35510b3 + fe4a2d3 commit 230a81b
Showing 1 changed file with 30 additions and 7 deletions.
37 changes: 30 additions & 7 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: crytic/slither-action@v0.1.1
- uses: crytic/slither-action@v0.2.0
```
### Options
Expand Down Expand Up @@ -63,9 +63,16 @@ config` to prevent the action from overriding your settings.
| `low` | Fail on any finding | Fail on any finding >= low
| `medium` | Fail on any finding | Fail on any finding >= medium
| `high` | Fail on any finding | Fail on any finding >= high
| `none` | Do not fail on findings | Do not fail on findings
| `none` | Do not fail on findings | Do not fail on findings
| `config` | Determined by config file | Determined by config file

† Note that if you use `fail-on: none` with Slither 0.8.3 or earlier, certain
functionality may not work as expected. In particular, Slither will not produce
a SARIF file in this case. If you require `fail-on: none` behavior with the
SARIF integration, consider adding [`continue-on-error:
true`](https://docs.github.com/es/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepscontinue-on-error)
instead to the action step.

### Using a different Slither version

If the latest Slither release has a bug that does not let you analyze your
Expand All @@ -86,6 +93,22 @@ custom Slither release. This option can take different values:
Add `// slither-disable-next-line DETECTOR_NAME` before the finding, or use the
[Github Code Scanning integration](#github-code-scanning-integration).

### Staying up to date

We suggest enabling [Dependabot version updates for
actions](https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot)
to get notified of new action releases. You can do so by creating
`.github/dependabot.yml` in your repository with the following content:

```yaml
version: 2
updates:
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "daily"
```

## Github Code Scanning integration

The action supports the Github Code Scanning integration, which will push
Expand Down Expand Up @@ -116,7 +139,7 @@ jobs:
- uses: actions/checkout@v3
- name: Run Slither
uses: crytic/slither-action@v0.1.1
uses: crytic/slither-action@v0.2.0
id: slither
with:
sarif: results.sarif
Expand Down Expand Up @@ -151,7 +174,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: crytic/slither-action@v0.1.1
- uses: crytic/slither-action@v0.2.0
with:
target: 'src/'
```
Expand Down Expand Up @@ -188,7 +211,7 @@ jobs:
uses: actions/checkout@v3
- name: Run Slither
uses: crytic/slither-action@v0.1.1
uses: crytic/slither-action@v0.2.0
id: slither
with:
node-version: 16
Expand Down Expand Up @@ -233,7 +256,7 @@ jobs:
uses: actions/checkout@v3
- name: Run Slither
uses: crytic/slither-action@v0.1.1
uses: crytic/slither-action@v0.2.0
id: slither
with:
sarif: results.sarif
Expand Down Expand Up @@ -300,7 +323,7 @@ jobs:
run: nix-shell --run 'make build'
- name: Run Slither
uses: crytic/slither-action@v0.1.1
uses: crytic/slither-action@v0.2.0
with:
ignore-compile: true
```

0 comments on commit 230a81b

Please sign in to comment.