Skip to content

add package.json

add package.json #4

# ref: https://github.com/crytic/slither-action#how-to-use-1
name: Slither Analysis for Solidity
on:
# Note that both `push` and `pull_request` triggers should be present for GitHub to consistently present slither
# SARIF reports.
push:
branches: [main, master]
pull_request:
jobs:
scan:
runs-on: ubuntu-latest
permissions:
contents: read
security-events: write
env:
DEEPSOURCE_DSN: ${{ secrets.DEEPSOURCE_DSN }}
steps:
- uses: actions/checkout@v3
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Run Slither
uses: crytic/[email protected]
id: slither
with:
slither-version: 0.10.0
target: "solidity/"
# The following makes slither produce scan analysis in SARIF format
sarif: ./slither.sarif
# The following line prevents aborting the workflow immediately in case your files fail Slither checks.
# This allows the following upload-sarif action to still upload the results.
continue-on-error: true
- name: Upload SARIF report files to DeepSource
id: upload-sarif
run: |
# Install the CLI
curl https://deepsource.io/cli | sh
# Send the report to DeepSource
./bin/deepsource report --analyzer slither --analyzer-type community --value-file ${{ steps.slither.outputs.sarif }}
# Ensure the workflow eventually fails if files did not pass slither checks.
- name: Verify slither-action succeeded
shell: bash
run: |
echo "If this step fails, slither found issues. Check the output of the scan step above."
[[ "${{ steps.slither.outcome }}" == "success" ]]