diff --git a/code-scanning/flawfinder.yml b/code-scanning/flawfinder.yml new file mode 100644 index 0000000..080953e --- /dev/null +++ b/code-scanning/flawfinder.yml @@ -0,0 +1,38 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +name: flawfinder + +on: + push: + branches: [ $default-branch, $protected-branches ] + pull_request: + # The branches below must be a subset of the branches above + branches: [ $default-branch ] + schedule: + - cron: $cron-weekly + +jobs: + flawfinder: + name: Flawfinder + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + steps: + - name: Checkout code + uses: actions/checkout@v2 + + - name: flawfinder_scan + uses: david-a-wheeler/flawfinder@8e4a779ad59dbfaee5da586aa9210853b701959c + with: + arguments: '--sarif ./' + output: 'flawfinder_results.sarif' + + - name: Upload analysis results to GitHub Security tab + uses: github/codeql-action/upload-sarif@v1 + with: + sarif_file: ${{github.workspace}}/flawfinder_results.sarif \ No newline at end of file diff --git a/code-scanning/properties/flawfinder.properties.json b/code-scanning/properties/flawfinder.properties.json new file mode 100644 index 0000000..f784d03 --- /dev/null +++ b/code-scanning/properties/flawfinder.properties.json @@ -0,0 +1,7 @@ +{ + "name": "Flawfinder", + "creator": "David A. Wheeler", + "description": "Flawfinder is a simple program that scans C/C++ source code and reports potential security flaws.", + "iconName": "flawfinder", + "categories": [ "Code Scanning", "C", "C++" ] +} \ No newline at end of file diff --git a/icons/flawfinder.svg b/icons/flawfinder.svg new file mode 100644 index 0000000..2324dca --- /dev/null +++ b/icons/flawfinder.svg @@ -0,0 +1,16 @@ + + + + + + + + + + + + + + + +