Skip to content
You're viewing an older version of this GitHub Action. Do you want to see the latest version instead?
check

GitHub Action

Horusec

v0.1-alpha

Horusec

check

Horusec

Run Horusec SAST in your code

Installation

Copy and paste the following snippet into your .yml file.

 
              
- name: Horusec

              
  uses: fike/[email protected]
Learn more about this action in fike/horusec-action

Choose a version

Horusec Action

Horusec is a SAST great DevSecOps tool to use for any pipeline. This is a proof of concept to embed in a Github Action.

How to use

The most common argument to pass is --ignore directories and target path. You can add any extra argument for Horusec supported but keep mind that use in the argument line for your Action workflow.

Here is a example to ignore some directories and target path is "/".

on: [push]

jobs:
  checking_code:
    runs-on: ubuntu-latest
    name: Horusec Scan
    steps:
      - name: Run Horusec
        id: run_horusec
        uses: fike/[email protected]
        with:
          arguments: -p="./" --ignore="**/htmlcov/**, **/deployments/**, **/.git/**, **/**.pyre, **/.venv/**, **/.vscode/**, **/*.env, **/.mypy_cache/**, **/tests/**"

Known Issue

Build Action based Docker purely isn't flexible to split arguments like it's possible when build using Javascript/Typescript.

This is a proof of concept to running Horusec as a Github Action.