Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature Request: Support for GitHub Actions and similar workflows in Vet Tool #209

Open
UtkarshKher opened this issue Apr 25, 2024 · 2 comments
Open

Feature Request: Support for GitHub Actions and similar workflows in Vet Tool #209

UtkarshKher opened this issue Apr 25, 2024 · 2 comments

Comments

@UtkarshKher
Copy link

Hey Team,

I'd like to suggest adding support for scanning GitHub Actions and similar workflows in the vet tool. Given their widespread usage, ensuring their security is crucial, especially for open-source projects.
@abhisek
Copy link
Member

abhisek commented Apr 25, 2024
edited

@UtkarshKher Thanks for the suggestion. It will take some work to do it because the internal data models for vet is specific to handling package dependencies and not general enough to handle something like GHA YAML.

I will explore how this can be supported. It will be great if you can share a bit more information on how do you want to use this feature. Feel free to provide example vet command line demonstrating how this feature should look like from end user experience perspective.

@UtkarshKher
Copy link
Author

@abhisek It could either be part of the whole scan or, rather, we can have an additional option, say -G, to run Github action scans. Also, it would be good if it could accept both URLs and directory-level input.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@abhisek @UtkarshKher