Skip to content

The action integrates Electronegativity, a tool to identify misconfigurations and security anti-patterns in Electron applications, into GitHub CI/CD.

Notifications You must be signed in to change notification settings

doyensec/electronegativity-action

Use this GitHub action with your project
Add this Action to an existing workflow or create a new one
View on Marketplace

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

20 Commits
 
 
 
 

Repository files navigation

Electronegativity GitHub Action

The action integrates Electronegativity, a tool to identify misconfigurations and security anti-patterns in Electron applications, into GitHub CI/CD. It produces a GitHub compatible SARIF file for uploading to the repository 'Code scanning alerts'.

Usage examples

on: 
  push:
    
jobs:
  build_job:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      
      - uses: actions/setup-node@v2
        with:
          node-version: '12'

      - uses: doyensec/electronegativity-action@v2

      - name: Upload sarif
        uses: github/codeql-action/upload-sarif@v1
        with:
          sarif_file: ../electronegativity_results

FAQ

Q:

I'm getting checkPermissions Missing write access to /usr/local/lib/node_modules

A:

Add the following lines in your workflow before the action:

- uses: actions/setup-node@v2
  with:
    node-version: '12' # or the node version you need

See https://docs.npmjs.com/resolving-eacces-permissions-errors-when-installing-packages-globally for other possible solutions.

Q:

I'm running into the Fatal Error JavaScript heap out of memory

A:

Specify additional memory with node arguments:

- uses: doyensec/[email protected]
  with:
    node-args: "--max-old-space-size=4096"

About

The action integrates Electronegativity, a tool to identify misconfigurations and security anti-patterns in Electron applications, into GitHub CI/CD.

Resources

Stars

Watchers

Forks

Packages

No packages published