This action uses irulescan to scan iRules within your repository for security issues during execution of a GitHub Actions Workflow.
This action scans all iRules in the repository and returns the result of findings in JSON format. The workflow step will not fail by default, hence the execution of the workflow job succeeds even when security issues are found. The goal is to provide the findings to let you choose what to do with them.
irulescan-action will scan files with .tcl, .irul, and .irule extensions by default. You can customize the file extensions using the file_extensions input parameter.
In the simplest form the below workflow scans iRules in the whole repository. Please take a look at the provided examples for more details.
jobs:
irulescan-action:
runs-on: ubuntu-latest
name: "Workflow"
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Run irulescan-action
uses: simonkowallik/irulescan-action@v3Some behavior can be modified, see inputs below.
All inputs are optional.
-
scandir: Usescandirto scan a custom subdirectory within the repository. -
expected_results_file: Specify a relative path (based on the GITHUB_WORKSPACE / your repo) to a JSON file with expected results. If the actual result of irulescan does not match the expected result, a diff will be returned and the job step will fail. -
file_extensions: Comma-separated list of file extensions to scan (default:.tcl,.irul,.irule). This allows you to customize which file types are scanned for iRules. -
cmd: Specify a custom command to execute within the container.
result:resultwill be populated with the output results. It can be accessed using${{ steps.<iruescan-action-step-id>.outputs.result }}.
The example/ folder contains example iRules and a JSON file with expected results.
.github/workflows contains several example workflows, click on the icons below to inspect the workflow:
