paradoxlabs/github-actions-magento2
3
0
Fork 0
mirror of https://github.com/graycoreio/github-actions-magento2.git synced 2026-06-08 19:46:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(sansec-ecomscan): add sansec ecomscan feature (#235)

Browse Source
This commit is contained in:
Damien Retzinger
2026-05-05 11:56:14 -04:00
committed by GitHub
parent c115395583
commit 3c0a90f92b
3 changed files with 154 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
sansec-ecomscan/README.md
+34
View File
@@ -0,0 +1,34 @@
# Sansec eComscan Security Scan Action
A Github Action that runs the [Sansec eComscan](https://sansec.io/ecomscan) security scanner.
## Inputs
See the [action.yml](./action.yml)
## Usage
The caller is responsible for checking out the repository before calling this action. A valid Sansec license key must be passed via the `ecomscan_key` input.
The `path` input should point to the root of the Magento installation — the directory that contains `app/`, `vendor/`, etc. It defaults to `.` (the current working directory).
```yml
name: Sansec eComscan Security Scan
on:
push:
pull_request_target:
workflow_dispatch:
jobs:
run-ecomscan:
# Skip if it's a push event on a PR (it can't access secrets)
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- uses: graycoreio/github-actions-magento2/sansec-ecomscan@7.1.0
with:
license: ${{ secrets.SANSEC_LICENSE_KEY }}
```
sansec-ecomscan/action.yml
+47
View File
@@ -0,0 +1,47 @@
name: "Sansec eComscan Security Scan"
author: "Graycore"
description: "A Github Action that runs the Sansec eComscan security scanner."
inputs:
license:
required: true
description: "Sansec license key (ECOMSCAN_KEY)"
path:
required: true
default: '.'
description: "The directory to scan."
skip_database:
required: false
default: 'true'
description: "Skip the database scan (--skip-database). Defaults to true."
runs:
using: composite
steps:
- name: Download eComscan
shell: bash
run: wget https://ecomscan.com/downloads/linux-amd64/ecomscan
- name: Fix permissions
shell: bash
run: chmod +x ecomscan
- name: Run eComscan
shell: bash
env:
ECOMSCAN_KEY: ${{ inputs.license }}
run: |
FLAGS=(--no-auto-update --deep --format=csv)
[ "${{ inputs.skip_database }}" = "true" ] && FLAGS+=(--skip-database)
output=$(./ecomscan "${FLAGS[@]}" "${{ inputs.path }}")
if [ -n "$output" ]; then
echo "Security issues found:"
echo "$output"
exit 1
fi
branding:
icon: "shield"
color: "red"