Add a Nosey Parker GitHub Action #26
Comments
|
Another GitHub Action that uses SARIF to share its findings: https://github.com/redhat-plumbers-in-action/differential-shellcheck |
|
Hey @bradlarsen I've created https://github.com/bpsizemore/noseyparker-action - we have just started integrating it into our private CI/CD flows. I'm happy to work with the Praetorian team to make any improvements or changes that make sense. I've tried to make it as flexible as possible and create a straightforward way to use custom rulesets to reduce noise. |
|
@bpsizemore That's great! Thanks for the pointer; I will take a closer look at what you've built. Is this GitHub integration something you have any interest in incorporating upstream, or would you like to maintain it separately? |
|
Happy to incorporate it upstream if you guys want to move it into the noseyparker repo or into a separate Praetorian repo. The docs on Github recommend keeping actions in a separate repository for readability and maintenance and if you want to publish it to the actions marketplace I believe you must have only one action per repository. I had toyed around with the idea of a "scan_local_repo" "scan_github_user" etc but if you wanted to build out more then you'd need to have a different repository per. |
|
@bpsizemore thanks for the pointer about GitHub Actions constraints — I wasn't aware of those restrictions. Longer-term I am interested in making a GitHub Actions such as what you've written an official part of Nosey Parker. But no rush on that, as I'm currently backlogged with some other work. |
Truffle Hog has a GitHub Action: https://github.com/marketplace/actions/trufflehog-oss
GitLeaks has a GitHub Action: https://github.com/gitleaks/gitleaks-action
Why not Nosey Parker?
The text was updated successfully, but these errors were encountered: