Github action for running PSScriptAnalyzer and use ConvertToSARIF to generate a SARIF file.
To run this action add the step below in your GitHub Action:
- name: Run PSScriptAnalyzer
uses: microsoft/[email protected]
with:
path: .\
recurse: true
output: results.sarif
The above yaml code scans all the code in your repository and outputs the results to result.sarif
at the CWD.
See the input section for more info about the inputs.
- name: Run PSScriptAnalyzer
uses: psscriptanalyzer-action
with:
path:
customRulePath:
recurseCustomRulePath:
excludeRule:
includeDefaultRules:
includeRule:
severity:
recurse:
suppressedOnly:
fix:
enableExit:
settings:
output:
ignorePattern:
The inputs for the action. The inputs output
and ignorePattern
are action specific. The rest are mapped to the parameters of PSScriptAnalyzer.
Every input is of type string.
To provide an array follow the format '"value.fake", "value1.fake", ....'
Specifies the path to the scripts or module to be analyzed. Wildcard characters are supported. Default value is: .\
. More info here.
with:
path: .\
with:
path: .\src
Specifies the path to the scripts or module to be analyzed. Wildcard characters are supported. More info here.
with:
customRulePath: '".\customRule.ps1"'
with:
customRulePath: '".\customRule.ps1", "customRule2.ps1"'
Uses only the custom rules defined in the specified paths to the analysis. To still use the built-in rules, add the -IncludeDefaultRules switch. More info here.
with:
recurseCustomRulePath: true
with:
recurseCustomRulePath: false
Omits the specified rules from the Script Analyzer test. Wildcard characters are supported. More info here.
with:
# exclude one rule
excludeRule: '"PSAvoidLongLines"'
with:
# exclude multiple rules
excludeRule: '"PSAvoidLongLines", "PSAlignAssignmentStatement"'
Uses only the custom rules defined in the specified paths to the analysis. To still use the built-in rules, add the -IncludeDefaultRules switch. More info here.
with:
includeDefaultRules: true
with:
includeDefaultRules: false
Runs only the specified rules in the Script Analyzer test. More info here.
with:
# Include one rule
includeRule: '"PSAvoidUsingInvokeExpression"'
with:
# Include multiple rules
includeRule: '"PSAvoidUsingInvokeExpression", "PSAvoidUsingConvertToSecureStringWithPlainText"'
After running Script Analyzer with all rules, this parameter selects rule violations with the specified severity. More info here.
with:
# Report only rule violations with error severity
severity: '"Error"'
with:
# Report only rule violations with error and warning severity
severity: '"Error", "Warning"'
Script Analyzer on the files in the Path directory and all subdirectories recursively. More info here.
with:
recurse: true
with:
recurse: false
Returns rules that are suppressed, instead of analyzing the files in the path. More info here.
with:
suppressedOnly: true
with:
suppressedOnly: false
Fixes certain warnings which contain a fix in their DiagnosticRecord. More info here.
with:
fix: true
with:
fix: false
Exits PowerShell and returns an exit code equal to the number of error records. More info here.
with:
enableExit: true
with:
enableExit: false
File path that contains user profile or hash table for ScriptAnalyzer. Does not support passing a hashtable as an argument. More info here.
with:
settings: .\settings.psd1
File path that defines where the SARIF output will be stored.
with:
output: results.sarif
Exclude specific files from the SARIF results. Uses regex pattern.
with:
# Any file or folder that have the name test will not be present in the SARIF file.
ignorePattern: 'tests'
This repo has been populated by an initial template to help get you started. Please make sure to update the content to build a great experience for community-building.
As the maintainer of this project, please make a few updates:
- Improving this README.MD file to provide a great experience
- Updating SUPPORT.MD with content about this project's support experience
- Understanding the security reporting process in SECURITY.MD
- Remove this section from the README
This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.
When you submit a pull request, a CLA bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.
This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact [email protected] with any additional questions or comments.
This project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft trademarks or logos is subject to and must follow Microsoft's Trademark & Brand Guidelines. Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship. Any use of third-party trademarks or logos are subject to those third-party's policies.