From bec41addeba5fb4af88a686e1c3e6d3f2bde66ab Mon Sep 17 00:00:00 2001 From: Eric Durand-Tremblay Date: Wed, 19 Jan 2022 16:02:12 -0500 Subject: [PATCH] PHP Taint analysis --- .github/workflows/psalm-security-scan.yml | 22 ---------------------- .github/workflows/psalm-taint-analysis.yml | 16 ++++++++++++++++ composer.json | 6 +++++- 3 files changed, 21 insertions(+), 23 deletions(-) delete mode 100644 .github/workflows/psalm-security-scan.yml create mode 100644 .github/workflows/psalm-taint-analysis.yml diff --git a/.github/workflows/psalm-security-scan.yml b/.github/workflows/psalm-security-scan.yml deleted file mode 100644 index ddd67339..00000000 --- a/.github/workflows/psalm-security-scan.yml +++ /dev/null @@ -1,22 +0,0 @@ -name: Psalm Security Scan - -on: - push: - branches: - - master - -jobs: - psalm: - name: Psalm - runs-on: ubuntu-latest - steps: - - name: Checkout code - uses: actions/checkout@v2 - - - name: Psalm Security Scan - uses: docker://ghcr.io/psalm/psalm-security-scan - - - name: Upload Security Analysis results to GitHub - uses: github/codeql-action/upload-sarif@v1 - with: - sarif_file: results.sarif diff --git a/.github/workflows/psalm-taint-analysis.yml b/.github/workflows/psalm-taint-analysis.yml new file mode 100644 index 00000000..a1408989 --- /dev/null +++ b/.github/workflows/psalm-taint-analysis.yml @@ -0,0 +1,16 @@ +name: Psalm Taint analysis + +on: + push: + branches: + - master + +jobs: + psalm-taint-analysis: + uses: equisoft-actions/php-workflows/.github/workflows/psalm-taint-analysis.yml@v1.0.0 + with: + php-version: '7.4' + extensions: gearman, pcov + secrets: + gpr-key: ${{ secrets.GPR_KEY }} + diff --git a/composer.json b/composer.json index e072fdee..e698e380 100644 --- a/composer.json +++ b/composer.json @@ -44,6 +44,10 @@ "config": { "platform": { "php": "7.4" - } + }, + "allow-plugins": { + "composer/package-versions-deprecated": true, + "dealerdirect/phpcodesniffer-composer-installer": true + } } }