This action posts the code and a SAST report to the Mobb vulnerability analysis engine and links the URL of the fix report to the PR. If you are using this on a private repo then the Mobb user the API key belongs to must have access to the repo and must approve github access for the user on the Mobb platform beforehand.
Required The full path of the SAST report file.
Required The Mobb API key to use with the action.
Required The GitHub api token to use with the action. Usually available as ${{ secrets.GITHUB_TOKEN }}.
The Mobb fix report URL.
on: [pull_request]
jobs:
test_job:
runs-on: ubuntu-latest
steps:
# To use this action,
# you must check out the repository
- name: Checkout
uses: actions/checkout@v3
- run: |
# Run a SAST scan using a supprted tool, Snyk as an example
npx snyk auth ${{ secrets.SNYK_API_KEY }}
! npx snyk code test --sarif-file-output=/home/runner/report.json ./
shell: bash -l {0}
- name: Mobb action step
uses: mobb-dev/action@v1
with:
report-file: "/home/runner/report.json"
api-key: ${{ secrets.MOBB_API_TOKEN }}
github-token: ${{ secrets.GITHUB_TOKEN }}