A GitHub action to detect vulnerable regex in a pull request.
Add the following to your workflow configuration:
...
- name: Checkout repository
uses: actions/checkout@v2
with:
fetch-depth: '0'
- name: Scan for redos
uses: meekdenzo/[email protected]
...
Note that fetch-depth: '0'
Your full basic workflow should look something like this:
name: vuln-regex-detector
on: [workflow_dispatch]
jobs:
build:
name: Scan for redos
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v2
with:
fetch-depth: '0'
- name: Scan for redos
uses: meekdenzo/[email protected]