diff --git a/.github/workflows/quality-gate.yml b/.github/workflows/quality-gate.yml index d044fb6..1313a21 100644 --- a/.github/workflows/quality-gate.yml +++ b/.github/workflows/quality-gate.yml @@ -10,16 +10,15 @@ jobs: permissions: contents: read packages: read + security-events: write steps: - name: Checkout uses: actions/checkout@v3 - name: Use Node.js uses: actions/setup-node@v3 with: - always-auth: true cache: "npm" node-version: "18.x" - registry-url: https://npm.pkg.github.com - name: Install Foundry uses: foundry-rs/foundry-toolchain@v1 - name: Install Dependancies diff --git a/.github/workflows/security-gate.yml b/.github/workflows/security-gate.yml new file mode 100644 index 0000000..3aac6f6 --- /dev/null +++ b/.github/workflows/security-gate.yml @@ -0,0 +1,29 @@ +name: Quality Gate +on: + push: + +env: + NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} +jobs: + build_and_validate: + runs-on: ubuntu-latest + permissions: + contents: read + packages: read + security-events: write + steps: + - name: Checkout + uses: actions/checkout@v3 + - name: Install Foundry + uses: foundry-rs/foundry-toolchain@v1 + - name: Run Slither + uses: crytic/slither-action@v0.3.0 + id: slither + with: + sarif: results.sarif + fail-on: none + + - name: Upload SARIF file + uses: github/codeql-action/upload-sarif@v2 + with: + sarif_file: ${{ steps.slither.outputs.sarif }} diff --git a/slither.config.json b/slither.config.json index 24f2d7f..3ca0b1c 100644 --- a/slither.config.json +++ b/slither.config.json @@ -1,10 +1,10 @@ { - "filter_paths": ["lib", "test"], - "solc_remaps": [ - "ds-test/=lib/ds-test/src/", - "forge-std/=lib/forge-std/src/", - "@chainlink/=lib/chainlink-brownie-contracts/", - "@openzeppelin/=node_modules/@openzeppelin/" - ] - } - \ No newline at end of file + "solc_remaps": [ + "@std=lib/forge-std/src/", + "forge-std/=lib/forge-std/src/", + "@openzeppelin/=node_modules/@openzeppelin/", + "@chainlink/=node_modules/@chainlink/", + "@uniswap/=node_modules/@uniswap/", + "src/=src/" + ] +} \ No newline at end of file