Use this action to scan a Git repository with Find Security Bugs, a SpotBugs plugin. The Find Security Bugs plugin detects security vulnerabilities in:
-
Java web applications.
-
Android applications.
-
Kotlin, Groovy, and Scala projects.
You can also use the action output as a quality gate for the next step or job in your workflow.
All CloudBees action repositories are listed at CloudBees, Inc. on GitHub. |
Inputs
Input name | Data type | Required? | Description | ||
---|---|---|---|---|---|
|
String |
Yes |
The path of the binary to be scanned.
|
Outputs
Output name | Data type | Description |
---|---|---|
|
String |
The number of Critical security findings discovered during the scan. |
|
String |
The number of Very high security findings discovered during the scan. |
|
String |
The number of High security findings discovered during the scan. |
|
String |
The number of Medium security findings discovered during the scan. |
|
String |
The number of Low security findings discovered during the scan. |
Usage examples
Basic example
The following is a basic example of using the action:
- name: Scan with findsecbugs SAST scanner uses: cloudbees-io/findsecbugs-hybrid-plugin@v1 with: binary-tar-path: /path/to/binary.tar
Using the action output
Access the output values in downstream steps and jobs using the outputs
context.
Use the output in your workflow as follows, where <action_step_ID>
is the action step ID, and <severity>
is an output parameter name, such as critical-count
:
${{steps.<action_step_ID>.outputs.<severity>}}
The following example uses the action output in a downstream step of the same job:
The following example uses the action output in a downstream job: