MCPcopy Create free account
hub / github.com/github/gh-aw / validateWorkflowSecurity

Function validateWorkflowSecurity

pkg/cli/add_command.go:426–440  ·  view source on GitHub ↗
(resolved *ResolvedWorkflow, opts AddOptions)

Source from the content-addressed store, hash-verified

424}
425
426func validateWorkflowSecurity(resolved *ResolvedWorkflow, opts AddOptions) error {
427 if !opts.DisableSecurityScanner {
428 if findings := workflow.ScanMarkdownSecurity(string(resolved.Content)); len(findings) > 0 {
429 fmt.Fprintln(os.Stderr, console.FormatErrorMessage("Security scan failed for workflow"))
430 fmt.Fprintln(os.Stderr, workflow.FormatSecurityFindings(findings, resolved.Spec.WorkflowPath))
431 return fmt.Errorf("workflow '%s' failed security scan: %d issue(s) detected", resolved.Spec.WorkflowPath, len(findings))
432 }
433 if opts.Verbose {
434 fmt.Fprintln(os.Stderr, console.FormatSuccessMessage("Security scan passed"))
435 }
436 } else if opts.Verbose {
437 fmt.Fprintln(os.Stderr, console.FormatWarningMessage("Security scanning disabled"))
438 }
439 return nil
440}
441
442func resolveWorkflowTargetDir(opts AddOptions) (gitRoot, githubWorkflowsDir string, err error) {
443 gitRoot, err = gitutil.FindGitRoot()

Callers 1

addWorkflowWithTrackingFunction · 0.85

Calls 6

ScanMarkdownSecurityFunction · 0.92
FormatErrorMessageFunction · 0.92
FormatSecurityFindingsFunction · 0.92
FormatSuccessMessageFunction · 0.92
FormatWarningMessageFunction · 0.92
ErrorfMethod · 0.45

Tested by

no test coverage detected