name: SAPP Action author: Meta description: Post process static analysis results branding: icon: 'database' color: 'blue' inputs: filters-directory: description: Path to the filters directory containing your custom SAPP filters required: true artifact-handle: description: Artifact handle name used to save static analysis results required: true version: description: Version of sapp to be used. Default is latest. default: 'latest' required: false runs: using: "composite" steps: - name: Install Python uses: actions/setup-python@v2 with: python-version: '>=3.7' - name: Retrieve static analysis results uses: actions/download-artifact@v2 with: name: ${{inputs.artifact-handle}} path: ./ - name: Install SAPP run: | if [ ${{inputs.version}} = "latest" ]; then pip install fb-sapp else pip install fb-sapp==${{inputs.version}} fi shell: bash - name: Set up SAPP run: sapp update warning-codes ./taint-metadata.json shell: bash - name: Ingest static analysis results run: sapp analyze . shell: bash - name: Filter static analysis results run: | if [ -d "${{inputs.filters-directory}}" ] && [ -n "$(ls -A "${{inputs.filters-directory}}")" ]; then sapp filter issues 1 ${{inputs.filters-directory}} --output-format sarif > sarif.json else echo "Path '${{inputs.filters-directory}}' must exist and cannot be empty" exit 1 fi shell: bash - name: Saving filtered results in SARIF uses: actions/upload-artifact@v2 with: name: SARIF Results path: sarif.json if-no-files-found: error - name: Upload SARIF Results uses: github/codeql-action/upload-sarif@v1 with: sarif_file: sarif.json