Skip to content

A GitHub Action that automates the scanning of Java code, identifying the CWEs present in the vulnerable methods.

Notifications You must be signed in to change notification settings

andrenasx/J-TAS

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

J-TAS (Java Transformer-based Automated Scanner)

This action analysis Java files using a Deep Learning model and generates a report in Static Analysis Results Interchange Format (SARIF). The results can be seen in the Security tab of your repository.

We recommend using the actions/checkout action to check out your repository, and github/codeql-action/upload-sarif to upload the SARIF file. For more information on their usage, check the respective READMEs.

Usage

- uses: andrenasx/J-TAS@main
  with:
    # Paths to the directories containing the Java source files to analyze.
    # These paths are relative to the root of the repository, and separated by spaces when multiple paths are provided.
    # Example: 'src/main/java src/test/java'
    # Default: ''
    paths: ''

    # Paths of the the Java source files to analyze.
    # These paths are relative to the root of the repository, and separated by spaces when multiple paths are provided.
    # Example: 'src/main/java/example/HelloWorld.java src/test/java/example/HelloWorldTest.java'
    # Default: ''
    files: ''

When no paths nor files are provided, the action will analyze all Java files in the repository.

Workflow examples

Analyse the repository on every push

on: [push]
name: J-TAS analysis

jobs:
  jtas-analysis:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout this repo code
        uses: actions/checkout@v3

      - name: Run J-TAS
        uses: andrenasx/J-TAS@main

      - name: Upload J-TAS report
        uses: github/codeql-action/upload-sarif@v2
        with:
          sarif_file: results.sarif
          category: my-analysis-tool

Analyse specific files

on: [push]
name: J-TAS analysis

jobs:
  jtas-analysis:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout this repo code
        uses: actions/checkout@v3

      - name: Run J-TAS
        uses: andrenasx/J-TAS@main
        with:
          files: 'src/main/java/com/example/HelloWorld.java src/test/java/com/example/HelloWorldTest.java'

      - name: Upload J-TAS report
        uses: github/codeql-action/upload-sarif@v2
        with:
          sarif_file: results.sarif
          category: my-analysis-tool

Analyse specific directories

on: [push]
name: J-TAS analysis

jobs:
  jtas-analysis:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout this repo code
        uses: actions/checkout@v3

      - name: Run J-TAS
        uses: andrenasx/J-TAS@main
        with:
          paths: 'src/main/java/com/controller src/main/java/com/service'

      - name: Upload J-TAS report
        uses: github/codeql-action/upload-sarif@v2
        with:
          sarif_file: results.sarif
          category: my-analysis-tool

Analyse only the changed files

on: [push]
name: J-TAS analysis

jobs:
  jtas-analysis:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout repository code
        uses: actions/checkout@v3
        with:
          fetch-depth: 2

      - name: Process files changed in the current commit
        id: diff
        run: |
          changedFiles=$(git diff --name-only HEAD^)
          echo "files=${changedFiles//$'\n'/ }" >> "$GITHUB_OUTPUT"

      - name: Run J-TAS
        uses: andrenasx/J-TAS@main
        with:
          files: ${{ steps.diff.outputs.files }}

      - name: Upload J-TAS report
        uses: github/codeql-action/upload-sarif@v2
        with:
          sarif_file: results.sarif
          category: my-analysis-tool

About

A GitHub Action that automates the scanning of Java code, identifying the CWEs present in the vulnerable methods.

Topics

Resources

Stars

Watchers

Forks

Packages

No packages published