mirror of
https://github.com/systemd/systemd.git
synced 2025-03-08 08:58:27 +03:00
ci: Report results from CIFuzz using SARIF
Upload results from CIFuzz using SARIF. This will allow CIFuzz to report issues in the security tab. This is a better UI than having to look through logs. TODO(google/oss-fuzz#10452): Add proper descriptions of UBSAN bugs.
This commit is contained in:
parent
150231d25d
commit
56595a3730
12
.github/workflows/cifuzz.yml
vendored
12
.github/workflows/cifuzz.yml
vendored
@ -35,6 +35,9 @@ jobs:
|
||||
include:
|
||||
- sanitizer: address
|
||||
architecture: i386
|
||||
permissions:
|
||||
security-events: write
|
||||
|
||||
steps:
|
||||
- name: Build Fuzzers (${{ matrix.sanitizer }})
|
||||
id: build
|
||||
@ -47,6 +50,7 @@ jobs:
|
||||
keep-unaffected-fuzz-targets: true
|
||||
sanitizer: ${{ matrix.sanitizer }}
|
||||
architecture: ${{ matrix.architecture }}
|
||||
output-sarif: true
|
||||
- name: Run Fuzzers (${{ matrix.sanitizer }})
|
||||
uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master
|
||||
with:
|
||||
@ -54,9 +58,17 @@ jobs:
|
||||
fuzz-seconds: 600
|
||||
dry-run: false
|
||||
sanitizer: ${{ matrix.sanitizer }}
|
||||
output-sarif: true
|
||||
- name: Upload Crash
|
||||
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce
|
||||
if: failure() && steps.build.outcome == 'success'
|
||||
with:
|
||||
name: ${{ matrix.sanitizer }}-${{ matrix.architecture }}-artifacts
|
||||
path: ./out/artifacts
|
||||
- name: Upload Sarif
|
||||
if: always() && steps.build.outcome == 'success'
|
||||
uses: github/codeql-action/upload-sarif@0225834cc549ee0ca93cb085b92954821a145866
|
||||
with:
|
||||
# Path to SARIF file relative to the root of the repository
|
||||
sarif_file: cifuzz-sarif/results.sarif
|
||||
checkout_path: cifuzz-sarif
|
||||
|
Loading…
x
Reference in New Issue
Block a user