Embold Github Actions uncovers potential bugs, vulnerabilities and hard-to-detect anti-patterns that make your code difficult to maintain and can lead to error-prone solutions.
Embold is an AI-based software analytics platform that helps teams analyse and improve software quality. It analyses source code across 4 dimensions: code issues, design issues, metrics and duplication, and surfaces issues which impact stability, robustness, security, and maintainability. The Embold Score helps teams understand risk areas and prioritise the most important fixes.
- You have Embold Enterprise License with version 1.9.2.0 and above.
- You have an Embold Access Token corresponding to your account
- The repository to be analysed is linked to Embold
- Languages supported: Java, C/C++, Objective C, SQL, HTML, Apex.
- Create remote repository on Embold UI and download its repository-configuration.json.
- Copy the downloaded repository-configuration.json to your base folder and replace the below values:
- "dataDir": "./EMBOLD_DATA",
- "baseDir": "$GITHUB_WORKSPACE", Commit the json file to your repository at the top level.
- Secrets: Secrets can be created at 2 levels
-
Repository level secret EMBOLD_TOKEN: This is required to authenticate access to Embold. You can set the EMBOLD_TOKEN environment variable in the "Secrets" settings page of your repository. For more details, refer EAT documentation here
-
Organization level secret EMBOLD_TOKEN: This is required to authenticate access to Embold. You can set the EMBOLD_TOKEN environment variable in the "Secrets" settings page of your organization. For more details, refer EAT documentation here
- The workflow is usually declared in .github/workflows/main.yaml, and looks like this:
on: [push]
jobs:
embold_scan_job:
runs-on: ubuntu-latest
name: Embold scan
steps:
- uses: actions/checkout@v2
- name: Embold scan step
id: embold
uses: embold/[email protected]
with:
embold-url: <Your Embold Server URL>
embold-token: ${{ secrets.EMBOLD_TOKEN }}
repo-config: '/github/workspace/repository-configuration.json'
repo-uid: <The Embold Repository UID>
# Uncomment the below line for verbose logging
# verbose: true
- Embold Github action will then scan your source code on push.
- Once the job is complete, scan results are available on the Embold server
Feel free to use Embold Community to give feedback, feature requests or reporting a bug.
Sources and documentation in this repository are released under the AGPL v3