Skip to content
You're viewing an older version of this GitHub Action. Do you want to see the latest version instead?
check-circle

GitHub Action

Electronegativity

v1.1

Electronegativity

check-circle

Electronegativity

Electronegativity is a tool to identify misconfigurations and security anti-patterns in Electron applications

Installation

Copy and paste the following snippet into your .yml file.

              

- name: Electronegativity

uses: doyensec/[email protected]

Learn more about this action in doyensec/electronegativity-action

Choose a version

Electronegativity GitHub Action

The action integrates Electronegativity, a tool to identify misconfigurations and security anti-patterns in Electron applications, into GitHub CI/CD. It produces a GitHub compatible SARIF file for uploading to the repository 'Code scanning alerts'.

Usage examples

on: 
  push:
    
jobs:
  build_job:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      
      - uses: actions/setup-node@v2
        with:
          node-version: '12'

      - uses: doyensec/[email protected]

      - name: Upload sarif
        uses: github/codeql-action/upload-sarif@v1
        with:
          sarif_file: ../results

FAQ

Q:

I'm getting checkPermissions Missing write access to /usr/local/lib/node_modules

A:

Add the following lines in your workflow before the action:

- uses: actions/setup-node@v2
  with:
    node-version: '12' # or the node version you need

See https://docs.npmjs.com/resolving-eacces-permissions-errors-when-installing-packages-globally for other possible solutions.

Q:

I'm running into the Fatal Error JavaScript heap out of memory

A:

Specify additional memory with node arguments:

- uses: doyensec/[email protected]
  with:
    node-args: "--max-old-space-size=4096"