Spaces:
Sleeping
Sleeping
File size: 1,171 Bytes
95cbc5b | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 | name: "CommitGuard Scan"
description: "AI-paced vulnerability scanning for code commits."
inputs:
model:
description: "The Hugging Face model ID or path to use for scanning"
required: false
default: "inmodel-labs/commitguard-llama-3b"
fail-on-vulnerable:
description: "Fail the workflow if a vulnerability is found (true/false)"
required: false
default: "true"
github_token:
description: "GitHub token for PR scanning"
required: false
default: ${{ github.token }}
runs:
using: "docker"
image: "Dockerfile"
args:
- "bash"
- "-c"
- |
pip install -e .[scan]
FAIL_ARG=""
if [ "${{ inputs.fail-on-vulnerable }}" = "true" ]; then
FAIL_ARG="--fail-on-vulnerable"
fi
# In a PR context, scan the PR diff. Otherwise, scan HEAD.
if [ "${{ github.event_name }}" = "pull_request" ]; then
# Needs gh cli or fetching diff manually. For simplicity, scan the latest commit.
commitguard scan --commit HEAD --format text $FAIL_ARG --model ${{ inputs.model }}
else
commitguard scan --commit HEAD --format text $FAIL_ARG --model ${{ inputs.model }}
fi
|