Documentation
¶
Overview ¶
Package actionsx extracts GitHub Actions dependencies from workflow and action manifests.
It inventories:
- Step-level uses statements in .github/workflows/*.yml|yaml
- Job-level reusable workflow uses statements
- Local composite actions referenced via uses: ./path (recursively)
- Local reusable workflows referenced via jobs.<id>.uses: ./...yml
- Docker actions referenced via docker://... and runs.image docker://...
The extractor is offline and performs no network fetches; remote actions are represented as packages with PURL type "github" so downstream enrichment can query OSV and licenses.
Index ¶
Constants ¶
View Source
const (
// Name is the internal plugin identifier.
Name = "github/actions"
)
Variables ¶
This section is empty.
Functions ¶
Types ¶
type Extractor ¶
type Extractor struct{}
Extractor implements an OSV-Scalibr filesystem extractor for GitHub Actions.
func (Extractor) Extract ¶
func (Extractor) Extract(ctx context.Context, input *filesystem.ScanInput) (inventory.Inventory, error)
Extract parses a workflow YAML and returns discovered action dependencies.
func (Extractor) FileRequired ¶
func (Extractor) FileRequired(api filesystem.FileAPI) bool
FileRequired limits extraction to workflow YAML files.
func (Extractor) Requirements ¶
func (Extractor) Requirements() *plugin.Capabilities
Requirements declares required capabilities; GitHub Actions scanning is filesystem-only.
type UsesMetadata ¶
UsesMetadata captures raw uses strings and any subpath.
Source Files
Click to show internal directories.
Click to hide internal directories.