{"id":12557364,"name":"MetaMask/action-security-code-scanner","ecosystem":"actions","description":"A GitHub action aggregating SAST tools to scan code for vulnerabilities","homepage":"","licenses":null,"normalized_licenses":[],"repository_url":"https://github.com/MetaMask/action-security-code-scanner","keywords_array":[],"namespace":"MetaMask","versions_count":8,"first_release_published_at":"2025-03-07T17:44:31.000Z","latest_release_published_at":"2025-11-27T12:57:12.000Z","latest_release_number":"v2.0.3","last_synced_at":"2026-01-08T23:23:12.539Z","created_at":"2025-12-06T07:30:53.570Z","updated_at":"2026-01-08T23:23:12.539Z","registry_url":"https://github.com/MetaMask/action-security-code-scanner","install_command":null,"documentation_url":null,"metadata":{"name":"Security Code Scanner","inputs":{"repo":{"description":"Repo to be scanned","required":true},"paths_ignored":{"description":"Comma delimited paths to ignore during scan","required":false},"rules_excluded":{"description":"Comma delimited IDs of rules to exclude","required":false},"mixpanel_project_token":{"description":"Mixpanel project token","required":false},"project_metrics_token":{"description":"Analytics token to log failed builds","required":false},"slack_webhook":{"description":"Slack webhook for notifications","required":false}},"runs":{"using":"composite","steps":[{"name":"Check out repo to scan","uses":"actions/checkout@v4","with":{"repository":"${{ inputs.repo }}","path":"${{ inputs.repo }}"}},{"name":"Set up Node.js","uses":"actions/setup-node@v4","with":{"node-version":20}},{"name":"Enable Corepack","run":"corepack enable","shell":"bash"},{"name":"Install dependencies","working-directory":"${{github.action_path}}","run":"yarn --immutable","shell":"bash"},{"name":"Check if GHAS is enabled","working-directory":"${{github.action_path}}","id":"advanced_security_check","env":{"GITHUB_TOKEN":"${{ github.token }}"},"run":"yarn run check-ghas","shell":"bash"},{"name":"CodeQL Scan","id":"codeql-scan","continue-on-error":true,"uses":"MetaMask/CodeQL-action@main","with":{"repo":"${{ inputs.repo }}","paths_ignored":"${{ inputs.paths_ignored }}","rules_excluded":"${{ inputs.rules_excluded }}"}},{"name":"Semgrep Scan","id":"semgrep-scan","continue-on-error":true,"uses":"MetaMask/Semgrep-action@main","with":{"paths_ignored":"${{ inputs.paths_ignored }}"}},{"name":"Determine Overall Scan Success","shell":"bash","env":{"CODEQL_SCAN_RESULT":"${{ steps.codeql-scan.outcome }}","SEMGREP_SCAN_RESULT":"${{ steps.semgrep-scan.outcome }}"},"run":"if [[ \"$CODEQL_SCAN_RESULT\" == \"failure\" || \"$SEMGREP_SCAN_RESULT\" == \"failure\" ]]; then\n  SCAN_RESULT='failure'\nelse\n  SCAN_RESULT=$CODEQL_SCAN_RESULT\nfi\necho \"SCAN_RESULT=$SCAN_RESULT\" \u003e\u003e $GITHUB_ENV\n"},{"name":"Post to a Slack channel","id":"slack","if":"${{ env.SCAN_RESULT == 'failure' \u0026\u0026 inputs.slack_webhook != '' }}","uses":"slackapi/slack-github-action@007b2c3c751a190b6f0f040e47ed024deaa72844","with":{"payload":"{\n  \"text\": \"Scan failed for run:https://github.com/${{inputs.repo}}/actions/runs/${{ github.run_id }}\",\n  \"channel\": \"#mm-appsec-tooling-notifications\"\n}\n"},"env":{"SLACK_WEBHOOK_URL":"${{ inputs.slack_webhook }}","SLACK_WEBHOOK_TYPE":"INCOMING_WEBHOOK"}},{"name":"Save run metadata to mixpanel","if":"${{ env.inputs.mixpanel_project_token != '' }}","working-directory":"${{github.action_path}}","env":{"MIXPANEL_PROJECT_TOKEN":"${{ inputs.mixpanel_project_token}}","RUN_REPO":"${{ inputs.repo }}","RUN_ID":"${{ github.run_id }}","CODEQL_SCAN_RESULT":"${{ env.SCAN_RESULT }}"},"run":"yarn run log-to-mixpanel","shell":"bash"},{"name":"Finish on failure","if":"${{ env.SCAN_RESULT == 'failure' }}","shell":"bash","run":"exit 1"}]},"default_branch":"main","path":null},"repo_metadata":{"id":224791491,"uuid":"715552491","full_name":"MetaMask/action-security-code-scanner","owner":"MetaMask","description":"A GitHub action aggregating SAST tools to scan code for vulnerabilities","archived":false,"fork":false,"pushed_at":"2025-11-28T15:07:29.000Z","size":208,"stargazers_count":8,"open_issues_count":4,"forks_count":4,"subscribers_count":51,"default_branch":"main","last_synced_at":"2025-11-29T13:32:26.342Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/MetaMask.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"github":null,"patreon":null,"open_collective":"metamask","ko_fi":null,"tidelift":null,"community_bridge":null,"liberapay":null,"issuehunt":null,"otechie":null,"custom":null}},"created_at":"2023-11-07T11:25:22.000Z","updated_at":"2025-11-28T11:40:26.000Z","dependencies_parsed_at":"2024-02-27T19:31:21.618Z","dependency_job_id":"f4f51d77-d290-4d6f-a2d7-b82d794c5af5","html_url":"https://github.com/MetaMask/action-security-code-scanner","commit_stats":null,"previous_names":["metamask/security-code-scanner","metamask/action-security-code-scanner"],"tags_count":8,"template":false,"template_full_name":null,"purl":"pkg:github/MetaMask/action-security-code-scanner","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MetaMask%2Faction-security-code-scanner","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MetaMask%2Faction-security-code-scanner/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MetaMask%2Faction-security-code-scanner/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MetaMask%2Faction-security-code-scanner/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/MetaMask","download_url":"https://codeload.github.com/MetaMask/action-security-code-scanner/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MetaMask%2Faction-security-code-scanner/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":27537990,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-12-06T02:00:06.463Z","response_time":60,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"repo_metadata_updated_at":"2025-12-06T08:41:51.204Z","dependent_packages_count":0,"downloads":null,"downloads_period":null,"dependent_repos_count":0,"rankings":{"downloads":null,"dependent_repos_count":6.932532433352943,"dependent_packages_count":0.0,"stargazers_count":null,"forks_count":null,"docker_downloads_count":null,"average":3.4662662166764715},"purl":"pkg:githubactions/MetaMask/action-security-code-scanner","advisories":[],"docker_usage_url":"https://docker.ecosyste.ms/usage/actions/MetaMask/action-security-code-scanner","docker_dependents_count":null,"docker_downloads_count":null,"usage_url":"https://repos.ecosyste.ms/usage/actions/MetaMask/action-security-code-scanner","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/actions/MetaMask/action-security-code-scanner/dependencies","status":"removed","funding_links":["https://opencollective.com/metamask"],"critical":null,"issue_metadata":null,"versions_url":"https://packages.ecosyste.ms/api/v1/registries/github%20actions/packages/MetaMask%2Faction-security-code-scanner/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/github%20actions/packages/MetaMask%2Faction-security-code-scanner/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/github%20actions/packages/MetaMask%2Faction-security-code-scanner/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/github%20actions/packages/MetaMask%2Faction-security-code-scanner/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/github%20actions/packages/MetaMask%2Faction-security-code-scanner/codemeta","maintainers":[]}