action.yml

name: "NowSecure"
description: "The NowSecure Action delivers fast, accurate, automated security analysis of iOS and Android apps coded in any language"
author: "NowSecure Inc."
inputs:
  token:
    required: true
    description: "NowSecure Platform token."
  api_url:
    required: false
    description: "NowSecure GraphQL API endpoint."
    default: "https://api.nowsecure.com"
  lab_api_url:
    required: false
    description: "NowSecure Lab API endpoint."
    default: "https://lab-api.nowsecure.com"
  lab_url:
    required: false
    description: "NowSecure Lab URL."
    default: "https://lab.nowsecure.com"
  config_path:
    required: false
    description: "Path containing .nsconfig.yml"
    default: "."
  app_file:
    required: true
    description: "Application binary to scan on NowSecure. Must be an Android or iOS application."
  group_id:
    required: true
    description: "Group ID for the application in Platform."
  headstart_ms:
    required: false
    description: "Head start in milliseconds to give Platform before an application is polled for details. Default is 5 minutes."
    default: "300000"
  poll_interval_ms:
    required: false
    description: "Interval to poll Platform for application details. Default is once a minute."
    default: "60000"
  enable_sarif:
    required: false
    description: "Enable creation of a SARIF file."
    default: true
  enable_dependencies:
    required: false
    description: "Enable posting of dependencies results to GitHub."
    default: false
  github_token:
    required: false
    default: ${{ github.token }}
  github_correlator:
    required: false
    description: "Used for the correlator field in the SBOM format. Distinguishes independent Workflows."
    default: ${{ format('{0}_{1}', github.workflow, github.job) }}
runs:
  using: "node16"
  main: "dist/index.js"
branding:
  icon: alert-triangle
  color: red