Configuration file for the CI/CD
The SAFE Desktop App should generate a configuration for SAFE CI/CD, but you can also configure it manually.
The configuration file should be named config.json and should be placed in the .safe folder in the target Repository.
The configuration file should be a JSON object.
Project configuration
Example configuration for a project:
config.json
{
"output": ["stdio", "file"],
"version": "1.1",
"project": {
"name": "appname",
"type": "beam",
"apps": [
{
"name": "appname",
"additional_includes": []
},
{
"name": "appname2",
"additional_includes": []
}
],
"paths": [
"_build/prod/lib"
]
}
}
-
output: Available options:"stdio": Prints the results directly to standard output (console)."file"Saves the report file."sarif"Saves the vulnerabilities into a sarif file format.
-
project: A JSON object.name: The name of the project as string.type: The type of the project, currently"beam"is supported, that can be used for Erlang and Elixir projects as well.apps: A list of JSON objects, each object represents an application in the project. (Note: we are searching for apps recursively as well in thepaths)name: The name of the application as string.additional_includes: A list of strings, each string is a path to a directory that should be included in the analysis, that might not be included by default. These paths are relative to the project root.
paths: A list of strings, each string is a path to a directory where the applications are located.