feat(ci): olympix scan integration (circlefin#49)

Summary: Introduces a new Github Action workflow to integrate the Olympix Static Analysis tool for Solidity code scanning. - Adds .github/workflows/ci-olympix.yml that uses a reusable workflow from [security-seceng-templates](https://github.com/circlefin/security-seceng-templates/blob/master/.github/workflows/olympix_scan.yml) - Workflow is triggered on every pull request as well as scheduled on a weekly basis.(Monday)
grantmike · Jan 23, 2025 · 3d6c2ce · 3d6c2ce
1 parent 7591b34
commit 3d6c2ce
Show file tree

Hide file tree

Showing 3 changed files with 31 additions and 10 deletions.
diff --git a/.github/workflows/ci-olympix.yml b/.github/workflows/ci-olympix.yml
@@ -0,0 +1,13 @@
+name: "Olympix Scan"
+on:
+  pull_request:
+    branches: [ "master" ]
+  workflow_dispatch:
+  schedule:
+    - cron: '31 14 * * 1' # Every Monday 2:31PM UTC
+
+jobs:
+  run_olympix:
+    if: ${{ github.repository_owner == 'circlefin' }}
+    uses: circlefin/security-seceng-templates/.github/workflows/olympix_scan.yml@v1
+
diff --git a/.vscode/settings.json b/.vscode/settings.json
@@ -1,12 +1,14 @@
 {
-    "editor.formatOnSave": true,
-    "solidity.compilerOptimization": 200,
-    "solidity.enabledAsYouTypeCompilationErrorCheck": true,
-    "solidity.compileUsingRemoteVersion": "v0.7.6+commit.7338295f",
-    "solidity.formatter": "prettier",
-    "solidity.linter": "solhint",
-    "solidity.validationDelay": 1500,
-    "[solidity]": {
-      "editor.tabSize": 4,
-    }
+  "editor.formatOnSave": true,
+  "solidity.compilerOptimization": 200,
+  "solidity.enabledAsYouTypeCompilationErrorCheck": true,
+  "solidity.compileUsingRemoteVersion": "v0.7.6+commit.7338295f",
+  "solidity.formatter": "prettier",
+  "solidity.linter": "solhint",
+  "solidity.validationDelay": 1500,
+  "[solidity]": {
+    "editor.tabSize": 4,
+  },
+  "security.olympix.project.includePath": "/src",
+  "security.olympix.project.testsPath": "/test"
 }
diff --git a/README.md b/README.md
@@ -53,6 +53,12 @@ Run `make analyze-{message-transmitter | message-transmitter-v2 | token-messenge
 
 We use Github actions to run linter and all the tests. The workflow configuration can be found in [.github/workflows/ci.yml](.github/workflows/ci.yml)
 
+### Manual Triggering of the Olympix CI Workflow for Security Alerts
+You can manually trigger the Olympix.ai Code Scanning workflow using the `workflow_dispatch` feature of GitHub Actions.
+1. Click on the `Actions` tab.
+2. In the left sidebar, select `Olympix Scan`.
+3. Select the branch & click on the `Run workflow` button.
+
 ### Alternative Installations
 
 #### Docker + Foundry