Skip to content

TateLyman/shipcheck-demo-app

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
.github
.github
 
 
src
src
 
 
.env.example
.env.example
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
SECURITY.md
SECURITY.md
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 
tsconfig.json
tsconfig.json
 
 

Repository files navigation

Shipcheck Demo App

ci shipcheck

This is a tiny demo repository for Shipcheck.

It intentionally contains common launch gaps that are safe to publish:

  • Supabase client usage without checked-in data-boundary proof
  • a debug API route that should not ship to production

The repository is not a real application and does not contain working credentials. It exists so builders can inspect how Shipcheck reports findings, writes SARIF, and uploads the result into GitHub code scanning.

Code scanning demo:

https://github.com/TateLyman/shipcheck-demo-app/security/code-scanning

Run

npx --yes shipcheck-cli . --format markdown

GitHub Action

The workflow in .github/workflows/shipcheck.yml runs:

- uses: TateLyman/shipcheck-action@v1
  with:
    format: sarif
    output: shipcheck.sarif
    fail-on: high
    strict: true

fail-on: high keeps this demo green while medium and low findings still appear in the report.

About

Demo app showing Shipcheck findings, SARIF output, and GitHub code scanning upload

tateprograms.com/shipcheck.html

Topics

security demo sarif github-actions launch-readiness shipcheck

Resources

Readme

License

MIT license

Security policy

Security policy
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages