spin/tools/modsurfer
Steve Manuel da1ed1eb9b
chore: add tools directory and include modsurfer
Signed-off-by: Steve Manuel <steve@dylib.so>
2023-04-03 22:38:05 -06:00
..
http chore: add tools directory and include modsurfer 2023-04-03 22:38:05 -06:00
redis chore: add tools directory and include modsurfer 2023-04-03 22:38:05 -06:00
README.md chore: add tools directory and include modsurfer 2023-04-03 22:38:05 -06:00

README.md

Modsurfer Module Validation

Using the Modsurfer tool to validate and scan your Spin modules is simple. Use the CLI or the GitHub Action to ensure compatibility with the Fermyon Cloud or self-hosted Platform, and check for security or performance concerns before you deploy your code.

The easiest way to start is by using the GitHub Action. Add the following to your project repository:

./github/workflows/modsurfer.yml

name: Modsurfer Validate - Fermyon
on: [push, pull_request]
jobs:
  check-validate:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: modsurfer validate
        uses: dylibso/modsurfer-validate-action@main
        with:
            path: path/to/your/module.wasm
            check: mod.yaml

And include a "checkfile" in a file called mod.yaml (or whichever file you've referenced in the check field above):

validate:
  url: https://raw.githubusercontent.com/fermyon/spin/main/tools/modsurfer/http/mod.yaml

The checkfile above uses a remote reference to ensure your Fermyon Spin project is compatible with the latest requirements of the Spin SDKs. This is based off the "http" templates. If you are using a different template, such as "redis", then find the related checkfile that matches the template you're using.