slither-action icon indicating copy to clipboard operation
slither-action copied to clipboard
verified publisher icon crytic

[Bug-Candidate]: Foundry project with node module dependencies can not be analyzed in github action.

Open Supeeerpower opened this issue 3 months ago • 1 comments

Describe the issue:

I am running slither check in my github ci workflow, but can't pass due to some issues. The main problem is that my foundry project is using node module dependencies, not gitsubmodules. And seems like slither is not able to build or use build-info in out directory.

Code example to reproduce the issue:

https://github.com/Lay3rLabs/poa-middleware/blob/feat/ci-workflow/.github/workflows/slither.yml

https://github.com/Lay3rLabs/poa-middleware/actions/runs/17726391325/job/50367849144?pr=10

Version:

0.11.3

Relevant log output:

https://github.com/Lay3rLabs/poa-middleware/actions/runs/17726391325/job/50367849144?pr=10

Supeeerpower avatar Sep 15 '25 08:09 Supeeerpower

Hi! It looks like you're not doing a foundry build with build info; you need to replicate the build the way crytic-compile does it when you use ignore-compile: https://github.com/crytic/crytic-compile/blob/master/crytic_compile/platform/foundry.py#L56-L61

In other words consider changing your workflow as follows:

      - name: Run Forge build
        run: |
          cd contracts && forge build --build-info
        id: build

Also make sure everything works locally before trying to use the action; if you hit any other issues locally please open an issue on the crytic/slither repository.

elopez avatar Sep 15 '25 12:09 elopez