optimism icon indicating copy to clipboard operation
optimism copied to clipboard
verified publisher icon ethereum-optimism

EVM Engineering: make Slither useful again

Open smartcontracts opened this issue 1 year ago • 1 comments

We're planning to drop Slither from GitHub actions for now. Slither action hasn't been useful for a long time. We'd like to reintroduce Slither with the following modifications:

  • Slither runs in CI for new PRs, only looks at the PR diff, reports findings, and requires PRs to address the findings
  • Slither runs in CI on merge to develop and scans the entire repository

All of this is similar to semgrep.

Should be done in the Circle CI workflow instead of in GitHub actions.

smartcontracts avatar Oct 10 '24 16:10 smartcontracts

Should be done in the Circle CI workflow instead of in GitHub actions.

Note that we deliberately used github actions instead of CircleCI to leverage https://github.com/crytic/slither-action, which makes it easier for findings to be posted as comments and PRs + show up in the repo Security tab

mds1 avatar Oct 10 '24 17:10 mds1