### GitHub Action: Basic WordPress Scan with Composer Source: https://github.com/10up/wp-scanner-action/blob/trunk/README.md A basic GitHub Actions workflow demonstrating the WordPress Scanner Action. It checks out code, runs the scanner with Patchstack for vulnerability checks, specifies the WordPress core version, and enables Composer dependency installation. ```yaml name: "PHP Syntax Check, virus scanning, and WP Plugins & Themes vulnerability scanning" on: push: branches: - "**" jobs: wp-scanner: runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v4 with: ref: ${{ github.ref }} - name: WordPress Scanner uses: 10up/wp-scanner-action@v1 with: vuln_api_provider: 'patchstack' vuln_api_token: ${{ secrets.PATCHSTACK_TOKEN }} content_dir: './' wp_core_version: '6.5.5' composer_build: 'true' ``` -------------------------------- ### GitHub Action: Scan WP Plugins/Themes Under Version Control Source: https://github.com/10up/wp-scanner-action/blob/trunk/README.md A GitHub Actions workflow example for scanning WordPress sites where plugins and themes are managed directly within the repository's `wp-content` directory. It configures the scanner to use a specific `content_dir` and a specified WordPress core version. ```yaml name: "PHP Syntax Check, virus scanning, and WP Plugins & Themes vulnerability scanning" on: push: branches: - "**" jobs: wp-scanner: runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v4 with: ref: ${{ github.ref }} - name: WordPress Scanner uses: 10up/wp-scanner-action@v1 with: vuln_api_provider: 'patchstack' vuln_api_token: ${{ secrets.PATCHSTACK_TOKEN }} content_dir: './wp-content' wp_core_version: '6.5.5' ``` -------------------------------- ### WordPress Scanner Action Inputs Source: https://github.com/10up/wp-scanner-action/blob/trunk/README.md Defines the configurable inputs for the WordPress Scanner GitHub Action. These parameters control the scanning behavior, including API provider selection, token authentication, disabling specific scans, and directory configurations. ```APIDOC vuln_api_provider: Required: False Default: "wordfence" Description: The vulnerability API provider for WordPress plugins and themes scanning. Supported values: `wordfence`, `patchstack`, `wpscan`. vuln_api_token: Required: False Default: - Description: API token for authentication against the vulnerability API provider. Optional if `vuln_api_provider` is `wordfence`. disable_vuln_scan: Required: False Default: "false" Description: Disables the WordPress plugins and themes vulnerability scanner. virus_scan_update: Required: False Default: "true" Description: Updates ClamAV definitions database before virus scanning (recommended). disable_virus_scan: Required: False Default: "false" Description: Disables the ClamAV virus scanner. phpsyntax_enable_debug: Required: False Default: "false" Description: Enables detailed output for PHP syntax checks, useful for troubleshooting. disable_phpsyntax_check: Required: False Default: "false" Description: Disables the PHP syntax checks. content_dir: Required: False Default: "$GITHUB_WORKSPACE" Description: Location of the `wp-content` directory. Set to `./` for `wp-content` based repositories. wp_core_version: Required: False Default: "latest" Description: WordPress core version for vulnerability scanner. Must match site version for accuracy. composer_build: Required: False Default: "false" Description: Installs Composer dependencies before scanning. Requires `composer.json` at root. Useful for Composer-managed plugins/themes. Does not affect deploy artifacts. no_fail: Required: False Default: "false" Description: Exits the scanner without failing even if issues are found. ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.