Performs Static analysis on Solidity codebases in CI to catch potential vulnerabilities before committing code. The main project that powers this is Adeyrn. Check it out for more information

1. Install the officially supported Aderyn VSCode Extension
2. Get comfortable with attending to the instant local feedback loop. (Acknowledge it either by fixing the issue or explicitly ignoring it)
3. Add the following to your CI to catch unacknowledged issues before merging PRs.

• Dependencies must be installed
• Project must compile successfully

- name: Aderyn Check
  uses: Cyfrin/aderyn-ci@v0
  with:
    fail-on: high

Available input variations:

• fail-on
• warn-on

The former fails the CI step while latter only emits warnings that can be seen in the Actions summary. Both can take up the following values - high, low or any

on: [push]

name: test

jobs:
  check:
    name: Foundry project
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          submodules: recursive

      - name: Install Foundry
        uses: foundry-rs/foundry-toolchain@v1
        with:
          version: stable

      - name: Run tests
        run: forge test -vvv

      - name: Aderyn Check
        uses: Cyfrin/aderyn-ci@v0
        with:
          fail-on: high