Update security scan workflow

svc-security-workflows · svc-security-workflows · commit 6241a256e529 · 2024-11-19T18:09:44.000Z
diff --git a/.github/workflows/security-workflow.yml b/.github/workflows/security-workflow.yml
@@ -0,0 +1,42 @@
+# Do not modify!  This file is managed through automation.
+# Contact Security Engineering in #security-engineering.
+
+name: Security
+on:
+  schedule:
+    - cron: '15 0 * * 0'
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
+    branches:
+      - master
+      - 'release**'
+      - 'production**'
+  push:
+    branches:
+      - master
+      - 'release**'
+      - 'production**'
+  workflow_dispatch:
+
+jobs:
+  code-scan:
+    name: Code
+    if: ${{ github.event_name != 'pull_request' || !github.event.pull_request.draft }}
+    uses: Addepar/security-workflows/.github/workflows/security-scan-code.yml@main
+    secrets: inherit
+
+  library-scan:
+    name: Library
+    if: ${{ github.event_name != 'pull_request' || !github.event.pull_request.draft }}
+    uses: Addepar/security-workflows/.github/workflows/security-scan-library.yml@main
+    secrets: inherit
+
+  configuration-scan:
+    name: Configuration
+    if: ${{ github.event_name != 'pull_request' || !github.event.pull_request.draft }}
+    uses: Addepar/security-workflows/.github/workflows/security-scan-configuration.yml@main
+    secrets: inherit
