metamask-mobile/.github/workflows/security-code-scanner.yml at 744503a00cb893a3d510a50e704256642a21a9cb · MetaMask/metamask-mobile · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
name: MetaMask Security Code Scanner

on:
  push:
    branches:
      - main
  pull_request:
    branches:
      - main
  workflow_dispatch:

jobs:
  run-security-scan:
    runs-on: ubuntu-latest
    permissions:
      actions: read
      contents: read
      security-events: write
    steps:
      - name: MetaMask Security Code Scanner
        uses: MetaMask/action-security-code-scanner@v1
        with:
          repo: ${{ github.repository }}
          paths_ignored: |
            tests/
            docs/
            .storybook/
            '**/*.test.js'
            '**/*.test.ts'
            '**/*.test.jsx'
            '**/*.test.tsx'
            '**/*.stories.tsx'
            '**/*.stories.js'
            '**/*.snap'
          rules_excluded: example
          project_metrics_token: ${{secrets.SECURITY_SCAN_METRICS_TOKEN}}
          slack_webhook: ${{ secrets.APPSEC_BOT_SLACK_WEBHOOK }}