File tree Expand file tree Collapse file tree 1 file changed +53
-0
lines changed Expand file tree Collapse file tree 1 file changed +53
-0
lines changed Original file line number Diff line number Diff line change 1+ # This workflow uses actions that are not certified by GitHub.
2+ # They are provided by a third-party and are governed by
3+ # separate terms of service, privacy policy, and support
4+ # documentation.
5+ # clj-watson scans dependencies in a clojure deps.edn
6+ # seeking for vulnerable direct/transitive dependencies and
7+ # build a report with all the information needed to help you
8+ # understand how the vulnerability manifest in your software.
9+ # More details at https://github.com/clj-holmes/clj-watson
10+
11+ name : clj-watson
12+
13+ on :
14+ push :
15+ branches : [ "main" ]
16+ pull_request :
17+ # The branches below must be a subset of the branches above
18+ branches : [ "main" ]
19+ schedule :
20+ - cron : ' 34 9 * * 3'
21+
22+ permissions :
23+ contents : read
24+
25+ jobs :
26+ clj-holmes :
27+ name : Run clj-watson scanning
28+ runs-on : ubuntu-latest
29+ permissions :
30+ contents : read
31+ security-events : write
32+ steps :
33+ - name : Checkout code
34+ uses : actions/checkout@v2
35+
36+ - name : Dependency scan
37+ uses : clj-holmes/clj-watson-action@39b8ed306f2c125860cf6e69b6939363689f998c
38+ with :
39+ clj-watson-sha : " 65d928c"
40+ clj-watson-tag : " v4.0.1"
41+ database-strategy : github-advisory
42+ aliases : clojure-lsp,test
43+ deps-edn-path : deps.edn
44+ suggest-fix : true
45+ output-type : sarif
46+ output-file : clj-watson-results.sarif
47+ fail-on-result : false
48+
49+ - name : Upload analysis results to GitHub
50+ uses : github/codeql-action/upload-sarif@v2
51+ with :
52+ sarif_file : ${{github.workspace}}/clj-watson-results.sarif
53+ wait-for-processing : true
You can’t perform that action at this time.
0 commit comments