docker-json/.github/workflows/msdo.yml at f9e9f528963061764d1409b7c9538680995b644c · leplusorg/docker-json · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
---
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.

name: MSDO

on:
  push:
    branches: ["main"]
  pull_request:
    branches: ["main"]
  schedule:
    - cron: "0 0 * * 0"

permissions: {}

jobs:
  lint:
    name: MSDO
    runs-on: windows-latest
    permissions:
      security-events: write
    steps:
      - name: Checkout code
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

      - name: Run Microsoft Security DevOps scanner
        uses: microsoft/security-devops-action@08976cb623803b1b36d7112d4ff9f59eae704de0 # v1.12.0
        id: msdo

      - name: Upload MSDO scan results to GitHub Security tab
        uses: github/codeql-action/upload-sarif@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16
        with:
          sarif_file: ${{ steps.msdo.outputs.sarifFile }}