chore(deps): lock file maintenance (#415) #148

Workflow file for this run

.github/workflows/security-scan.yml at 228920b

	name: Security Scans

	on:
	schedule:
	# Run security checks every day at 2 AM UTC
	- cron: "0 2 * * *"
	workflow_dispatch:
	push:
	branches:
	- master
	- release**

	permissions: {}

	jobs:
	zizmor-scan:
	runs-on: ubuntu-latest
	permissions:
	contents: read
	security-events: write # Needed to upload the results to code-scanning dashboard
	steps:
	- name: Checkout code
	uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
	with:
	persist-credentials: false
	- name: Run Zizmor scan
	uses: open-edge-platform/geti-ci/actions/zizmor@c2bb2697178bb2e50014420aef2351a45749b925
	with:
	scan-scope: "all"
	severity-level: "LOW"
	confidence-level: "LOW"
	fail-on-findings: false # reports only

	bandit-scan:
	runs-on: ubuntu-latest
	permissions:
	contents: read
	security-events: write # Needed to upload the results to code-scanning dashboard
	steps:
	- name: Checkout code
	uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
	with:
	persist-credentials: false
	- name: Run Bandit scan
	uses: open-edge-platform/geti-ci/actions/bandit@c2bb2697178bb2e50014420aef2351a45749b925
	with:
	scan-scope: "all"
	severity-level: "LOW"
	confidence-level: "LOW"
	config_file: "pyproject.toml"
	fail-on-findings: false # reports only

	trivy-scan:
	runs-on: ubuntu-latest
	permissions:
	contents: read
	security-events: write # Needed to upload the results to code-scanning dashboard
	steps:
	- name: Checkout code
	uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
	with:
	persist-credentials: false
	- name: Run Trivy scan
	id: trivy
	uses: open-edge-platform/geti-ci/actions/trivy@c2bb2697178bb2e50014420aef2351a45749b925
	with:
	scan_type: "fs"
	scan-scope: all
	severity: LOW
	scanners: "vuln,secret,config"
	format: "sarif"
	timeout: "15m"
	ignore_unfixed: "false"

	semgrep-scan:
	runs-on: ubuntu-latest
	permissions:
	contents: read
	security-events: write # Needed to upload the results to code-scanning dashboard
	steps:
	- name: Checkout code
	uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
	with:
	persist-credentials: false
	- name: Run Semgrep scan
	id: semgrep
	uses: open-edge-platform/geti-ci/actions/semgrep@c2bb2697178bb2e50014420aef2351a45749b925
	with:
	scan-scope: "all"
	severity: "LOW"
	fail-on-findings: false # reports only

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore(deps): lock file maintenance (#415) #148

Workflow file

chore(deps): lock file maintenance (#415) #148

Uh oh!

Jobs

Run details

Workflow file for this run