storm-stack/.github/workflows/security.yml at 389d9f4a5346c414d0424a2d9db19468f9d7eec2 · storm-software/storm-stack · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
name: Security Scan

on:
  pull_request:
  push:
    branches:
      - main
      - canary
      - experimental
    paths-ignore:
      - "**/*.md"
      - ".all-contributorsrc"

concurrency:
  group: ${{ github.workflow }}-${{ github.event.number || github.ref }}
  cancel-in-progress: true

jobs:
  file-system-scan:
    name: Vulnerability scanning - File system
    uses: storm-software/storm-ops/.github/workflows/security-reusable.yml@main
    permissions:
      contents: read
      security-events: write
    with:
      scan-type: "fs"
      format: "sarif"
      exit-code: 0
      publish: true

  config-scan:
    name: Vulnerability scanning - Config
    uses: storm-software/storm-ops/.github/workflows/security-reusable.yml@main
    permissions:
      contents: read
      security-events: write
    with:
      scan-type: "config"
      format: "sarif"
      exit-code: 0
      publish: true