Skip to content

Commit ed8481b

Browse files
thomasleplusthomasleplus
committed
Switch to GitHub action
1 parent f2be5b9 commit ed8481b

File tree

1 file changed

+42
-20
lines changed

1 file changed

+42
-20
lines changed

.github/workflows/osv-scanner.yml

Lines changed: 42 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -1,27 +1,49 @@
11
---
2-
name: "OSV Scanner"
2+
# This workflow uses actions that are not certified by GitHub.
3+
# They are provided by a third-party and are governed by
4+
# separate terms of service, privacy policy, and support
5+
# documentation.
6+
7+
# A sample workflow which sets up periodic OSV-Scanner scanning for vulnerabilities,
8+
# in addition to a PR check which fails if new vulnerabilities are introduced.
9+
#
10+
# For more examples and options, including how to ignore specific vulnerabilities,
11+
# see https://google.github.io/osv-scanner/github-action/
12+
13+
name: OSV-Scanner
314

415
on:
16+
pull_request:
17+
branches: [ "main" ]
18+
merge_group:
19+
branches: [ "main" ]
520
schedule:
6-
- cron: '0 0 * * 0'
7-
workflow_dispatch:
21+
- cron: '0 0 * * 0'
22+
push:
23+
branches: [ "main" ]
824

9-
permissions: {}
25+
permissions:
26+
# Require writing security events to upload SARIF file to security tab
27+
security-events: write
28+
# Read commit contents
29+
contents: read
1030

1131
jobs:
12-
13-
check:
14-
name: Check with OSV Scanner
15-
runs-on: ubuntu-latest
16-
steps:
17-
- name: Check out
18-
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
19-
- name: Set up Go
20-
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
21-
with:
22-
go-version: 'stable'
23-
check-latest: true
24-
- name: Install OSV Scanner
25-
run: go install github.com/google/osv-scanner/cmd/osv-scanner@v1
26-
- name: OSV Scanner
27-
run: 'PATH="${PATH}:$(go env GOPATH)/bin" osv-scanner -r .'
32+
scan-scheduled:
33+
if: ${{ github.event_name == 'push' || github.event_name == 'schedule' }}
34+
uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@1f1242919d8a60496dd1874b24b62b2370ed4c78" # v1.7.1
35+
with:
36+
# Example of specifying custom arguments
37+
scan-args: |-
38+
-r
39+
--skip-git
40+
./
41+
scan-pr:
42+
if: ${{ github.event_name == 'pull_request' || github.event_name == 'merge_group' }}
43+
uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml@1f1242919d8a60496dd1874b24b62b2370ed4c78" # v1.7.1
44+
with:
45+
# Example of specifying custom arguments
46+
scan-args: |-
47+
-r
48+
--skip-git
49+
./

0 commit comments

Comments
 (0)