Skip to content

Add vet GitHub Action workflow #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Add vet GitHub Action workflow #2

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
a70f881
Add vet GitHub Action workflow
safedep-bot Mar 10, 2025
af0d4c6
Add vet policy
safedep-bot Mar 10, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
29 changes: 29 additions & 0 deletions .github/vet/policy.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@

# https://github.com/safedep/vet-action
# https://github.com/safedep/vet
# Learn more about policies: https://docs.safedep.io/advanced/filtering
name: vet Open Source Components
description: General purpose OSS best practices policy for vet
tags:
- general
- community
filters:
- name: critical-or-high-vulns
check_type: CheckTypeVulnerability
summary: Critical or high risk vulnerabilities were found
value: |
vulns.critical.exists(p, true) || vulns.high.exists(p, true)
- name: risky-oss-licenses
check_type: CheckTypeLicense
summary: Risky OSS license was detected
value: |
licenses.exists(p, p == "GPL-2.0") ||
licenses.exists(p, p == "GPL-2.0-only") ||
licenses.exists(p, p == "GPL-3.0") ||
licenses.exists(p, p == "GPL-3.0-only") ||
licenses.exists(p, p == "BSD-3-Clause OR GPL-2.0")
- name: ossf-unmaintained
check_type: CheckTypeMaintenance
summary: Component appears to be unmaintained
value: |
scorecard.scores["Maintained"] == 0
40 changes: 40 additions & 0 deletions .github/workflows/vet-ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@

# https://github.com/safedep/vet-action
name: vet OSS Components

on:
pull_request:
push:
branches:
- main

permissions:
# Required for actions/checkout@v4
contents: read

# Required for writing pull request comment
issues: write
pull-requests: write

jobs:
vet:
name: vet
runs-on: ubuntu-latest

steps:
- name: Checkout
id: checkout
uses: actions/checkout@v4

- name: Run vet
id: vet
uses: safedep/vet-action@v1
with:
# Path to the policy file.
# Remove following line to use the default policy
policy: .github/vet/policy.yml
# Enable comments proxy to allow comments on the PR from forked repo
enable-comments-proxy: true
env:
# Required for writing pull request comment
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}