From d096622e584c408fd85529d0620556c30dd3049d Mon Sep 17 00:00:00 2001 From: Kyle Johnson Date: Fri, 31 May 2024 18:14:19 -0500 Subject: [PATCH] Create osv-scanner.yml --- .github/workflows/osv-scanner.yml | 49 +++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) create mode 100644 .github/workflows/osv-scanner.yml diff --git a/.github/workflows/osv-scanner.yml b/.github/workflows/osv-scanner.yml new file mode 100644 index 00000000..9749b5df --- /dev/null +++ b/.github/workflows/osv-scanner.yml @@ -0,0 +1,49 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +# A sample workflow which sets up periodic OSV-Scanner scanning for vulnerabilities, +# in addition to a PR check which fails if new vulnerabilities are introduced. +# +# For more examples and options, including how to ignore specific vulnerabilities, +# see https://google.github.io/osv-scanner/github-action/ + +name: OSV-Scanner + +on: + pull_request: + branches: [ "main" ] + merge_group: + branches: [ "main" ] + schedule: + - cron: '28 2 * * 2' + push: + branches: [ "main" ] + +permissions: + # Require writing security events to upload SARIF file to security tab + security-events: write + # Read commit contents + contents: read + +jobs: + scan-scheduled: + if: ${{ github.event_name == 'push' || github.event_name == 'schedule' }} + uses: google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@v1.7.3 + with: + # Example of specifying custom arguments + scan-args: |- + -r + --skip-git + ./ + + scan-pr: + if: ${{ github.event_name == 'pull_request' || github.event_name == 'merge_group' }} + uses: google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml@v1.7.3 + with: + # Example of specifying custom arguments + scan-args: |- + -r + --skip-git + ./