Security #24

Workflow file for this run

.github/workflows/security.yml at 014fa7a

	name: Security

	on:
	push:
	branches:
	- main
	pull_request:
	types:
	- opened
	- reopened
	- synchronize
	- ready_for_review
	schedule:
	- cron: "0 2 * * *"

	permissions:
	contents: read

	concurrency:
	group: security-${{ github.event.pull_request.number \|\| github.ref }}
	cancel-in-progress: true

	jobs:
	codeql:
	runs-on: ubuntu-latest
	strategy:
	fail-fast: false
	matrix:
	language: ["go", "actions"]
	permissions:
	actions: read
	contents: read
	pull-requests: read
	security-events: write
	steps:
	- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
	with:
	persist-credentials: false
	- uses: github/codeql-action/init@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.30.5
	with:
	languages: ${{ matrix.language }}
	- uses: github/codeql-action/autobuild@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.30.5
	- uses: github/codeql-action/analyze@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.30.5

	grype:
	runs-on: ubuntu-latest
	permissions:
	security-events: write
	actions: read
	contents: read
	steps:
	- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
	- uses: anchore/scan-action@f6601287cdb1efc985d6b765bbf99cb4c0ac29d8 # v7.0.0
	id: scan
	with:
	path: "."
	fail-build: true
	severity-cutoff: critical
	- uses: github/codeql-action/upload-sarif@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.30.5
	with:
	sarif_file: ${{ steps.scan.outputs.sarif }}

	govulncheck:
	runs-on: ubuntu-latest
	permissions:
	security-events: write
	contents: read
	steps:
	- uses: golang/govulncheck-action@b625fbe08f3bccbe446d94fbf87fcc875a4f50ee # v1.0.4
	with:
	output-format: sarif
	output-file: results.sarif
	- uses: github/codeql-action/upload-sarif@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.30.5
	with:
	sarif_file: results.sarif

	dependency-review:
	runs-on: ubuntu-latest
	if: github.event_name == 'pull_request'
	permissions:
	contents: read
	steps:
	- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
	- uses: actions/dependency-review-action@56339e523c0409420f6c2c9a2f4292bbb3c07dd3 # v4.8.0
	with:
	fail-on-severity: critical
	allow-licenses: BSD-2-Clause, BSD-3-Clause, MIT, Apache-2.0, MPL-2.0, ISC

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Security #24

Workflow file

Security #24

Uh oh!

Workflow file for this run