security #50

Workflow file for this run

.github/workflows/security.yml at 2b8177c

	name: "security"

	on:
	pull_request:
	push:
	branches: [main]
	schedule:
	- cron: "0 2 * * *"

	permissions:
	contents: read

	concurrency:
	group: security-${{ github.event.pull_request.number \|\| github.ref }}
	cancel-in-progress: true

	jobs:
	codeql:
	runs-on: ubuntu-latest
	strategy:
	fail-fast: false
	matrix:
	language: ["go", "actions"]
	permissions:
	actions: read
	contents: read
	pull-requests: read
	security-events: write
	steps:
	- uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
	with:
	persist-credentials: false
	- uses: github/codeql-action/init@fe4161a26a8629af62121b670040955b330f9af2 # v4.31.6
	with:
	languages: ${{ matrix.language }}
	- uses: github/codeql-action/autobuild@fe4161a26a8629af62121b670040955b330f9af2 # v4.31.6
	- uses: github/codeql-action/analyze@fe4161a26a8629af62121b670040955b330f9af2 # v4.31.6

	grype:
	runs-on: ubuntu-latest
	permissions:
	security-events: write
	actions: read
	contents: read
	steps:
	- uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
	- uses: anchore/scan-action@40a61b52209e9d50e87917c5b901783d546b12d0 # v7.2.1
	id: scan
	with:
	path: "."
	fail-build: true
	severity-cutoff: critical
	- uses: github/codeql-action/upload-sarif@fe4161a26a8629af62121b670040955b330f9af2 # v4.31.6
	with:
	sarif_file: ${{ steps.scan.outputs.sarif }}

	govulncheck:
	runs-on: ubuntu-latest
	permissions:
	security-events: write
	contents: read
	steps:
	- uses: golang/govulncheck-action@b625fbe08f3bccbe446d94fbf87fcc875a4f50ee # v1.0.4
	with:
	output-format: sarif
	output-file: results.sarif
	- uses: github/codeql-action/upload-sarif@fe4161a26a8629af62121b670040955b330f9af2 # v4.31.6
	with:
	sarif_file: results.sarif

	dependency-review:
	runs-on: ubuntu-latest
	if: github.event_name == 'pull_request'
	permissions:
	contents: read
	steps:
	- uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
	- uses: actions/dependency-review-action@3c4e3dcb1aa7874d2c16be7d79418e9b7efd6261 # v4.8.2
	with:
	fail-on-severity: critical
	allow-licenses: BSD-2-Clause, BSD-3-Clause, MIT, Apache-2.0, MPL-2.0, ISC

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

security #50

Workflow file

security #50

Uh oh!

Workflow file for this run