security #9

Workflow file for this run

.github/workflows/security.yml at de5b63d

	name: "security"

	on:
	pull_request:
	push:
	branches: [main]
	schedule:
	- cron: "0 2 * * *"

	permissions:
	contents: read

	concurrency:
	group: security-${{ github.event.pull_request.number \|\| github.ref }}
	cancel-in-progress: true

	jobs:
	codeql:
	runs-on: ubuntu-latest
	strategy:
	fail-fast: false
	matrix:
	language: ["go", "actions"]
	permissions:
	actions: read
	contents: read
	pull-requests: read
	security-events: write
	steps:
	- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
	with:
	persist-credentials: false
	- uses: github/codeql-action/init@64d10c13136e1c5bce3e5fbde8d4906eeaafc885 # v3.30.6
	with:
	languages: ${{ matrix.language }}
	- uses: github/codeql-action/autobuild@64d10c13136e1c5bce3e5fbde8d4906eeaafc885 # v3.30.6
	- uses: github/codeql-action/analyze@64d10c13136e1c5bce3e5fbde8d4906eeaafc885 # v3.30.6

	grype:
	runs-on: ubuntu-latest
	permissions:
	security-events: write
	actions: read
	contents: read
	steps:
	- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
	- uses: anchore/scan-action@f6601287cdb1efc985d6b765bbf99cb4c0ac29d8 # v7.0.0
	id: scan
	with:
	path: "."
	fail-build: true
	severity-cutoff: critical
	- uses: github/codeql-action/upload-sarif@64d10c13136e1c5bce3e5fbde8d4906eeaafc885 # v3.30.6
	with:
	sarif_file: ${{ steps.scan.outputs.sarif }}

	govulncheck:
	runs-on: ubuntu-latest
	permissions:
	security-events: write
	contents: read
	steps:
	- uses: golang/govulncheck-action@b625fbe08f3bccbe446d94fbf87fcc875a4f50ee # v1.0.4
	with:
	output-format: sarif
	output-file: results.sarif
	- uses: github/codeql-action/upload-sarif@64d10c13136e1c5bce3e5fbde8d4906eeaafc885 # v3.30.6
	with:
	sarif_file: results.sarif

	dependency-review:
	runs-on: ubuntu-latest
	if: github.event_name == 'pull_request'
	permissions:
	contents: read
	steps:
	- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
	- uses: actions/dependency-review-action@56339e523c0409420f6c2c9a2f4292bbb3c07dd3 # v4.8.0
	with:
	fail-on-severity: critical
	allow-licenses: BSD-2-Clause, BSD-3-Clause, MIT, Apache-2.0, MPL-2.0, ISC

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

security #9

Workflow file

security #9

Uh oh!

Jobs

Run details

Workflow file for this run