|
|
|
@ -23,16 +23,17 @@ on: |
|
|
|
push: |
|
|
|
branches: ["master"] |
|
|
|
|
|
|
|
permissions: |
|
|
|
# Required to upload SARIF file to CodeQL. See: https://github.com/github/codeql-action/issues/2117 |
|
|
|
actions: read |
|
|
|
# Require writing security events to upload SARIF file to security tab |
|
|
|
security-events: write |
|
|
|
# Read commit contents |
|
|
|
contents: read |
|
|
|
# Declare default permissions as read only. |
|
|
|
permissions: read-all |
|
|
|
|
|
|
|
|
|
|
|
jobs: |
|
|
|
scan-scheduled: |
|
|
|
permissions: |
|
|
|
# Required for writing security events to upload SARIF file to security tab |
|
|
|
security-events: write |
|
|
|
actions: read |
|
|
|
contents: read |
|
|
|
if: ${{ github.event_name == 'push' || github.event_name == 'schedule' }} |
|
|
|
# If you want to copy this config, highly suggest pinning this version to a release rather than tracking the main branch |
|
|
|
uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@8bd1ce1c4be9d98053ffd9e6e14585276a36762c" # v1.9.1 |
|
|
|
@ -43,6 +44,11 @@ jobs: |
|
|
|
--skip-git |
|
|
|
./ |
|
|
|
scan-pr: |
|
|
|
permissions: |
|
|
|
# Required for writing security events to upload SARIF file to security tab |
|
|
|
security-events: write |
|
|
|
actions: read |
|
|
|
contents: read |
|
|
|
if: ${{ github.event_name == 'pull_request' || github.event_name == 'merge_group' }} |
|
|
|
# If you want to copy this config, highly suggest pinning this version to a release rather than tracking the main branch |
|
|
|
uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml@8bd1ce1c4be9d98053ffd9e6e14585276a36762c" # v1.9.1 |
|
|
|
|
mandlil
4 days ago
GitHub