Skip to content
Code Scanning

GA(deps): Bump haskell-actions/hlint-setup from 2.4.9 to 2.4.10 #561

Sign in to view logs

GA(deps): Bump haskell-actions/hlint-setup from 2.4.9 to 2.4.10

GA(deps): Bump haskell-actions/hlint-setup from 2.4.9 to 2.4.10 #561

Workflow file for this run

.github/workflows/code-scanning.yml at 8f88e3b
name: Code Scanning
on:
push:
branches: ["main"]
pull_request:
# The branches below must be a subset of the branches above
branches: ["main"]
schedule:
# Runs at 13:16 UTC on Fri.
- cron: "16 13 * * 5"
permissions:
contents: read
jobs:
hadolint:
name: Hadolint
runs-on: ubuntu-latest
permissions:
contents: read
security-events: write
steps:
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
- name: Run Hadolint
uses: hadolint/hadolint-action@54c9adbab1582c2ef04b2016b760714a4bfde3cf
with:
dockerfile: ./Dockerfile
format: sarif
output-file: hadolint-results.sarif
no-fail: true
- name: Upload Hadolint scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@9fdb3e49720b44c48891d036bb502feb25684276
with:
sarif_file: hadolint-results.sarif
wait-for-processing: true
trivy:
name: Trivy
runs-on: ubuntu-latest
permissions:
contents: read
security-events: write
steps:
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
- name: Build an image from Dockerfile
run: |
docker build -t ${{ github.sha }} .
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@fd25fed6972e341ff0007ddb61f77e88103953c2
with:
image-ref: "${{ github.sha }}"
format: "template"
template: "@/contrib/sarif.tpl"
output: "trivy-results.sarif"
severity: "CRITICAL,HIGH"
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@9fdb3e49720b44c48891d036bb502feb25684276
with:
sarif_file: "trivy-results.sarif"
wait-for-processing: true