Skip to content

.github/workflows/security.yaml #1766

.github/workflows/security.yaml

.github/workflows/security.yaml #1766

Workflow file for this run

---
on:
pull_request:
branches:
- "main"
schedule:
- cron: "0 0 * * *"
workflow_dispatch:
env:
XDG_CACHE_HOME: ${{ github.workspace }}/.cache/xdg
jobs:
security:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: actions/cache@v4
with:
path: ${{ env.XDG_CACHE_HOME }}
key: ${{ runner.os }}-security-${{ hashFiles('docker-lock.json') }}
restore-keys: |
${{ runner.os }}-security-
- uses: arduino/setup-task@v2
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
- run: |
task validate-security
- uses: github/codeql-action/upload-sarif@v3
with:
category: grype-vulnerabilities
sarif_file: "vulnerabilities.grype.sarif"
- uses: github/codeql-action/upload-sarif@v3
with:
category: trivy-misconfiguration-and-vulnerabilities
sarif_file: "misconfiguration-and-vulnerabilities.trivy.sarif"