52 lines
1.3 KiB
YAML
52 lines
1.3 KiB
YAML
---
|
|
name: Security
|
|
|
|
on: # yamllint disable-line rule:truthy
|
|
pull_request: {}
|
|
push:
|
|
branches:
|
|
- main
|
|
|
|
defaults:
|
|
run:
|
|
shell: sh
|
|
|
|
jobs:
|
|
code-scanning:
|
|
name: Code scanning
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout ${{ github.repository }}
|
|
uses: actions/checkout@v4
|
|
- name: Initialize CodeQL
|
|
uses: github/codeql-action/init@v3
|
|
with:
|
|
languages: "javascript"
|
|
- name: Perform CodeQL Analysis
|
|
id: codeql-analysis
|
|
uses: github/codeql-action/analyze@v3
|
|
- name: Upload to GHAS
|
|
if: always()
|
|
uses: github/codeql-action/upload-sarif@v3
|
|
with:
|
|
category: "code-scanning"
|
|
sarif_file: "${{ steps.codeql-analysis.outputs.sarif-output }}"
|
|
directory-scanning:
|
|
name: Directory scanning
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout ${{ github.repository }}
|
|
uses: actions/checkout@v4
|
|
- name: Scan current project
|
|
id: scan-directory
|
|
uses: anchore/scan-action@v3
|
|
with:
|
|
by-cve: "true"
|
|
path: "."
|
|
- name: Upload to GHAS
|
|
if: always()
|
|
uses: github/codeql-action/upload-sarif@v3
|
|
with:
|
|
category: "directory-scanning"
|
|
sarif_file: "${{ steps.scan-directory.outputs.sarif }}"
|