# This workflow uses actions that are not certified by GitHub. # They are provided by a third-party and are governed by # separate terms of service, privacy policy, and support # documentation. name: DevSkim on: push: paths: - '.github/workflows/devskim.yml' - '.goreleaser.yml' - 'Dockerfile.multiarches' - 'Dockerfile.singlearch' - 'Makefile' - 'frontend/**' - 'integration-tests/**' - 'proto/**' - 'service/**' branches: [ "main" ] pull_request: paths: - '.github/workflows/devskim.yml' - '.goreleaser.yml' - 'Dockerfile.multiarches' - 'Dockerfile.singlearch' - 'Makefile' - 'frontend/**' - 'integration-tests/**' - 'proto/**' - 'service/**' branches: [ "main" ] schedule: - cron: '34 21 * * 2' jobs: lint: name: DevSkim runs-on: ubuntu-latest permissions: actions: read contents: read security-events: write steps: - name: Checkout code uses: actions/checkout@v4 - name: Run DevSkim scanner uses: microsoft/DevSkim-Action@v1 - name: Upload DevSkim scan results to GitHub Security tab uses: github/codeql-action/upload-sarif@v3 with: sarif_file: devskim-results.sarif