devskim.yml 1.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354
  1. # This workflow uses actions that are not certified by GitHub.
  2. # They are provided by a third-party and are governed by
  3. # separate terms of service, privacy policy, and support
  4. # documentation.
  5. name: DevSkim
  6. on:
  7. push:
  8. paths:
  9. - '.github/workflows/devskim.yml'
  10. - '.goreleaser.yml'
  11. - 'Dockerfile.multiarches'
  12. - 'Dockerfile.singlearch'
  13. - 'Makefile'
  14. - 'frontend/**'
  15. - 'integration-tests/**'
  16. - 'proto/**'
  17. - 'service/**'
  18. branches: [ "main" ]
  19. pull_request:
  20. paths:
  21. - '.github/workflows/devskim.yml'
  22. - '.goreleaser.yml'
  23. - 'Dockerfile.multiarches'
  24. - 'Dockerfile.singlearch'
  25. - 'Makefile'
  26. - 'frontend/**'
  27. - 'integration-tests/**'
  28. - 'proto/**'
  29. - 'service/**'
  30. branches: [ "main" ]
  31. schedule:
  32. - cron: '34 21 * * 2'
  33. jobs:
  34. lint:
  35. name: DevSkim
  36. runs-on: ubuntu-latest
  37. permissions:
  38. actions: read
  39. contents: read
  40. security-events: write
  41. steps:
  42. - name: Checkout code
  43. uses: actions/checkout@v4
  44. - name: Run DevSkim scanner
  45. uses: microsoft/DevSkim-Action@v1
  46. - name: Upload DevSkim scan results to GitHub Security tab
  47. uses: github/codeql-action/upload-sarif@v3
  48. with:
  49. sarif_file: devskim-results.sarif