chore(deps): update github actions upgrade #130
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# For more examples and options, including how to ignore specific vulnerabilities, | |
# see https://google.github.io/osv-scanner/github-action/ | |
name: OSV-Scanner | |
on: | |
pull_request: | |
branches: ["main"] | |
merge_group: | |
branches: ["main"] | |
schedule: | |
# Scan once a week | |
- cron: "36 22 * * 2" | |
push: | |
branches: ["main"] | |
permissions: | |
contents: read | |
jobs: | |
scan-scheduled: | |
permissions: | |
contents: read | |
actions: read | |
security-events: write | |
if: ${{ github.event_name == 'push' || github.event_name == 'schedule' }} | |
uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@19ec1116569a47416e11a45848722b1af31a857b" # v1.9.0 | |
with: | |
# -r: | |
# Recursively scan subdirectories | |
# | |
# --call-analysis=all | |
# Check if the vulnerable code is actually being executed by your project. | |
# If the code is not being executed, these vulnerabilities will be marked as unexecuted. | |
# | |
# --skip-git | |
# Only look at the current code. Do not spend time looking through all commits | |
scan-args: |- | |
-r | |
--call-analysis=all | |
--skip-git | |
./ | |
scan-pr: | |
permissions: | |
contents: read | |
actions: read | |
security-events: write | |
if: ${{ github.event_name == 'pull_request' || github.event_name == 'merge_group' }} | |
uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml@19ec1116569a47416e11a45848722b1af31a857b" # v1.9.0 | |
with: | |
# -r: | |
# Recursively scan subdirectories | |
# | |
# --call-analysis=all | |
# Check if the vulnerable code is actually being executed by your project. | |
# If the code is not being executed, these vulnerabilities will be marked as unexecuted. | |
# | |
# --skip-git | |
# Only look at the current code. Do not spend time looking through all commits | |
scan-args: |- | |
-r | |
--call-analysis=all | |
--skip-git | |
./ |