|
@@ -0,0 +1,34 @@ |
|
|
|
|
|
# This workflow uses actions that are not certified by GitHub. |
|
|
|
|
|
# They are provided by a third-party and are governed by |
|
|
|
|
|
# separate terms of service, privacy policy, and support |
|
|
|
|
|
# documentation. |
|
|
|
|
|
|
|
|
|
|
|
name: DevSkim |
|
|
|
|
|
|
|
|
|
|
|
on: |
|
|
|
|
|
push: |
|
|
|
|
|
branches: [ master ] |
|
|
|
|
|
pull_request: |
|
|
|
|
|
branches: [ master ] |
|
|
|
|
|
schedule: |
|
|
|
|
|
- cron: '27 11 * * 1' |
|
|
|
|
|
|
|
|
|
|
|
jobs: |
|
|
|
|
|
lint: |
|
|
|
|
|
name: DevSkim |
|
|
|
|
|
runs-on: ubuntu-20.04 |
|
|
|
|
|
permissions: |
|
|
|
|
|
actions: read |
|
|
|
|
|
contents: read |
|
|
|
|
|
security-events: write |
|
|
|
|
|
steps: |
|
|
|
|
|
- name: Checkout code |
|
|
|
|
|
uses: actions/checkout@v2 |
|
|
|
|
|
|
|
|
|
|
|
- name: Run DevSkim scanner |
|
|
|
|
|
uses: microsoft/DevSkim-Action@v1 |
|
|
|
|
|
|
|
|
|
|
|
- name: Upload DevSkim scan results to GitHub Security tab |
|
|
|
|
|
uses: github/codeql-action/upload-sarif@v1 |
|
|
|
|
|
with: |
|
|
|
|
|
sarif_file: devskim-results.sarif |