  1. # This workflow uses actions that are not certified by GitHub.
  2. # They are provided by a third-party and are governed by
  3. # separate terms of service, privacy policy, and support
  4. # documentation.
  5. name: DevSkim
  6. on:
  7. push:
  8. branches: [ master ]
  9. pull_request:
  10. branches: [ master ]
  11. schedule:
  12. - cron: '27 11 * * 1'
  13. jobs:
  14. lint:
  15. name: DevSkim
  16. runs-on: ubuntu-20.04
  17. permissions:
  18. actions: read
  19. contents: read
  20. security-events: write
  21. steps:
  22. - name: Checkout code
  23. uses: actions/checkout@v2
  24. - name: Run DevSkim scanner
  25. uses: microsoft/DevSkim-Action@v1
  26. - name: Upload DevSkim scan results to GitHub Security tab
  27. uses: github/codeql-action/upload-sarif@v1
  28. with:
  29. sarif_file: devskim-results.sarif