actions/gosec
1
0
Fork 0
mirror of https://github.com/securego/gosec.git synced 2024-12-25 20:15:54 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add security scan (#654)

Browse source 
* Add security scan

* Update scan.yml
This commit is contained in:
Matthieu MOREL 2021-06-21 10:49:57 +02:00 committed by GitHub
parent 01b12b43d4
commit 03e876754d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 26 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
.github/workflows/scan.yml vendored Normal file
View file

@ -0,0 +1,26 @@
name: "Security Scan"
# Run workflow each time code is pushed to your repository and on a schedule.
# The scheduled workflow runs every at 00:00 on Sunday UTC time.
on:
push:
pull_request:
schedule:
- cron: '0 0 * * 0'
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Check out code into the Go module directory
uses: actions/checkout@v1
- name: Security Scan
uses: securego/gosec@master
with:
# we let the report trigger content trigger a failure using the GitHub Security features.
args: '-no-fail -fmt sarif -out results.sarif ./...'
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v1
with:
# Path to SARIF file relative to the root of the repository
sarif_file: results.sarif