flawfinder #460

	name: flawfinder

	on:
	push:
	branches: [ main ]
	pull_request:
	branches: [ main ]
	schedule:
	- cron: '28 0 * * 1'

	jobs:
	flawfinder:
	name: Flawfinder
	runs-on: ubuntu-latest
	permissions:
	actions: read
	contents: read
	security-events: write
	steps:
	- name: Checkout code
	uses: actions/checkout@v4

	- name: flawfinder_scan
	uses: david-a-wheeler/flawfinder@c57197cd6061453f10a496f30a732bc1905918d1
	with:
	arguments: '--sarif ./'
	output: 'flawfinder_results.sarif'

	- name: Upload analysis results to GitHub Security tab
	uses: github/codeql-action/upload-sarif@v3
	with:
	sarif_file: ${{github.workspace}}/flawfinder_results.sarif

Provide feedback