You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The current security-scan-app and security-scan-container workflows are triggered on push and pull_request events. When dependabot triggers it with a push event, the resulting SARIF files can't be uploaded, due to a limitation.
From the Github Actions logs:
Warning: Workflows triggered by Dependabot on the "push" event run with read-only access. Uploading Code Scanning results requires write access. To use Code Scanning with Dependabot, please ensure you are using the "pull_request" event for this workflow and avoid triggering on the "push" event for Dependabot branches. See https://docs.github.com/en/code-security/secure-coding/configuring-code-scanning#scanning-on-push for more information on how to configure these events.
We might want to find a way to disable dependabot from triggering on such "push" events.
The text was updated successfully, but these errors were encountered:
dangerzone/.github/workflows/scan.yml
Lines 2 to 8 in 7689847
The current
security-scan-app
andsecurity-scan-container
workflows are triggered onpush
andpull_request
events. When dependabot triggers it with apush
event, the resulting SARIF files can't be uploaded, due to a limitation.From the Github Actions logs:
We might want to find a way to disable dependabot from triggering on such "push" events.
The text was updated successfully, but these errors were encountered: