-
Notifications
You must be signed in to change notification settings - Fork 0
/
reusable-code-scanning.yml
33 lines (29 loc) · 1.15 KB
/
reusable-code-scanning.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
# This is a centralized code scanning workflow. This is the default code scanning workflow that automatically handles all of your
# security scans.
#
# Need some more info? Check out our documentation here: https://github.com/octodemo/security-workflows
# Got a question? Ping the security team!
name: Centralized Code Scanning
on:
push:
branches: [ $default-branch, $protected-branches ]
pull_request:
branches: [ $default-branch ]
schedule:
- cron: $cron-weekly
jobs:
# This job calls the centralized code scanning workflow
scanning:
uses: octodemo/security-workflows/.github/workflows/code-scanning.yml@main
secrets: inherit
with:
# This section is used to tell CodeQL which languages you need to scan in the repo
languages: " [ $detected-codeql-languages ] "
# Autobuild failed? uncomment the following line and add your build command
# build-comand: "./build.sh"
# Need to disable one of the tools from being run? Uncomment the appropriate line below
# skip-codeql: true
# skip-scorecards: true
# skip-tfsec: true
# skip-anchore: true
# skip-dependency-review: true