build: add vulnerability scan to PR build #713
pr.yml
on: pull_request
Build and Test Java
scan
/
sbom
Check editorconfig
Dry-run release
Lint commits for semantic-release
Security validation
Matrix: Build Isthmus Native Image
Waiting for pending jobs
Matrix: scan / scan
Waiting for pending jobs
Annotations
1 error
Invalid workflow file:
.github/workflows/pr.yml#L27
The workflow is not valid. substrait-io/substrait-java/.github/workflows/vulnerability-scan.yml@e9efd90b024e5d6e389d727bfd18296fa6438aac (Line: 27, Col: 3): Error calling workflow 'google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@v1.7.4'. The workflow is requesting 'actions: read, contents: read', but is only allowed 'actions: none, contents: none'.
|