Skip to content

Commit f163978

Browse files
committed
Add code scanning pipeline
1 parent 2b59ee3 commit f163978

File tree

1 file changed

+62
-0
lines changed

1 file changed

+62
-0
lines changed

.github/workflows/ci.yml

Lines changed: 62 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,62 @@
1+
name: "CI"
2+
3+
on:
4+
push:
5+
branches: [ "main" ]
6+
pull_request:
7+
# The branches below must be a subset of the branches above
8+
branches: [ "main" ]
9+
schedule:
10+
- cron: '0 0 * * *'
11+
12+
jobs:
13+
analyze:
14+
name: Analyze
15+
runs-on: ubuntu-latest
16+
permissions:
17+
actions: read
18+
contents: read
19+
security-events: write
20+
21+
strategy:
22+
fail-fast: false
23+
matrix:
24+
language: [ 'python', 'go' ]
25+
# CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
26+
# Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
27+
28+
steps:
29+
- name: Checkout repository
30+
uses: actions/checkout@v4
31+
32+
# Initializes the CodeQL tools for scanning.
33+
34+
- name: Initialize CodeQL
35+
uses: github/codeql-action/init@v2
36+
with:
37+
languages: ${{ matrix.language }}
38+
# If you wish to specify custom queries, you can do so here or in a config file.
39+
# By default, queries listed here will override any specified in a config file.
40+
# Prefix the list here with "+" to use these queries and those in the config file.
41+
42+
# Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
43+
# queries: security-extended,security-and-quality
44+
45+
- name: Perform CodeQL Analysis
46+
uses: github/codeql-action/analyze@v2
47+
48+
- name: Trivy Security Scan
49+
uses: aquasecurity/trivy-action@0.17.0
50+
with:
51+
scan-type: 'fs'
52+
scan-ref: '.'
53+
format: 'sarif'
54+
output: 'trivy-results.sarif'
55+
exit-code: 1
56+
severity: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL
57+
58+
- name: Upload Trivy scan results to GitHub Security tab
59+
uses: github/codeql-action/upload-sarif@v2
60+
with:
61+
sarif_file: 'trivy-results.sarif'
62+

0 commit comments

Comments
 (0)