61 lines
		
	
	
		
			2.3 KiB
		
	
	
	
		
			YAML
		
	
	
			
		
		
	
	
			61 lines
		
	
	
		
			2.3 KiB
		
	
	
	
		
			YAML
		
	
	
| # This workflow uses actions that are not certified by GitHub.
 | |
| # They are provided by a third-party and are governed by
 | |
| # separate terms of service, privacy policy, and support
 | |
| # documentation.
 | |
| 
 | |
| # This workflow checks out code, performs a Codacy security scan
 | |
| # and integrates the results with the
 | |
| # GitHub Advanced Security code scanning feature.  For more information on
 | |
| # the Codacy security scan action usage and parameters, see
 | |
| # https://github.com/codacy/codacy-analysis-cli-action.
 | |
| # For more information on Codacy Analysis CLI in general, see
 | |
| # https://github.com/codacy/codacy-analysis-cli.
 | |
| 
 | |
| name: Codacy Security Scan
 | |
| 
 | |
| on:
 | |
|   push:
 | |
|     branches: [ master ]
 | |
|   pull_request:
 | |
|     # The branches below must be a subset of the branches above
 | |
|     branches: [ master ]
 | |
|   schedule:
 | |
|     - cron: '30 0 * * 4'
 | |
| 
 | |
| permissions:
 | |
|   contents: read
 | |
| 
 | |
| jobs:
 | |
|   codacy-security-scan:
 | |
|     permissions:
 | |
|       contents: read # for actions/checkout to fetch code
 | |
|       security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
 | |
|     name: Codacy Security Scan
 | |
|     runs-on: ubuntu-latest
 | |
|     steps:
 | |
|       # Checkout the repository to the GitHub Actions runner
 | |
|       - name: Checkout code
 | |
|         uses: actions/checkout@v3
 | |
| 
 | |
|       # Execute Codacy Analysis CLI and generate a SARIF output with the security issues identified during the analysis
 | |
|       - name: Run Codacy Analysis CLI
 | |
|         uses: codacy/codacy-analysis-cli-action@f38648320929161d81646834fbee4d75f6502aea
 | |
|         with:
 | |
|           # Check https://github.com/codacy/codacy-analysis-cli#project-token to get your project token from your Codacy repository
 | |
|           # You can also omit the token and run the tools that support default configurations
 | |
|           project-token: ${{ secrets.CODACY_PROJECT_TOKEN }}
 | |
|           verbose: true
 | |
|           output: results.sarif
 | |
|           format: sarif
 | |
|           # Adjust severity of non-security issues
 | |
|           gh-code-scanning-compat: true
 | |
|           # Force 0 exit code to allow SARIF file generation
 | |
|           # This will handover control about PR rejection to the GitHub side
 | |
|           max-allowed-issues: 2147483647
 | |
| 
 | |
|       # Upload the SARIF file generated in the previous step
 | |
|       - name: Upload SARIF results file
 | |
|         uses: github/codeql-action/upload-sarif@v2
 | |
|         with:
 | |
|           sarif_file: results.sarif
 |