This repository was archived by the owner on Feb 25, 2025. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 6k
56 lines (46 loc) · 1.73 KB
/
third_party_scan.yml
File metadata and controls
56 lines (46 loc) · 1.73 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
name: Third party dependency scan
on:
# Only the default branch is supported.
branch_protection_rule:
branches: [ main ]
schedule:
- cron: "0 8 * * *" # runs daily at 08:00
# Declare default permissions as read only.
permissions: read-all
jobs:
analysis:
name: Third party dependency scan
runs-on: ubuntu-latest
permissions:
# Needed to upload the results to code-scanning dashboard.
security-events: write
actions: read
contents: read
steps:
- name: "Checkout code"
uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
with:
persist-credentials: false
- name: setup python
uses: actions/setup-python@98f2ad02fd48d057ee3b4d4f66525b231c3e52b6
with:
python-version: '3.7.7' # install the python version needed
- name: install dependency
run: pip install git+https://github.com/psf/requests.git@4d394574f5555a8ddcc38f707e0c9f57f55d9a3b
- name: execute py script
run: python ci/deps_parser.py
- name: parse deps_parser output.txt
run: python ci/scan_flattened_deps.py
# Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
# format to the repository Actions tab.
- name: "Upload artifact"
uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535
with:
name: SARIF file
path: osvReport.sarif
retention-days: 5
# Upload the results to GitHub's code scanning dashboard.
- name: "Upload to code-scanning"
uses: github/codeql-action/upload-sarif@b2a92eb56d8cb930006a1c6ed86b0782dd8a4297
with:
sarif_file: osvReport.sarif