mirror of
https://github.com/prymitive/karma
synced 2026-05-05 03:16:51 +00:00
49 lines
1.4 KiB
YAML
49 lines
1.4 KiB
YAML
name: Scan
|
|
|
|
on:
|
|
schedule:
|
|
- cron: "0 6 * * 4"
|
|
|
|
jobs:
|
|
codeql:
|
|
name: CodeQL
|
|
runs-on: ubuntu-20.04
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v2
|
|
with:
|
|
# We must fetch at least the immediate parents so that if this is
|
|
# a pull request then we can checkout the head.
|
|
fetch-depth: 2
|
|
|
|
# Initializes the CodeQL tools for scanning.
|
|
- name: Initialize CodeQL
|
|
uses: github/codeql-action/init@v1
|
|
# Override language selection by uncommenting this and choosing your languages
|
|
# with:
|
|
# languages: go, javascript, csharp, python, cpp, java
|
|
|
|
- name: Perform CodeQL Analysis
|
|
uses: github/codeql-action/analyze@v1
|
|
|
|
anchore:
|
|
name: Anchore Container Scan
|
|
runs-on: ubuntu-20.04
|
|
steps:
|
|
- name: Checkout the code
|
|
uses: actions/checkout@v2
|
|
|
|
- name: Build the Docker image
|
|
run: docker build . --file Dockerfile --tag localbuild/testimage:latest
|
|
|
|
- name: Run the local Anchore scan action itself with GitHub Advanced Security code scanning integration enabled
|
|
uses: anchore/scan-action@v2
|
|
with:
|
|
image: "localbuild/testimage:latest"
|
|
acs-report-enable: true
|
|
|
|
- name: Upload Anchore Scan Report
|
|
uses: github/codeql-action/upload-sarif@v1
|
|
with:
|
|
sarif_file: results.sarif
|