ceph-csi/.github/workflows/snyk.yaml

33 lines
777 B
YAML
Raw Normal View History

---
name: Security scanning
# yamllint disable-line rule:truthy
on:
schedule:
# Run weekly on every Monday
- cron: '0 0 * * 1'
push:
tags:
- v*
branches:
- release-*
permissions:
contents: read
jobs:
security:
if: github.repository == 'ceph/ceph-csi'
runs-on: ubuntu-latest
steps:
- name: checkout
# yamllint disable-line rule:line-length
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
with:
fetch-depth: 0
- name: run Snyk to check for code vulnerabilities
# yamllint disable-line rule:line-length
uses: snyk/actions/golang@cdb760004ba9ea4d525f2e043745dfe85bb9077e # master
env:
SNYK_TOKEN: ${{ secrets.SYNK_TOKEN }}