mirrors/ceph-csi
1
0
Fork 0
mirror of https://github.com/ceph/ceph-csi.git synced 2024-11-15 10:50:18 +00:00
Code Issues Packages Projects Releases Wiki Activity
e011e74b9d
ceph-csi/.github/workflows/snyk.yaml

33 lines
777 B
YAML
Raw Normal View History

ci: add snyk scanning adding snyk github action to run when a PR is merged to the release branch or when a new release is done. Run snyk weekly on the devel branch. This will help us to track the security scanning results and fix if anything is required and also it serves as a placeholder for security scanning result for a while. Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2023-11-15 08:45:45 +00:00
---
name: Security scanning
# yamllint disable-line rule:truthy
on:
schedule:
# Run weekly on every Monday
- cron: '0 0 * * 1'
push:
tags:
- v*
branches:
- release-*
permissions:
contents: read
jobs:
security:
if: github.repository == 'ceph/ceph-csi'
runs-on: ubuntu-latest
steps:
- name: checkout
ci: Harden GitHub Actions Update GitHub actions to use full length commit ids for third-party actions to reduce security risk in case of vulnerabilities. Signed-off-by: StepSecurity Bot <bot@stepsecurity.io> Co-authored-by: Nikhil-Ladha <nikhilladha1999@gmail.com>
2024-09-18 09:19:02 +00:00
# yamllint disable-line rule:line-length
rebase: bump actions/checkout from 4.2.1 to 4.2.2 Bumps [actions/checkout](https://github.com/actions/checkout) from 4.2.1 to 4.2.2. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871...11bd71901bbe5b1630ceea73d27597364c9af683) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
2024-10-28 20:18:00 +00:00
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
ci: add snyk scanning adding snyk github action to run when a PR is merged to the release branch or when a new release is done. Run snyk weekly on the devel branch. This will help us to track the security scanning results and fix if anything is required and also it serves as a placeholder for security scanning result for a while. Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2023-11-15 08:45:45 +00:00
with:
fetch-depth: 0
- name: run Snyk to check for code vulnerabilities
ci: Harden GitHub Actions Update GitHub actions to use full length commit ids for third-party actions to reduce security risk in case of vulnerabilities. Signed-off-by: StepSecurity Bot <bot@stepsecurity.io> Co-authored-by: Nikhil-Ladha <nikhilladha1999@gmail.com>
2024-09-18 09:19:02 +00:00
# yamllint disable-line rule:line-length
uses: snyk/actions/golang@cdb760004ba9ea4d525f2e043745dfe85bb9077e # master
ci: add snyk scanning adding snyk github action to run when a PR is merged to the release branch or when a new release is done. Run snyk weekly on the devel branch. This will help us to track the security scanning results and fix if anything is required and also it serves as a placeholder for security scanning result for a while. Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2023-11-15 08:45:45 +00:00
env:
ci: pass the correct account token for Snyk jobs The secret in the project settings has a typo and is called `SYNK_TOKEN` instead of `SNYK_TOKEN`. Changing the name of the secret does not seem to be trivial; it needs to be deleted and re-created, which requires obtaining a new token, somehow. Adopting the name with the typo in the GitHub Workflow is easier. Signed-off-by: Niels de Vos <ndevos@ibm.com>
2024-08-22 15:42:55 +00:00
SNYK_TOKEN: ${{ secrets.SYNK_TOKEN }}
Reference in New Issue Copy Permalink