mirror of
https://github.com/ceph/ceph-csi.git
synced 2024-12-04 12:10:20 +00:00
6b3665b80c
adding snyk github action to run when a PR is merged to the release branch or when a new release is done. Run snyk weekly on the devel branch. This will help us to track the security scanning results and fix if anything is required and also it serves as a placeholder for security scanning result for a while. Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
31 lines
587 B
YAML
31 lines
587 B
YAML
---
|
|
name: Security scanning
|
|
# yamllint disable-line rule:truthy
|
|
on:
|
|
schedule:
|
|
# Run weekly on every Monday
|
|
- cron: '0 0 * * 1'
|
|
push:
|
|
tags:
|
|
- v*
|
|
branches:
|
|
- release-*
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
security:
|
|
if: github.repository == 'ceph/ceph-csi'
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: checkout
|
|
uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: run Snyk to check for code vulnerabilities
|
|
uses: snyk/actions/golang@master
|
|
env:
|
|
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
|