ceph-csi/.github/workflows/snyk.yaml
dependabot[bot] b94a55c0d3 rebase: bump actions/checkout from 4.2.0 to 4.2.1
Bumps [actions/checkout](https://github.com/actions/checkout) from 4.2.0 to 4.2.1.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](d632683dd7...eef61447b9)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-10-08 05:47:27 +00:00

33 lines
777 B
YAML

---
name: Security scanning
# yamllint disable-line rule:truthy
on:
schedule:
# Run weekly on every Monday
- cron: '0 0 * * 1'
push:
tags:
- v*
branches:
- release-*
permissions:
contents: read
jobs:
security:
if: github.repository == 'ceph/ceph-csi'
runs-on: ubuntu-latest
steps:
- name: checkout
# yamllint disable-line rule:line-length
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
with:
fetch-depth: 0
- name: run Snyk to check for code vulnerabilities
# yamllint disable-line rule:line-length
uses: snyk/actions/golang@cdb760004ba9ea4d525f2e043745dfe85bb9077e # master
env:
SNYK_TOKEN: ${{ secrets.SYNK_TOKEN }}