Add clj-watson starter workflow (#1460)

* Add clj-watson starter workflow

* update permissions

* update to latest release

* Update clj-watson-action to official release

* Update code-scanning/clj-watson.yml

Co-authored-by: Matheus Bernardes <12648924+mthbernardes@users.noreply.github.com>

* Update code-scanning/clj-watson.yml

Co-authored-by: Matheus Bernardes <12648924+mthbernardes@users.noreply.github.com>

* update categories

* update categories

* Update code-scanning/clj-watson.yml

Co-authored-by: Matheus Bernardes <12648924+mthbernardes@users.noreply.github.com>

* Update code-scanning/properties/clj-watson.properties.json

Co-authored-by: Bishal Prasad <bishal-pdmsft@github.com>

* Update code-scanning/clj-watson.yml

Co-authored-by: Matheus Bernardes <12648924+mthbernardes@users.noreply.github.com>

* add comments to yml file

* Update clj-watson.properties.json

* use codeql-action/upload-sarif v2

Co-authored-by: Matheus Bernardes <12648924+mthbernardes@users.noreply.github.com>
Co-authored-by: Bishal Prasad <bishal-pdmsft@github.com>
This commit is contained in:
Yong Yan
2022-04-11 21:41:27 -07:00
committed by GitHub
parent 70f16d3552
commit 66f87f9dfe
3 changed files with 63 additions and 0 deletions
+53
View File
@@ -0,0 +1,53 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
# clj-watson scans dependencies in a clojure deps.edn
# seeking for vulnerable direct/transitive dependencies and
# build a report with all the information needed to help you
# understand how the vulnerability manifest in your software.
# More details at https://github.com/clj-holmes/clj-watson
name: clj-watson
on:
push:
branches: [ $default-branch, $protected-branches ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ $default-branch ]
schedule:
- cron: $cron-weekly
permissions:
contents: read
jobs:
clj-holmes:
name: Run clj-watson scanning
runs-on: ubuntu-latest
permissions:
contents: read
security-events: write
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Dependency scan
uses: clj-holmes/clj-watson-action@39b8ed306f2c125860cf6e69b6939363689f998c
with:
clj-watson-sha: "65d928c"
clj-watson-tag: "v4.0.1"
database-strategy: github-advisory
aliases: clojure-lsp,test
deps-edn-path: deps.edn
suggest-fix: true
output-type: sarif
output-file: clj-watson-results.sarif
fail-on-result: false
- name: Upload analysis results to GitHub
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: ${{github.workspace}}/clj-watson-results.sarif
wait-for-processing: true
@@ -0,0 +1,9 @@
{
"name": "clj-watson",
"description": "Scan Clojure/Clojurescript projects for vulnerable direct/transitive dependencies.",
"iconName": "clj-watson",
"categories": [
"Code Scanning",
"Clojure"
]
}
File diff suppressed because one or more lines are too long

After

Width:  |  Height:  |  Size: 107 KiB