Add clj-watson starter workflow (#1460)
* Add clj-watson starter workflow * update permissions * update to latest release * Update clj-watson-action to official release * Update code-scanning/clj-watson.yml Co-authored-by: Matheus Bernardes <12648924+mthbernardes@users.noreply.github.com> * Update code-scanning/clj-watson.yml Co-authored-by: Matheus Bernardes <12648924+mthbernardes@users.noreply.github.com> * update categories * update categories * Update code-scanning/clj-watson.yml Co-authored-by: Matheus Bernardes <12648924+mthbernardes@users.noreply.github.com> * Update code-scanning/properties/clj-watson.properties.json Co-authored-by: Bishal Prasad <bishal-pdmsft@github.com> * Update code-scanning/clj-watson.yml Co-authored-by: Matheus Bernardes <12648924+mthbernardes@users.noreply.github.com> * add comments to yml file * Update clj-watson.properties.json * use codeql-action/upload-sarif v2 Co-authored-by: Matheus Bernardes <12648924+mthbernardes@users.noreply.github.com> Co-authored-by: Bishal Prasad <bishal-pdmsft@github.com>
This commit is contained in:
@@ -0,0 +1,53 @@
|
||||
# This workflow uses actions that are not certified by GitHub.
|
||||
# They are provided by a third-party and are governed by
|
||||
# separate terms of service, privacy policy, and support
|
||||
# documentation.
|
||||
# clj-watson scans dependencies in a clojure deps.edn
|
||||
# seeking for vulnerable direct/transitive dependencies and
|
||||
# build a report with all the information needed to help you
|
||||
# understand how the vulnerability manifest in your software.
|
||||
# More details at https://github.com/clj-holmes/clj-watson
|
||||
|
||||
name: clj-watson
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ $default-branch, $protected-branches ]
|
||||
pull_request:
|
||||
# The branches below must be a subset of the branches above
|
||||
branches: [ $default-branch ]
|
||||
schedule:
|
||||
- cron: $cron-weekly
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
clj-holmes:
|
||||
name: Run clj-watson scanning
|
||||
runs-on: ubuntu-latest
|
||||
permissions:
|
||||
contents: read
|
||||
security-events: write
|
||||
steps:
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v2
|
||||
|
||||
- name: Dependency scan
|
||||
uses: clj-holmes/clj-watson-action@39b8ed306f2c125860cf6e69b6939363689f998c
|
||||
with:
|
||||
clj-watson-sha: "65d928c"
|
||||
clj-watson-tag: "v4.0.1"
|
||||
database-strategy: github-advisory
|
||||
aliases: clojure-lsp,test
|
||||
deps-edn-path: deps.edn
|
||||
suggest-fix: true
|
||||
output-type: sarif
|
||||
output-file: clj-watson-results.sarif
|
||||
fail-on-result: false
|
||||
|
||||
- name: Upload analysis results to GitHub
|
||||
uses: github/codeql-action/upload-sarif@v2
|
||||
with:
|
||||
sarif_file: ${{github.workspace}}/clj-watson-results.sarif
|
||||
wait-for-processing: true
|
||||
@@ -0,0 +1,9 @@
|
||||
{
|
||||
"name": "clj-watson",
|
||||
"description": "Scan Clojure/Clojurescript projects for vulnerable direct/transitive dependencies.",
|
||||
"iconName": "clj-watson",
|
||||
"categories": [
|
||||
"Code Scanning",
|
||||
"Clojure"
|
||||
]
|
||||
}
|
||||
File diff suppressed because one or more lines are too long
|
After Width: | Height: | Size: 107 KiB |
Reference in New Issue
Block a user