diff --git a/code-scanning/devskim.yml b/code-scanning/devskim.yml new file mode 100644 index 0000000..3a5c45f --- /dev/null +++ b/code-scanning/devskim.yml @@ -0,0 +1,34 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +name: DevSkim + +on: + push: + branches: [ $default-branch, $protected-branches ] + pull_request: + branches: [ $default-branch ] + schedule: + - cron: $cron-weekly + +jobs: + lint: + name: DevSkim + runs-on: ubuntu-20.04 + permissions: + actions: read + contents: read + security-events: write + steps: + - name: Checkout code + uses: actions/checkout@v2 + + - name: Run DevSkim scanner + uses: microsoft/DevSkim-Action@v1 + + - name: Upload DevSkim scan results to GitHub Security tab + uses: github/codeql-action/upload-sarif@v1 + with: + sarif_file: devskim-results.sarif diff --git a/code-scanning/properties/devskim.properties.json b/code-scanning/properties/devskim.properties.json new file mode 100644 index 0000000..0eab5c6 --- /dev/null +++ b/code-scanning/properties/devskim.properties.json @@ -0,0 +1,7 @@ +{ + "name": "DevSkim", + "creator": "Microsoft CST-E", + "description": "DevSkim is security linter that highlights common security issues in source code.", + "iconName": "cst-logo", + "categories": ["Code Scanning", "C", "C#", "C++", "Go", "Java", "JavaScript", "TypeScript", "Python", "Powershell", "Cobol", "Objective C", "PHP", "Ruby", "Rust", "SQL", "Swift", "Visual Basic"] +} diff --git a/icons/cst-logo.svg b/icons/cst-logo.svg new file mode 100644 index 0000000..a7beb3d --- /dev/null +++ b/icons/cst-logo.svg @@ -0,0 +1,5 @@ + + + + +