diff --git a/code-scanning/anchore.yml b/code-scanning/anchore.yml
index 4fbc9f0..a3d2eed 100644
--- a/code-scanning/anchore.yml
+++ b/code-scanning/anchore.yml
@@ -40,6 +40,7 @@ jobs:
with:
image: "localbuild/testimage:latest"
acs-report-enable: true
+ fail-build: false
- name: Upload Anchore Scan Report
uses: github/codeql-action/upload-sarif@v2
with:
diff --git a/code-scanning/properties/pyre.properties.json b/code-scanning/properties/pyre.properties.json
new file mode 100644
index 0000000..bc12321
--- /dev/null
+++ b/code-scanning/properties/pyre.properties.json
@@ -0,0 +1,7 @@
+{
+ "name": "Pyre",
+ "creator": "Meta",
+ "description": "Pyre is a performant type checker for Python compliant with PEP 484. Pyre can analyze codebases with millions of lines of code incrementally – providing instantaneous feedback to developers as they write code.",
+ "iconName": "pyre",
+ "categories": ["Code Scanning", "Python"]
+}
diff --git a/code-scanning/properties/pysa.properties.json b/code-scanning/properties/pysa.properties.json
new file mode 100644
index 0000000..1a61c40
--- /dev/null
+++ b/code-scanning/properties/pysa.properties.json
@@ -0,0 +1,7 @@
+{
+ "name": "Pysa",
+ "creator": "Meta",
+ "description": "Python Static Analyzer (Pysa) is a security-focused static analysis tool that tracks flows of data from where they originate to where they terminate in a dangerous location.",
+ "iconName": "pysa",
+ "categories": ["Code Scanning", "Python"]
+}
diff --git a/code-scanning/pyre.yml b/code-scanning/pyre.yml
new file mode 100644
index 0000000..3c32e8b
--- /dev/null
+++ b/code-scanning/pyre.yml
@@ -0,0 +1,46 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+# This workflow integrates Pyre with GitHub's
+# Code Scanning feature.
+#
+# Pyre is a performant type checker for Python compliant with
+# PEP 484. Pyre can analyze codebases with millions of lines
+# of code incrementally – providing instantaneous feedback
+# to developers as they write code.
+#
+# See https://pyre-check.org
+
+name: Pyre
+
+on:
+ workflow_dispatch:
+ push:
+ branches: [ $default-branch, $protected-branches ]
+ pull_request:
+ branches: [ $default-branch ]
+
+permissions:
+ contents: read
+
+jobs:
+ pyre:
+ permissions:
+ actions: read
+ contents: read
+ security-events: write
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v3
+ with:
+ submodules: true
+
+ - name: Run Pyre
+ uses: facebook/pyre-action@60697a7858f7cc8470d8cc494a3cf2ad6b06560d
+ with:
+ # To customize these inputs:
+ # See https://github.com/facebook/pyre-action#inputs
+ repo-directory: './'
+ requirements-path: 'requirements.txt'
diff --git a/code-scanning/pysa.yml b/code-scanning/pysa.yml
new file mode 100644
index 0000000..a9e3c81
--- /dev/null
+++ b/code-scanning/pysa.yml
@@ -0,0 +1,50 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+# This workflow integrates Python Static Analyzer (Pysa) with
+# GitHub's Code Scanning feature.
+#
+# Python Static Analyzer (Pysa) is a security-focused static
+# analysis tool that tracks flows of data from where they
+# originate to where they terminate in a dangerous location.
+#
+# See https://pyre-check.org/docs/pysa-basics/
+
+name: Pysa
+
+on:
+ workflow_dispatch:
+ push:
+ branches: [ $default-branch, $protected-branches ]
+ pull_request:
+ branches: [ $default-branch ]
+ schedule:
+ - cron: $cron-weekly
+
+permissions:
+ contents: read
+
+jobs:
+ pysa:
+ permissions:
+ actions: read
+ contents: read
+ security-events: write
+
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v3
+ with:
+ submodules: true
+
+ - name: Run Pysa
+ uses: facebook/pysa-action@f46a63777e59268613bd6e2ff4e29f144ca9e88b
+ with:
+ # To customize these inputs:
+ # See https://github.com/facebook/pysa-action#inputs
+ repo-directory: './'
+ requirements-path: 'requirements.txt'
+ infer-types: true
+ include-default-sapp-filters: true
diff --git a/icons/pyre.svg b/icons/pyre.svg
new file mode 100644
index 0000000..2af14c0
--- /dev/null
+++ b/icons/pyre.svg
@@ -0,0 +1 @@
+
\ No newline at end of file
diff --git a/icons/pysa.svg b/icons/pysa.svg
new file mode 100644
index 0000000..ed60fb1
--- /dev/null
+++ b/icons/pysa.svg
@@ -0,0 +1 @@
+
\ No newline at end of file