diff --git a/code-scanning/properties/psalm.properties.json b/code-scanning/properties/psalm.properties.json new file mode 100644 index 0000000..381a312 --- /dev/null +++ b/code-scanning/properties/psalm.properties.json @@ -0,0 +1,10 @@ +{ + "name": "Psalm Security Scan", + "creator": "psalm", + "description": "Psalm is a static analysis tool for finding errors in PHP applications", + "iconName": "psalm", + "categories": [ + "Code Scanning", + "PHP" + ] +} diff --git a/code-scanning/psalm.yml b/code-scanning/psalm.yml new file mode 100644 index 0000000..1e88766 --- /dev/null +++ b/code-scanning/psalm.yml @@ -0,0 +1,38 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +name: Psalm Security Scan + +on: + push: + branches: [ $default-branch, $protected-branches ] + pull_request: + # The branches below must be a subset of the branches above + branches: [ $default-branch ] + schedule: + - cron: $cron-weekly + +permissions: + contents: read + +jobs: + php-security: + runs-on: ubuntu-latest + permissions: + contents: read # for actions/checkout to fetch code + security-events: write # for github/codeql-action/upload-sarif to upload SARIF results + actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status + + steps: + - name: Checkout code + uses: actions/checkout@v3 + + - name: Psalm Security Scan + uses: psalm/psalm-github-security-scan@f3e6fd9432bc3e44aec078572677ce9d2ef9c287 + + - name: Upload Security Analysis results to GitHub + uses: github/codeql-action/upload-sarif@v2 + with: + sarif_file: results.sarif diff --git a/icons/psalm.svg b/icons/psalm.svg new file mode 100644 index 0000000..fd9d347 --- /dev/null +++ b/icons/psalm.svg @@ -0,0 +1 @@ + \ No newline at end of file