# This workflow uses actions that are not certified by GitHub. # They are provided by a third-party and are governed by # separate terms of service, privacy policy, and support # documentation. # # Sobelow is a security-focused static analysis tool for the Phoenix framework. https://sobelow.io/ # # To use this workflow, you must have GitHub Advanced Security (GHAS) enabled for your repository. # # Instructions: # 2. Follow the annotated workflow below and make any necessary modifications then save the workflow to your repository # and review the "Security" tab once the action has run. name: Sobelow on: push: branches: [ $default-branch, $protected-branches ] pull_request: branches: [ $default-branch ] schedule: - cron: $cron-weekly permissions: contents: read jobs: security-scan: permissions: contents: read # for actions/checkout to fetch code security-events: write # for github/codeql-action/upload-sarif to upload SARIF results actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - id: run-action uses: sobelow/action@1afd6d2cae70ae8bd900b58506f54487ed863912 - name: Upload report uses: github/codeql-action/upload-sarif@v3 with: sarif_file: results.sarif