# This workflow uses actions that are not certified by GitHub. # They are provided by a third-party and are governed by # separate terms of service, privacy policy, and support # documentation. # This workflow requires that you have an existing account with codescan.io # For more information about configuring your workflow, # read our documentation at https://github.com/codescan-io/codescan-scanner-action name: CodeScan on: push: branches: [ $default-branch, $protected-branches ] pull_request: # The branches below must be a subset of the branches above branches: [ $default-branch ] schedule: - cron: $cron-weekly jobs: CodeScan: runs-on: ubuntu-latest steps: - name: Checkout repository uses: actions/checkout@v2 - name: Cache files uses: actions/cache@v2 with: path: | ~/.sonar key: ${{ runner.os }}-sonar restore-keys: ${{ runner.os }}-sonar - name: Run Analysis uses: codescan-io/codescan-scanner-action@5b2e8c5683ef6a5adc8fa3b7950bb07debccce12 with: login: ${{ secrets.CODESCAN_AUTH_TOKEN }} organization: ${{ secrets.CODESCAN_ORGANIZATION_KEY }} projectKey: ${{ secrets.CODESCAN_PROJECT_KEY }} - name: Upload SARIF file uses: github/codeql-action/upload-sarif@v1 with: sarif_file: codescan.sarif