# This workflow uses actions that are not certified by GitHub. # They are provided by a third-party and are governed by # separate terms of service, privacy policy, and support # documentation. name: MobSF on: push: branches: [ $default-branch, $protected-branches ] pull_request: branches: [ $default-branch ] schedule: - cron: $cron-weekly jobs: mobile-security: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 - name: Setup python uses: actions/setup-python@v2 with: python-version: 3.8 - name: Run mobsfscan uses: MobSF/mobsfscan@a60d10a83af68e23e0b30611c6515da604f06f65 with: args: . --sarif --output results.sarif || true - name: Upload mobsfscan report uses: github/codeql-action/upload-sarif@v1 with: sarif_file: results.sarif