# This workflow uses actions that are not certified by GitHub. # They are provided by a third-party and are governed by # separate terms of service, privacy policy, and support # documentation. name: tfsec on: push: branches: [ $default-branch, $protected-branches ] pull_request: branches: [ $default-branch ] schedule: - cron: $cron-weekly jobs: tfsec: name: Run tfsec sarif report runs-on: ubuntu-latest steps: - name: Clone repo uses: actions/checkout@v2 - name: Run tfsec uses: tfsec/tfsec-sarif-action@2ec44316ed27c50d48c931c3c628adc4c8bb1d2b with: sarif_file: tfsec.sarif github_token: ${{ secrets.GITHUB_TOKEN }} - name: Upload SARIF file uses: github/codeql-action/upload-sarif@v1 with: # Path to SARIF file relative to the root of the repository sarif_file: tfsec.sarif