# This workflow uses actions that are not certified by GitHub. # They are provided by a third-party and are governed by # separate terms of service, privacy policy, and support # documentation. # This workflow requires that you have an existing account with codescan.io # For more information about configuring your workflow, # read our documentation at https://github.com/codescan-io/codescan-scanner-action name: CodeScan on: push: branches: [ $default-branch, $protected-branches ] pull_request: # The branches below must be a subset of the branches above branches: [ $default-branch ] schedule: - cron: $cron-weekly permissions: contents: read jobs: CodeScan: permissions: contents: read # for actions/checkout to fetch code security-events: write # for github/codeql-action/upload-sarif to upload SARIF results runs-on: ubuntu-latest steps: - name: Checkout repository uses: actions/checkout@v3 - name: Cache files uses: actions/cache@v3 with: path: | ~/.sonar key: ${{ runner.os }}-sonar restore-keys: ${{ runner.os }}-sonar - name: Run Analysis uses: codescan-io/codescan-scanner-action@5b2e8c5683ef6a5adc8fa3b7950bb07debccce12 with: login: ${{ secrets.CODESCAN_AUTH_TOKEN }} organization: ${{ secrets.CODESCAN_ORGANIZATION_KEY }} projectKey: ${{ secrets.CODESCAN_PROJECT_KEY }} - name: Upload SARIF file uses: github/codeql-action/upload-sarif@v2 with: sarif_file: codescan.sarif