Merge pull request #35 from kdenhartog/patch-1

Create security-action.yml

.github/workflows/security-action.yml

@@ -0,0 +1,32 @@
+name: security
+on:
+  workflow_dispatch:
+  push:
+    branches: [main]
+  pull_request:
+    types: [opened, synchronize, reopened, ready_for_review]
+    branches: [main]
+
+jobs:
+  security:
+    name: security
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      # CodeQL analyzed languages
+      matrix:
+        language: [ 'generic', 'javascript', 'python', 'ruby', 'go' ]
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+      - uses: brave/security-action@main
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          slack_token: ${{ secrets.HOTSPOTS_SLACK_TOKEN }} # optional
+          # by default assignees will be thypon and bcaller, modify accordingly
+          assignees: |
+            kdenhartog
+            thypon
+            bcaller
+          codeql_config: ./.github/codeql/codeql-config.yml # optional