Skip to content

aoc forever

aoc forever #77

name: 'Scan for security vulnerabilities'
on:
workflow_dispatch:
pull_request:
branch: [main,master,utama]
jobs:
gitleaks:
name: GitLeaks scan
runs-on: ubuntu-latest
steps:
- name: Check out code
uses: actions/checkout@v3
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Setup go
uses: actions/setup-go@v3
with:
go-version: "1.21"
- name: Scan for leaks
continue-on-error: true
run: go install github.com/zricethezav/gitleaks/[email protected] && /home/runner/go/bin/gitleaks detect -v --source .
semgrep:
name: Semgrep scan
runs-on: ubuntu-latest
container:
image: returntocorp/semgrep
if: (github.actor != 'dependabot[bot]')
steps:
- uses: actions/checkout@v3
- run: semgrep
continue-on-error: true
env:
SEMGREP_RULES: p/default # more at semgrep.dev/explore
osv-scanner:
runs-on: ubuntu-latest
container: ghcr.io/google/osv-scanner
steps:
- name: Check out code
uses: actions/checkout@v3
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Scan the code
run: /osv-scanner --skip-git -r . || if [ $? -eq 128 ]; then true; else exit $?; fi
continue-on-error: true