appwrite/.github/workflows/check-dependencies.yml

name: Check dependencies

# Adapted from https://google.github.io/osv-scanner/github-action/#scan-on-pull-request

on:
  pull_request:
    branches: [main, 1.*.x]
  merge_group:
    branches: [main, 1.*.x]

permissions:
  # Require writing security events to upload SARIF file to security tab
  security-events: write
  # Only need to read contents
  contents: read

jobs:
  scan-pr:
    uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@v1.7.1"
feat(security): add github workflow to check dependencies This workflow action uses OSV Scanner, an open source vulnerability scanner by Google. We're using OSV Scanner because it has: * good usability - JSON output and multiple options * good accuracy - OSV database from google and support for multiple languages including PHP 2024-04-25 11:00:23 +12:00			`name: Check dependencies`

			`# Adapted from https://google.github.io/osv-scanner/github-action/#scan-on-pull-request`

			`on:`
			`pull_request:`
			`branches: [main, 1.*.x]`
			`merge_group:`
			`branches: [main, 1.*.x]`

			`permissions:`
			`# Require writing security events to upload SARIF file to security tab`
			`security-events: write`
			`# Only need to read contents`
			`contents: read`

			`jobs:`
			`scan-pr:`
			`uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@v1.7.1"`