8eb5b3467a
This workflow action uses OSV Scanner, an open source vulnerability scanner by Google. We're using OSV Scanner because it has: * good usability - JSON output and multiple options * good accuracy - OSV database from google and support for multiple languages including PHP
19 lines
No EOL
471 B
YAML
19 lines
No EOL
471 B
YAML
name: Check dependencies
|
|
|
|
# Adapted from https://google.github.io/osv-scanner/github-action/#scan-on-pull-request
|
|
|
|
on:
|
|
pull_request:
|
|
branches: [main, 1.*.x]
|
|
merge_group:
|
|
branches: [main, 1.*.x]
|
|
|
|
permissions:
|
|
# Require writing security events to upload SARIF file to security tab
|
|
security-events: write
|
|
# Only need to read contents
|
|
contents: read
|
|
|
|
jobs:
|
|
scan-pr:
|
|
uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@v1.7.1" |