blob: c496ab8d2781ca1b496a5df8b24a79abcc53d8e9 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
|
name: "json4cpp: Flawfinder"
permissions:
contents: read
on:
push:
branches: ["develop"]
paths:
- 'json4cpp/**'
pull_request:
branches: ["develop"]
paths:
- 'json4cpp/**'
schedule:
- cron: '41 14 * * 3'
jobs:
flawfinder:
name: Flawfinder
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
steps:
- name: Harden Runner
uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
with:
egress-policy: audit
- name: Checkout code
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: flawfinder_scan
uses: david-a-wheeler/flawfinder@c57197cd6061453f10a496f30a732bc1905918d1 # v2.0.19
with:
arguments: '--sarif ./json4cpp/'
output: 'flawfinder_results.sarif'
- name: Upload analysis results to GitHub Security tab
uses: github/codeql-action/upload-sarif@0d579ffd059c29b07949a3cce3983f0780820c98 # v4
with:
sarif_file: ${{ github.workspace }}/flawfinder_results.sarif
|
