diff --git a/.github/workflows/octoscan.yml b/.github/workflows/octoscan.yml new file mode 100644 index 0000000..1be6d4b --- /dev/null +++ b/.github/workflows/octoscan.yml @@ -0,0 +1,32 @@ +name: Octoscan + +on: + workflow_dispatch: + pull_request: + paths: + - '.github/workflows/*' + push: + paths: + - '.github/workflows/*' + +permissions: + security-events: write + actions: read + contents: read + +jobs: + octoscan: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + + - id: octoscan + name: Run octoscan + uses: synacktiv/action-octoscan@6b1cf2343893dfb9e5f75652388bd2dc83f456b0 # v1.0.0 + + - name: Upload SARIF file to GitHub + uses: github/codeql-action/upload-sarif@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13 + with: + sarif_file: "${{ steps.octoscan.outputs.sarif_output }}" + category: octoscan