forked from flutter/engine
-
Notifications
You must be signed in to change notification settings - Fork 0
56 lines (46 loc) · 1.73 KB
/
third_party_scan.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
name: Third party dependency scan
on:
# Only the default branch is supported.
branch_protection_rule:
branches: [ main ]
schedule:
- cron: "0 8 * * *" # runs daily at 08:00
# Declare default permissions as read only.
permissions: read-all
jobs:
analysis:
name: Third party dependency scan
runs-on: ubuntu-latest
permissions:
# Needed to upload the results to code-scanning dashboard.
security-events: write
actions: read
contents: read
steps:
- name: "Checkout code"
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c
with:
persist-credentials: false
- name: setup python
uses: actions/setup-python@d27e3f3d7c64b4bbf8e4abfb9b63b83e846e0435
with:
python-version: '3.7.7' # install the python version needed
- name: install dependency
run: pip install git+https://github.com/psf/requests.git@4d394574f5555a8ddcc38f707e0c9f57f55d9a3b
- name: execute py script
run: python ci/deps_parser.py
- name: parse deps_parser output.txt
run: python ci/scan_flattened_deps.py
# Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
# format to the repository Actions tab.
- name: "Upload artifact"
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce
with:
name: SARIF file
path: osvReport.sarif
retention-days: 5
# Upload the results to GitHub's code scanning dashboard.
- name: "Upload to code-scanning"
uses: github/codeql-action/upload-sarif@16964e90ba004cdf0cd845b866b5df21038b7723
with:
sarif_file: osvReport.sarif