github/kata-containers
1
0
Fork 2
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-09-17 14:58:16 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #11581 from stevenhorsman/osv-scanner-action-permissions-fix

Browse Source 
workflow: Fix osv-scanner action
This commit is contained in:
Steve Horsman
2025-07-17 18:18:16 +01:00
committed by GitHub
parent 8741f2ab3d a7e27b9b68
commit 549fd2a196
1 changed files with 6 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
.github/workflows/osv-scanner.yaml vendored
View File

@@ -18,23 +18,24 @@ on:
jobs: jobs:
scan-scheduled: scan-scheduled:
permissions: permissions:
actions: read # # Required to upload SARIF file to CodeQL
contents: read # Read commit contents
security-events: write # Require writing security events to upload SARIF file to security tab security-events: write # Require writing security events to upload SARIF file to security tab
if: ${{ github.event_name == 'push' || github.event_name == 'schedule' || github.event_name == 'workflow_dispatch' }} if: ${{ github.event_name == 'push' || github.event_name == 'schedule' || github.event_name == 'workflow_dispatch' }}
uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@1f1242919d8a60496dd1874b24b62b2370ed4c78" # v1.7.1 uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@b00f71e051ddddc6e46a193c31c8c0bf283bf9e6" # v2.1.0
with: with:
# Example of specifying custom arguments
scan-args: |- scan-args: |-
-r -r
--skip-git
./ ./
scan-pr: scan-pr:
permissions: permissions:
actions: read # Required to upload SARIF file to CodeQL
contents: read # Read commit contents
security-events: write # Require writing security events to upload SARIF file to security tab security-events: write # Require writing security events to upload SARIF file to security tab
if: ${{ github.event_name == 'pull_request' }} if: ${{ github.event_name == 'pull_request' }}
uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml@1f1242919d8a60496dd1874b24b62b2370ed4c78" # v1.7.1 uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml@b00f71e051ddddc6e46a193c31c8c0bf283bf9e6" # v2.1.0
with: with:
# Example of specifying custom arguments # Example of specifying custom arguments
scan-args: |- scan-args: |-
-r -r
--skip-git
./ ./