# A sample workflow which sets up periodic OSV-Scanner scanning for vulnerabilities, # in addition to a PR check which fails if new vulnerabilities are introduced. # # For more examples and options, including how to ignore specific vulnerabilities, # see https://google.github.io/osv-scanner/github-action/ name: OSV-Scanner on: workflow_dispatch: pull_request: branches: [ "main" ] schedule: - cron: '0 1 * * 0' push: branches: [ "main" ] permissions: {} jobs: scan-scheduled: permissions: actions: read # # Required to upload SARIF file to CodeQL contents: read # Read commit contents security-events: write # Require writing security events to upload SARIF file to security tab if: ${{ github.event_name == 'push' || github.event_name == 'schedule' || github.event_name == 'workflow_dispatch' }} uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@b00f71e051ddddc6e46a193c31c8c0bf283bf9e6" # v2.1.0 with: scan-args: |- -r ./ scan-pr: permissions: actions: read # Required to upload SARIF file to CodeQL contents: read # Read commit contents security-events: write # Require writing security events to upload SARIF file to security tab if: ${{ github.event_name == 'pull_request' }} uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml@b00f71e051ddddc6e46a193c31c8c0bf283bf9e6" # v2.1.0 with: # Example of specifying custom arguments scan-args: |- -r ./