[main] Update actions

.github/workflows/knative-releasability.yaml

@@ -13,7 +13,7 @@
 # limitations under the License.
 
 # This file is automagically synced here from github.com/knative-sandbox/.github
-# repo by knobots: https://github.com/mattmoor/knobots and will be overwritten.
+# repo by knobots: https://github.com/knative-sandbox/knobots and will be overwritten.
 
 name: 'Releasability'
 

.github/workflows/knative-vulnerability.yaml

@@ -0,0 +1,42 @@
+# Copyright 2021 The Knative Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# This file is automagically synced here from github.com/knative-sandbox/.github
+# repo by knobots: https://github.com/knative-sandbox/knobots and will be overwritten.
+
+name: 'Vulnerability scan'
+
+on:
+ schedule:
+ - cron: '0 1 1,15 * *' # 6am Pacific, 1st of the month to not exceed limits (200 total for all repos).
+ workflow_dispatch: {}
+
+jobs:
+ snyk:
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@master
+
+ - name: Run Snyk to check for vulnerabilities
+ uses: snyk/actions/golang@master
+ continue-on-error: true # To make sure that SARIF upload gets called
+ env:
+ SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+ with:
+ args: --sarif-file-output=snyk.sarif
+
+ - name: Upload result to GitHub Code Scanning
+ uses: github/codeql-action/upload-sarif@v1
+ with:
+ sarif_file: snyk.sarif