Skip to content

feat: scan for vulnerabilities #62

feat: scan for vulnerabilities

feat: scan for vulnerabilities #62

Workflow file for this run

---
name: CI on Pull Requests
on:
pull_request:
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
commitlint:
name: Lint Commit Messages
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: wagoid/commitlint-github-action@v5
test:
name: Test Suite
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@stable
with:
toolchain: stable
components: rustfmt
- name: run cargo test
run: cargo test
formatting:
name: Code Formatting
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@stable
with:
toolchain: stable
components: rustfmt
- name: running rustfmt
run: |
files=$(find . -name '*.rs')
IFS=$'\n'; for file in $files; do
rustfmt --check "$file"
done
scan-for-vulnerabilities:
name: Scan for Vulnerabilities
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: DeterminateSystems/nix-installer-action@da36cb69b1c3247ad7a1f931ebfd954a1105ef14 # v14
- run: |
nix profile install .#
nix2sbom -f spdx .# > spdx.json
- name: Scan SBOM
uses: anchore/scan-action@v3
with:
sbom: "spdx.json"