Skip to content

Commit

Permalink
add osv-scanner config for correcting go version used
Browse files Browse the repository at this point in the history
Signed-off-by: Tuomo Tanskanen <tuomo.tanskanen@est.tech>
  • Loading branch information
tuminoid committed Nov 14, 2024
1 parent 4ed14e5 commit 28308b8
Showing 1 changed file with 32 additions and 29 deletions.
61 changes: 32 additions & 29 deletions .github/workflows/osv-scanner-scan.yml
Original file line number Diff line number Diff line change
@@ -1,46 +1,49 @@
# This file is adapted from https://github.com/google/osv-scanner

# runs vulnerability scans and add them to Github Security tab

name: OSV-Scanner Scan

on:
workflow_dispatch:
schedule:
- cron: "12 6 * * 1"

# Restrict jobs in this workflow to have no permissions by default; permissions
# should be granted per job as needed using a dedicated `permissions` block
permissions: {}

jobs:
scan-scheduled:
permissions:
actions: read
contents: read # to fetch code (actions/checkout)
contents: read
security-events: write # for uploading SARIF files
if: ${{ github.repository == 'metal3-io/ip-address-manager' }}
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Calculate go version
id: vars
run: echo "go_version=$(make go-version)" >> $GITHUB_OUTPUT
- name: Set up Go
uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
with:
go-version: ${{ steps.vars.outputs.go_version }}
- name: Install OSV Scanner
run: go install github.com/google/osv-scanner/cmd/osv-scanner@b13f37e1a1e4cb98556c1d34cd3256a876929be1 # v1.9.1
- name: Run OSV Scanner
run: osv-scanner scan --format json --output results.json --recursive --skip-git ./
continue-on-error: true
- name: "Run OSV Scanner Reporter"
uses: google/osv-scanner/actions/reporter@b13f37e1a1e4cb98556c1d34cd3256a876929be1 # v1.9.1
with:
scan-args: |-
--output=results.sarif
--new=results.json
--gh-annotations=false
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: results.sarif
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Calculate go version
id: vars
run: echo "go_version=$(make go-version)" >> $GITHUB_OUTPUT
- name: Set up Go
uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
with:
go-version: ${{ steps.vars.outputs.go_version }}
- name: Install OSV Scanner
run: go install github.com/google/osv-scanner/cmd/osv-scanner@b13f37e1a1e4cb98556c1d34cd3256a876929be1 # v1.9.1
- name: Run OSV Scanner
run: |
osv-scanner scan \
--format json --output results.json --recursive --skip-git \
--config=<( echo "GoVersionOverride = \"${{ steps.vars.outputs.go_version }}\"" ) \
./
continue-on-error: true
- name: "Run OSV Scanner Reporter"
uses: google/osv-scanner/actions/reporter@b13f37e1a1e4cb98556c1d34cd3256a876929be1 # v1.9.1
with:
scan-args: |-
--output=results.sarif
--new=results.json
--gh-annotations=false
continue-on-error: true
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@396bb3e45325a47dd9ef434068033c6d5bb0d11a # v3.27.3
with:
sarif_file: results.sarif

0 comments on commit 28308b8

Please sign in to comment.