Bump postcss from 8.5.6 to 8.5.12 #235
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: DevSkim | |
| on: | |
| push: | |
| branches: [ "main", "DSSRF_Branch_Rule" ] | |
| pull_request: | |
| branches: [ "main" ] | |
| schedule: | |
| - cron: '0 0 * * *' # FIX: Running every minute is a security/resource risk; changed to daily. | |
| # SCORECARD & SOLARWINDS FIX: | |
| # This defines top-level permissions as read-only for the entire workflow. | |
| permissions: read-all | |
| jobs: | |
| lint: | |
| name: DevSkim | |
| runs-on: ubuntu-latest | |
| permissions: | |
| actions: read | |
| contents: read | |
| security-events: write | |
| steps: | |
| - name: Checkout code | |
| # Pinned to specific SHA for immutable security | |
| uses: actions/checkout@0c366fd6a839edf440554fa01a7085ccba70ac98 | |
| - name: Run DevSkim scanner | |
| uses: microsoft/DevSkim-Action@4b5047945a44163b94642a1cecc0d93a3f428cc6 | |
| with: | |
| # FIX: DevSkim needs to know where to save the results so the next step can find them. | |
| directory-to-scan: . | |
| output-filename: devskim-results.sarif | |
| - name: Upload DevSkim scan results to GitHub Security tab | |
| if: always() | |
| uses: github/codeql-action/upload-sarif@5e7a52feb2a3dfb87f88be2af33b9e2275f48de6 | |
| with: | |
| sarif_file: devskim-results.sarif |