UserStyles/.github/workflows/ossar.yml at 1bd85e9172d9cf5853e34eaa9ac8f4fa4b6c2417 · Nick2bad4u/UserStyles · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
name: OSSAR

# Define the events that trigger this workflow
on:
  push:
    branches: ["main"] # Trigger on push to the "main" branch
  pull_request:
    branches: ["main"] # Trigger on pull request to the "main" branch
  schedule:
    - cron: "41 10 * * 1" # Trigger on a schedule every Monday at 10:41 AM UTC

# Define permissions required for the workflow
permissions:
  contents: read # Required to fetch code using actions/checkout

concurrency:
  group: ossar-${{ github.ref }}
  cancel-in-progress: false

jobs:
  OSSAR-Scan:
    # Define permissions for the OSSAR-Scan job
    permissions:
      contents: read # Required for actions/checkout to fetch code
      security-events: write # Required for github/codeql-action/upload-sarif to upload SARIF results
      actions: read # Only required for private repositories to get the Action run status

    # Specify the runner to use (windows-latest)
    runs-on: windows-latest

    steps:
      # Step to harden the runner for security purposes
      - name: Harden Runner
        uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
        with:
          egress-policy: audit

      # Step to checkout the repository
      - name: Checkout repository
        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0

      # Ensure a compatible version of dotnet is installed.
      # The [Microsoft Security Code Analysis CLI](https://aka.ms/mscadocs) is built with dotnet v3.1.201.
      # A version greater than or equal to v3.1.201 of dotnet must be installed on the agent in order to run this action.
      # GitHub hosted runners already have a compatible version of dotnet installed and this step may be skipped.
      # For self-hosted runners, ensure dotnet version 3.1.201 or later is installed by including this action:
      # - name: Install .NET
      #   uses: actions/setup-dotnet@v2
      #   with:
      #     dotnet-version: '3.1.x'

      # Run open source static analysis tools
      - name: Run OSSAR
        uses: github/ossar-action@786a16a90ba92b4ae6228fe7382fb16ef5c51000 # v1
        id: ossar

      # Upload results to the Security tab
      - name: Upload OSSAR results
        uses: github/codeql-action/upload-sarif@fe4161a26a8629af62121b670040955b330f9af2 # v3.29.5
        with:
          sarif_file: ${{ steps.ossar.outputs.sarifFile }}