-
Notifications
You must be signed in to change notification settings - Fork 296
33 lines (30 loc) · 904 Bytes
/
security-scan.yaml
File metadata and controls
33 lines (30 loc) · 904 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
name: Weekly security scan
on:
schedule:
# Cron for every Monday at 9:12 UTC.
- cron: "12 9 * * 1"
# Remove all permissions from GITHUB_TOKEN except metadata.
permissions: {}
jobs:
scan:
strategy:
fail-fast: false
matrix:
branch: [main, release-0.14, release-0.13]
name: Trivy
runs-on: ubuntu-latest
steps:
- name: Check out code
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # tag=v6.0.2
with:
ref: ${{ matrix.branch }}
persist-credentials: false
- name: Calculate go version
id: vars
run: echo "go_version=$(make go-version)" >> $GITHUB_OUTPUT
- name: Set up Go
uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # tag=v6.4.0
with:
go-version: ${{ steps.vars.outputs.go_version }}
- name: Run verify security target
run: make verify-security