From afe15fefe45bcccbc3ee27d785fe29e1a115a09b Mon Sep 17 00:00:00 2001 From: Prajjwol Gautam Date: Wed, 24 Nov 2021 03:42:47 -0800 Subject: [PATCH] ci: enable gosec sarif upload (#776) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * ci: enable gosec sarif upload * Update .github/workflows/security.yml Co-authored-by: Federico Kunze Küllmer <31522760+fedekunze@users.noreply.github.com> --- .github/workflows/security.yml | 36 +++++++++++++++++----------------- 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml index ec798dc3..a7d878ed 100644 --- a/.github/workflows/security.yml +++ b/.github/workflows/security.yml @@ -1,34 +1,34 @@ name: Run Gosec on: + pull_request: push: branches: - main - pull_request: - branches: - - '**' + jobs: - tests: + Gosec: runs-on: ubuntu-latest env: GO111MODULE: on steps: - name: Checkout Source uses: actions/checkout@v2.4.0 - # - uses: technote-space/get-diff-action@v5 - # with: - # SUFFIX_FILTER: | - # .go - # .mod - # .sum + - name: Get Diff + uses: technote-space/get-diff-action@v5 + with: + PATTERNS: | + **/*.go + go.mod + go.sum - name: Run Gosec Security Scanner uses: informalsystems/gosec@master with: - args: ./... # we let the report trigger content trigger a failure using the GitHub Security features. - # args: '-no-fail -fmt sarif -out results.sarif ./...' - # - name: Upload SARIF file - # uses: github/codeql-action/upload-sarif@v1 - # with: - # # Path to SARIF file relative to the root of the repository - # sarif_file: results.sarif - # if: "env.GIT_DIFF != ''" + args: '-no-fail -fmt sarif -out results.sarif ./...' + if: "env.GIT_DIFF_FILTERED != ''" + - name: Upload SARIF file + uses: github/codeql-action/upload-sarif@v1 + with: + # Path to SARIF file relative to the root of the repository + sarif_file: results.sarif + if: "env.GIT_DIFF_FILTERED != ''"