diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml new file mode 100644 index 00000000..e31663fb --- /dev/null +++ b/.github/workflows/scan.yml @@ -0,0 +1,37 @@ +name: scan + +on: + push: + branches: [ main ] + pull_request: + branches: [ main ] + schedule: + - cron: '18 10 * * 3' + +permissions: + contents: read + +jobs: + codeql: + runs-on: ubuntu-latest + permissions: + security-events: write + if: github.actor != 'dependabot[bot]' + steps: + - name: Checkout + uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 + - name: Setup Go + uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0 + with: + go-version: 1.20.x + cache-dependency-path: | + **/go.sum + **/go.mod + - name: Init + uses: github/codeql-action/init@168b99b3c22180941ae7dbdd5f5c9678ede476ba # v2.2.7 + with: + languages: go + - name: Build + uses: github/codeql-action/autobuild@168b99b3c22180941ae7dbdd5f5c9678ede476ba # v2.2.7 + - name: Analyze + uses: github/codeql-action/analyze@168b99b3c22180941ae7dbdd5f5c9678ede476ba # v2.2.7