Skip to content
Security Checks

ci(deps): bump complytime/org-infra/.github/workflows/reusable_depend… #205

Sign in to view logs

ci(deps): bump complytime/org-infra/.github/workflows/reusable_depend…

ci(deps): bump complytime/org-infra/.github/workflows/reusable_depend… #205

Workflow file for this run

.github/workflows/ci_security.yml at 063579f
name: Security Checks
on:
push:
branches:
- main
pull_request:
branches:
- main
permissions:
contents: read
actions: none
id-token: none
security-events: none
packages: none
jobs:
call_reusable_vuln_scan:
name: OSV-Scanner
permissions:
contents: read
actions: read
security-events: write
uses: complytime/org-infra/.github/workflows/reusable_vuln_scan.yml@bbd7194995388f96dd28c0c0792d406c8a249140 # v0.4.0
with:
# OSV focuses on known CVEs in dependencies; Trivy adds broader coverage
enable_trivy_source: false
call_reusable_security:
name: OpenSSF Scorecards
permissions:
contents: read
id-token: write
security-events: write
uses: complytime/org-infra/.github/workflows/reusable_security.yml@bbd7194995388f96dd28c0c0792d406c8a249140 # v0.4.0