Analyze CVEs #665
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Analyze CVEs | |
| permissions: | |
| contents: read | |
| on: | |
| schedule: | |
| # https://crontab.guru/#0_10_*_*_* - at 10:00 A.M. UTC every day | |
| - cron: "0 10 * * *" | |
| pull_request: | |
| paths: | |
| - "**/go.sum" | |
| - "**/go.mod" | |
| jobs: | |
| validate: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| - name: Install tools | |
| uses: ./.github/actions/install-tools | |
| - name: Check for CVEs in Dependencies | |
| # TODO: if this fails we should look at Zarf's .grype.yaml as there may be the same false positive | |
| run: "make scan" |