chore(deps): bump kube-lease-manager from 0.11.1 to 0.12.0 #158
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Copyright (c) 2025 Erick Bourgeois, firestoned | |
| # SPDX-License-Identifier: Apache-2.0 | |
| # | |
| # SAST (Semgrep OSS) — always-on. Runs on every PR and every push to main | |
| # with no `paths:` filter so Scorecard's SAST check records every commit | |
| # as covered (the path-gated Semgrep job in build.yaml was producing | |
| # uncovered-commit events on dependabot and docs-only PRs). | |
| # | |
| # Runs the community Rust / security-audit / secrets / OWASP Top Ten | |
| # rulesets and uploads SARIF to the Code Scanning dashboard under the | |
| # `semgrep` category. No token required — this is the free OSS Community | |
| # Edition. | |
| name: SAST | |
| on: | |
| pull_request: | |
| branches: | |
| - main | |
| push: | |
| branches: | |
| - main | |
| permissions: | |
| contents: read | |
| jobs: | |
| semgrep: | |
| name: 🔎 SAST (Semgrep) | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| security-events: write | |
| container: | |
| image: returntocorp/semgrep | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 | |
| - name: Run Semgrep | |
| run: | | |
| semgrep scan \ | |
| --config=p/rust \ | |
| --config=p/security-audit \ | |
| --config=p/secrets \ | |
| --config=p/owasp-top-ten \ | |
| --sarif --output=semgrep.sarif \ | |
| --metrics=off \ | |
| --error || true | |
| - name: Upload Semgrep SARIF to Code Scanning | |
| uses: github/codeql-action/upload-sarif@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2 | |
| with: | |
| sarif_file: semgrep.sarif | |
| category: semgrep |