Skip to content
Security Analyses

Security Analyses #223

Sign in to view logs

Security Analyses

Security Analyses #223

Workflow file for this run

.github/workflows/security_analyses.yml at 5771607
name: Security Analyses
on:
push:
branches: ["main"]
pull_request:
branches: ["main"]
schedule:
- cron: "35 4 * * 4"
jobs:
lint:
name: Security Analyses
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
steps:
- name: Checkout code
uses: actions/checkout@v4
# When rustup is updated, it tries to replace its binary, which on Windows is somehow locked.
# This can result in the CI failure, see: https://github.com/rust-lang/rustup/issues/3029
- name: Setup rust
uses: dtolnay/rust-toolchain@master
with:
toolchain: nightly
components: clippy
- uses: Swatinem/rust-cache@v2
with:
shared-key: security-analyses--branch--${{ github.ref }}
- name: Install required cargo
run: cargo install clippy-sarif sarif-fmt
- name: Run rust-clippy
run: cargo clippy
--all-features
--message-format=json | clippy-sarif | tee rust-clippy-results.sarif | sarif-fmt
continue-on-error: true
- name: Upload analysis results to GitHub
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: rust-clippy-results.sarif
wait-for-processing: true
- name: Run DevSkim scanner
uses: microsoft/[email protected]
- name: Upload DevSkim scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: devskim-results.sarif