Security Analyses #232

	name: Security Analyses

	on:
	push:
	branches: ["main"]
	pull_request:
	branches: ["main"]
	schedule:
	- cron: "35 4 * * 4"

	jobs:
	lint:
	name: Security Analyses
	runs-on: ubuntu-latest
	permissions:
	actions: read
	contents: read
	security-events: write
	steps:
	- name: Checkout code
	uses: actions/checkout@v4
	# When rustup is updated, it tries to replace its binary, which on Windows is somehow locked.
	# This can result in the CI failure, see: https://github.com/rust-lang/rustup/issues/3029
	- name: Setup rust
	uses: dtolnay/rust-toolchain@master
	with:
	toolchain: nightly
	components: clippy
	- uses: Swatinem/rust-cache@v2
	with:
	shared-key: security-analyses--branch--${{ github.ref }}
	- name: Install required cargo
	run: cargo install clippy-sarif sarif-fmt
	- name: Run rust-clippy
	run: cargo clippy
	--all-features
	--message-format=json \| clippy-sarif \| tee rust-clippy-results.sarif \| sarif-fmt
	continue-on-error: true
	- name: Upload analysis results to GitHub
	uses: github/codeql-action/upload-sarif@v3
	with:
	sarif_file: rust-clippy-results.sarif
	wait-for-processing: true
	- name: Run DevSkim scanner
	uses: microsoft/[email protected]

	- name: Upload DevSkim scan results to GitHub Security tab
	uses: github/codeql-action/upload-sarif@v3
	with:
	sarif_file: devskim-results.sarif

Provide feedback