valibot/.github/workflows/security.yml at main · open-circle/valibot · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
name: Security

on:
  push:
    branches: [main]
  pull_request:

jobs:
  scan:
    name: Scan dependencies
    runs-on: ubuntu-latest
    permissions:
      contents: read
      security-events: write
    steps:
      - name: Checkout repository
        uses: actions/checkout@v6
        with:
          persist-credentials: false
      - name: Scan for vulnerabilities
        uses: OWASP/cve-lite-cli@v1
        with:
          path: .
          fail-on: critical
          verbose: 'true'
          sarif: 'true'
      - name: Upload SARIF to GitHub
        uses: github/codeql-action/upload-sarif@v4
        if: always()
        with:
          sarif_file: ${{ github.workspace }}