fix: resolve OVSM parse errors with colon syntax in field access #686

Workflow file for this run

.github/workflows/security.yml at dfaa2ba

	name: Security Scan

	on:
	push:
	branches: [ main ]
	pull_request:
	branches: [ main ]
	schedule:
	- cron: '0 0 * * 1' # Run weekly on Mondays

	jobs:
	security-audit:
	name: Security Audit
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4

	- name: Install native dependencies for hidapi
	run: \|
	sudo apt-get update
	sudo apt-get install -y libhidapi-dev libudev-dev

	- name: Install Rust
	uses: dtolnay/rust-toolchain@stable
	with:
	toolchain: stable

	- name: Install cargo-audit
	run: cargo install cargo-audit
	working-directory: .

	- name: Run cargo-audit
	run: cargo audit
	working-directory: .

	- name: Install cargo-deny
	run: cargo install cargo-deny --locked
	working-directory: .

	- name: Run cargo-deny
	run: cargo deny check advisories
	working-directory: .

	dependency-review:
	name: Dependency Review
	runs-on: ubuntu-latest
	if: github.event_name == 'pull_request'
	steps:
	- name: Checkout Repository
	uses: actions/checkout@v4

	- name: Dependency Review
	uses: actions/dependency-review-action@v4
	with:
	fail-on-severity: high

	code-scanning:
	name: Code Scanning
	runs-on: ubuntu-latest
	permissions:
	security-events: write
	actions: read
	contents: read
	# Add timeout to entire job
	timeout-minutes: 60
	strategy:
	matrix:
	language: [javascript, python, ruby, rust]
	steps:
	- name: Checkout repository
	uses: actions/checkout@v4

	- name: Install native dependencies for hidapi
	run: \|
	sudo apt-get update
	sudo apt-get install -y libhidapi-dev libudev-dev

	- name: Initialize CodeQL
	uses: github/codeql-action/init@v3
	with:
	languages: rust
	env:
	CODEQL_ENABLE_EXPERIMENTAL_FEATURES: true

	- name: Build
	run: cargo build --locked
	working-directory: .

	- name: Perform CodeQL Analysis
	uses: github/codeql-action/analyze@v3
	with:
	# Configure upload timeout and chunking
	upload-size: "100m"
	upload-timeout: "300"
	# Enable retries on network errors
	upload-retries: 3
	category: ${{ matrix.language }}-analysis
	continue-on-error: true
	id: codeql_analyze

	- name: Retry CodeQL Analysis on Failure
	if: steps.codeql_analyze.outcome == 'failure'
	uses: github/codeql-action/analyze@v3
	with:
	upload-size: "50m"
	upload-timeout: "600"
	upload-retries: 5
	category: ${{ matrix.language }}-analysis-retry

	- name: Debug Information
	run: \|
	echo "CodeQL analysis completed"
	ls -la /home/runner/work/_temp/codeql_databases/ \|\| echo "Cannot access CodeQL database"
	echo "Checking SARIF results size:"
	du -h /home/runner/work/osvm-cli/results/rust.sarif \|\| echo "Cannot access SARIF file"
	cat /home/runner/work/_temp/codeql_databases/log/database-export-diagnostics-*.log \|\| echo "No diagnostics log found"

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

fix: resolve OVSM parse errors with colon syntax in field access #686

Workflow file

fix: resolve OVSM parse errors with colon syntax in field access #686

Uh oh!

Jobs

Run details

Workflow file for this run