mirror of
https://github.com/paperless-ngx/paperless-ngx.git
synced 2026-07-03 02:34:22 +00:00
31d28d87db
Signed-off-by: dependabot[bot] <support@github.com>
51 lines
1.5 KiB
YAML
51 lines
1.5 KiB
YAML
name: Static Analysis
|
|
on:
|
|
push:
|
|
branches-ignore:
|
|
- 'translations**'
|
|
pull_request:
|
|
branches-ignore:
|
|
- 'translations**'
|
|
workflow_dispatch:
|
|
concurrency:
|
|
group: static-analysis-${{ github.event.pull_request.number || github.ref }}
|
|
cancel-in-progress: true
|
|
permissions:
|
|
contents: read
|
|
jobs:
|
|
zizmor:
|
|
name: Run zizmor
|
|
runs-on: ubuntu-24.04
|
|
permissions:
|
|
contents: read
|
|
actions: read
|
|
security-events: write
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
|
with:
|
|
persist-credentials: false
|
|
- name: Run zizmor
|
|
uses: zizmorcore/zizmor-action@192e21d79ab29983730a13d1382995c2307fbcaa # v0.5.7
|
|
semgrep:
|
|
name: Semgrep CE
|
|
runs-on: ubuntu-24.04
|
|
container:
|
|
image: semgrep/semgrep:1.155.0@sha256:cc869c685dcc0fe497c86258da9f205397d8108e56d21a86082ea4886e52784d
|
|
if: github.actor != 'dependabot[bot]'
|
|
permissions:
|
|
contents: read
|
|
security-events: write
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
|
with:
|
|
persist-credentials: false
|
|
- name: Run Semgrep
|
|
run: semgrep scan --config auto --sarif-output results.sarif
|
|
- name: Upload results to GitHub code scanning
|
|
uses: github/codeql-action/upload-sarif@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
|
|
if: always()
|
|
with:
|
|
sarif_file: results.sarif
|