Skip to content

[E2E] Create CMSIS Solution from Template #188

[E2E] Create CMSIS Solution from Template

[E2E] Create CMSIS Solution from Template #188

Workflow file for this run

name: Security Scans
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
paths-ignore:
- '**/*.md'
- '.github/workflows/markdown.yml'
- '.github/markdownlint.json'
- '.github/markdownlint.jsonc'
- '.github/workflows/nightly.yml'
- '.github/ISSUE_TEMPLATE/**'
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
permissions:
contents: read
jobs:
analyze:
name: Analyze
runs-on: ubuntu-latest
permissions:
actions: read
checks: write
contents: read
security-events: write
packages: read
steps:
- name: Harden the runner (Audit all outbound calls)
uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4
with:
egress-policy: audit
- name: Checkout repository
id: checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Initialize CodeQL
id: initialize
uses: github/codeql-action/init@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0
with:
queries: security-extended
languages: TypeScript
source-root: src
- name: Autobuild
id: autobuild
uses: github/codeql-action/autobuild@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0
- name: Perform CodeQL Analysis
id: analyze
uses: github/codeql-action/analyze@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0
osv-scan:
permissions:
actions: read
checks: write
contents: read
security-events: write
packages: read
if: ${{ github.event_name == 'pull_request' }}
name: Scan PR with OSV Scanner
uses: google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml@9a498708959aeaef5ef730655706c5a1df1edbc2 #v2.3.8
with:
scan-args: |-
--recursive
--skip-git
./