dejacode/.github/workflows/find-vulnerabilities.yml at 5c2cc2d2ebc429eeee6d9e7e5b3def4fedcd48dc · aboutcode-org/dejacode · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
name: Find dependencies vulnerabilities

on:
  workflow_dispatch:
  pull_request:
  push:
    branches:
      - main

jobs:
  scan-codebase:
    runs-on: ubuntu-24.04
    permissions:
      contents: read

    name: Inspect packages with ScanCode.io
    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd  # v6.0.2
        with:
          path: scancode-inputs
          sparse-checkout: pyproject.toml
          sparse-checkout-cone-mode: false
          persist-credentials: false  # do not keep the token around

      - name: Fail on known vulnerabilities
        uses: aboutcode-org/scancode-action@6e900c920928c44932e756e308561451b09ec58b
        with:
          pipelines: "inspect_packages:StaticResolver,find_vulnerabilities"
          check-compliance: true
          compliance-fail-on-vulnerabilities: true
          scancodeio-repo-branch: "main"
        env:
          VULNERABLECODE_URL: https://public.vulnerablecode.io/