Skip to content

Commit 1969551

Browse files
anhthiianhthii
committed
Fix ci
1 parent 360c027 commit 1969551

1 file changed

Lines changed: 19 additions & 6 deletions

File tree

.github/workflows/ci.yml

Lines changed: 19 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -64,6 +64,10 @@ jobs:
6464
security-scan:
6565
runs-on: ubuntu-latest
6666
name: Security Vulnerability Scan
67+
permissions:
68+
actions: read
69+
contents: read
70+
security-events: write
6771

6872
steps:
6973
- name: Checkout code
@@ -94,16 +98,19 @@ jobs:
9498
run: govulncheck ./...
9599

96100
- name: Install gosec
97-
run: go install github.com/securecodewarrior/gosec/v2/cmd/gosec@latest
101+
run: go install github.com/securego/gosec/v2/cmd/gosec@latest
98102

99103
- name: Run gosec security scanner
100-
run: gosec -fmt sarif -out gosec-results.sarif ./...
104+
run: |
105+
gosec -fmt sarif -out gosec-results.sarif ./...
106+
continue-on-error: true
101107

102108
- name: Upload gosec results to GitHub Security tab
103-
uses: github/codeql-action/upload-sarif@v2
109+
uses: github/codeql-action/upload-sarif@v3
104110
if: always()
105111
with:
106112
sarif_file: gosec-results.sarif
113+
category: gosec
107114

108115
# CodeQL Analysis
109116
codeql-analysis:
@@ -124,7 +131,7 @@ jobs:
124131
uses: actions/checkout@v4
125132

126133
- name: Initialize CodeQL
127-
uses: github/codeql-action/init@v2
134+
uses: github/codeql-action/init@v3
128135
with:
129136
languages: ${{ matrix.language }}
130137
queries: +security-and-quality
@@ -153,14 +160,18 @@ jobs:
153160
go build -v ./cmd/mpcium-cli
154161
155162
- name: Perform CodeQL Analysis
156-
uses: github/codeql-action/analyze@v2
163+
uses: github/codeql-action/analyze@v3
157164
with:
158165
category: "/language:${{matrix.language}}"
159166

160167
# SBOM Generation
161168
sbom:
162169
runs-on: ubuntu-latest
163170
name: Generate SBOM
171+
permissions:
172+
actions: read
173+
contents: read
174+
security-events: write
164175

165176
steps:
166177
- name: Checkout code
@@ -222,12 +233,14 @@ jobs:
222233
fail-build: false
223234
output-format: sarif
224235
output-file: grype-results.sarif
236+
continue-on-error: true
225237

226238
- name: Upload Grype results to GitHub Security tab
227-
uses: github/codeql-action/upload-sarif@v2
239+
uses: github/codeql-action/upload-sarif@v3
228240
if: always()
229241
with:
230242
sarif_file: grype-results.sarif
243+
category: grype
231244

232245
- name: Display SBOM summary
233246
run: |

0 commit comments

Comments
 (0)