Skip to content

chore: v1 upstream bug sweep + docs refresh (#76) #5

chore: v1 upstream bug sweep + docs refresh (#76)

chore: v1 upstream bug sweep + docs refresh (#76) #5

Workflow file for this run

name: OSV-Scanner
on:
push:
branches: [main]
pull_request:
branches: [main]
schedule:
- cron: "33 5 * * 2"
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
permissions:
contents: read
jobs:
osv:
runs-on: ubuntu-latest
permissions:
contents: read
security-events: write
steps:
- uses: actions/checkout@v6
- name: Install osv-scanner
run: |
curl -sL -o /tmp/osv-scanner \
https://github.com/google/osv-scanner/releases/download/v2.3.8/osv-scanner_linux_amd64
chmod +x /tmp/osv-scanner
- name: Scan pnpm-lock.yaml (SARIF output)
run: |
/tmp/osv-scanner scan source \
--lockfile=pnpm-lock.yaml \
--format=sarif \
--output=osv.sarif || true
- uses: github/codeql-action/upload-sarif@v4
if: always()
with:
sarif_file: osv.sarif
category: osv-scanner
- name: Fail on vulnerabilities
run: /tmp/osv-scanner scan source --lockfile=pnpm-lock.yaml