Skip to content

Commit 6a5f9c1

Browse files
Add PSScriptAnalyzer CI workflow
This workflow runs PSScriptAnalyzer on the repository and uploads the SARIF results.
1 parent baf7ce4 commit 6a5f9c1

1 file changed

Lines changed: 44 additions & 0 deletions

File tree

Lines changed: 44 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,44 @@
1+
# Inherited from Tim Atkinson's repo: https://github.com/tim-atkinson/IntuneDeviceExport/blob/main/.github/workflows/ci-workflow-psscriptanalyzer.yml
2+
#
3+
# https://github.com/microsoft/action-psscriptanalyzer
4+
# For more information on PSScriptAnalyzer in general, see
5+
# https://github.com/PowerShell/PSScriptAnalyzer
6+
7+
name: PSScriptAnalyzer
8+
9+
on:
10+
push:
11+
branches: [ "main" ]
12+
pull_request:
13+
branches: [ "main" ]
14+
15+
permissions:
16+
contents: read
17+
18+
jobs:
19+
build:
20+
permissions:
21+
contents: read # for actions/checkout to fetch code
22+
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
23+
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
24+
name: PSScriptAnalyzer
25+
runs-on: ubuntu-latest
26+
steps:
27+
- uses: actions/checkout@v4
28+
29+
- name: Run PSScriptAnalyzer
30+
uses: microsoft/psscriptanalyzer-action@6b2948b1944407914a58661c49941824d149734f
31+
with:
32+
# Check https://github.com/microsoft/action-psscriptanalyzer for more info about the options.
33+
# The below set up runs PSScriptAnalyzer to your entire repository and runs some basic security rules.
34+
path: .\
35+
recurse: true
36+
# Include your own basic security rules. Removing this option will run all the rules
37+
includeRule: '"PSAvoidGlobalAliases", "PSAvoidUsingConvertToSecureStringWithPlainText"'
38+
output: results.sarif
39+
40+
# Upload the SARIF file generated in the previous step
41+
- name: Upload SARIF results file
42+
uses: github/codeql-action/upload-sarif@v3
43+
with:
44+
sarif_file: results.sarif

0 commit comments

Comments
 (0)