From fa822b232773e31916d5122c7be3ca19d5b429e2 Mon Sep 17 00:00:00 2001 From: Micah Andersen Date: Wed, 11 Aug 2021 16:23:36 -0400 Subject: [PATCH 1/2] Test Microsoft DevSkim analysis --- .github/workflows/devskim-analysis.yml | 34 ++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 .github/workflows/devskim-analysis.yml diff --git a/.github/workflows/devskim-analysis.yml b/.github/workflows/devskim-analysis.yml new file mode 100644 index 0000000..1007eea --- /dev/null +++ b/.github/workflows/devskim-analysis.yml @@ -0,0 +1,34 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +name: DevSkim + +on: + push: + branches: [ master ] + pull_request: + branches: [ master ] + schedule: + - cron: '27 9 * * 6' + +jobs: + lint: + name: DevSkim + runs-on: ubuntu-20.04 + permissions: + actions: read + contents: read + security-events: write + steps: + - name: Checkout code + uses: actions/checkout@v2 + + - name: Run DevSkim scanner + uses: microsoft/DevSkim-Action@v1 + + - name: Upload DevSkim scan results to GitHub Security tab + uses: github/codeql-action/upload-sarif@v1 + with: + sarif_file: devskim-results.sarif From 746fe9f34595df26d4d07a391b47064548f6aca5 Mon Sep 17 00:00:00 2001 From: Micah Andersen Date: Wed, 11 Aug 2021 16:27:46 -0400 Subject: [PATCH 2/2] scan the code folder --- .github/workflows/devskim-analysis.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/devskim-analysis.yml b/.github/workflows/devskim-analysis.yml index 1007eea..b44af73 100644 --- a/.github/workflows/devskim-analysis.yml +++ b/.github/workflows/devskim-analysis.yml @@ -27,6 +27,8 @@ jobs: - name: Run DevSkim scanner uses: microsoft/DevSkim-Action@v1 + with: + directory-to-scan: mod_authnz_external - name: Upload DevSkim scan results to GitHub Security tab uses: github/codeql-action/upload-sarif@v1