naomi/actions-sandbox
1
0
Fork 0
generated from nhcarrigan/template
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

use pipx as recommended in docs
Security Scan / Trivy Security Scan (push) Failing after 10m9s
Details

Browse Source
This commit is contained in:
Naomi Carrigan
2025-12-11 13:36:05 -08:00
parent 6ddc23768f
commit 7293c95659
1 changed files with 8 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.gitea/workflows/security.yml
+8 -2
View File
@@ -9,6 +9,7 @@ on:
# Run weekly on Mondays at 00:00 UTC # Run weekly on Mondays at 00:00 UTC
- cron: '0 0 * * 1' - cron: '0 0 * * 1'
workflow_dispatch: workflow_dispatch:
continue_on_error: true
jobs: jobs:
trivy-scan: trivy-scan:
@@ -62,7 +63,11 @@ jobs:
fi fi
- name: Install Semgrep - name: Install Semgrep
run: python3 -m pip install semgrep run: |
sudo apt-get install pipx
pipx ensurepath
pipx install semgrep
semgrep --version
# Static code analysis with Semgrep # Static code analysis with Semgrep
- name: Run Semgrep static analysis - name: Run Semgrep static analysis
@@ -71,7 +76,8 @@ jobs:
--config p/owasp-top-ten \ --config p/owasp-top-ten \
--config p/ci \ --config p/ci \
--config p/security \ --config p/security \
. > semgrep-results.txt --output semgrep-results.txt \
.
# Display Semgrep results # Display Semgrep results
- name: Display Semgrep scan results - name: Display Semgrep scan results