generated from nhcarrigan/template
31 lines
761 B
YAML
31 lines
761 B
YAML
name: Security Scan
|
|
on:
|
|
workflow_dispatch:
|
|
schedule:
|
|
# Midnight every Monday
|
|
- cron: '0 0 * * 1'
|
|
|
|
jobs:
|
|
lint:
|
|
name: Scan Repositories
|
|
runs-on: [security-runner]
|
|
|
|
steps:
|
|
- name: Checkout Source Files
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Install Binaries
|
|
run: |
|
|
sudo apt-get install gitleaks trivy
|
|
curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sudo sh -s -- -b /usr/local/bin
|
|
curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sudo sh -s -- -b /usr/local/bin
|
|
|
|
- name: PNPM
|
|
uses: pnpm/action-setup@v2
|
|
|
|
- name: Install Dependencies
|
|
run: pnpm i -g snyk
|
|
|
|
- name: Run scan
|
|
run: ./cron.sh
|