Skip to content
Security

chore: bump dependencies to the latest version #52

Sign in to view logs

chore: bump dependencies to the latest version

chore: bump dependencies to the latest version #52

Workflow file for this run

.github/workflows/security.yml at 4dd406a
---
name: Security
on: # yamllint disable-line rule:truthy
pull_request: {}
push:
branches:
- main
workflow_dispatch:
inputs:
security-type:
description: What Security scanning you would like to run?
required: false
default: "all"
type: choice
options: ["all", "sca", "code-scanning", "image"]
jobs:
build-image:
name: Build image
if: contains(fromJSON('["all", "image"]'), github.event.inputs.security-type || 'all')
runs-on: ubuntu-latest
outputs:
artifact-name: "${{ steps.artifact.outputs.name }}"
steps:
- name: Checkout ${{ github.repository }}
uses: actions/checkout@v5
- name: Build image
id: build-image
uses: docker/build-push-action@v6
with:
push: false
- name: Save image
id: artifact
run: |
artifact_name="$(date +%s)"
archive_path="${RUNNER_TEMP}/${artifact_name}.tar"
docker save --output "${archive_path}" "${{ steps.build-image.outputs.digest }}"
echo "path=${archive_path}" >> "$GITHUB_OUTPUT"
echo "name=${artifact_name}" >> "$GITHUB_OUTPUT"
- name: Upload artifact
if: always()
uses: actions/upload-artifact@v5
with:
name: "${{ steps.artifact.outputs.name }}"
path: "${{ steps.artifact.outputs.path }}"
retention-days: "1"
compression-level: "0"
sast:
name: SAST
needs: ["build-image"]
permissions:
contents: read
security-events: write
uses: fabasoad/reusable-workflows/.github/workflows/wf-security-sast.yml@main
with:
code-scanning: ${{ contains(fromJSON('["all", "code-scanning"]'), github.event.inputs.security-type || 'all') }}
image: ${{ contains(fromJSON('["all", "image"]'), github.event.inputs.security-type || 'all') }}
image-artifact-name: "${{ needs.build-image.outputs.artifact-name }}"
sca: ${{ contains(fromJSON('["all", "sca"]'), github.event.inputs.security-type || 'all') }}