The security-workflows repo only ships one combined workflow (security-scan.yml running semgrep + trivy in parallel), not separate semgrep.yml/trivy.yml.
This commit is contained in:
@@ -8,13 +8,13 @@ on:
|
|||||||
schedule:
|
schedule:
|
||||||
- cron: '0 4 * * 1' # Mondays 04:00 UTC
|
- cron: '0 4 * * 1' # Mondays 04:00 UTC
|
||||||
|
|
||||||
# Reusable workflows live in JonKazama-Hellion/security-workflows
|
# Reusable workflow lives in JonKazama-Hellion/security-workflows.
|
||||||
# (the security-workflows repo is in the personal account, not in either org).
|
# It runs Semgrep SAST + Trivy filesystem scan in parallel.
|
||||||
|
# Inputs (all optional): severity, semgrep-config, semgrep-exclude-rules.
|
||||||
jobs:
|
jobs:
|
||||||
semgrep:
|
scan:
|
||||||
uses: JonKazama-Hellion/security-workflows/.gitea/workflows/semgrep.yml@main
|
uses: JonKazama-Hellion/security-workflows/.gitea/workflows/security-scan.yml@main
|
||||||
# If you need to exclude specific rules or paths, drop a .semgrep-exclude.yml
|
# Example overrides if you need them:
|
||||||
# at the repo root. The reusable workflow honors it.
|
# with:
|
||||||
|
# severity: 'CRITICAL'
|
||||||
trivy:
|
# semgrep-exclude-rules: 'csharp.lang.security.sqli.csharp-sqli'
|
||||||
uses: JonKazama-Hellion/security-workflows/.gitea/workflows/trivy.yml@main
|
|
||||||
|
|||||||
Reference in New Issue
Block a user