JonKazama-Hellion
fc61170180
Security / scan (push) Successful in 37s
The security-workflows repo only ships one combined workflow (security-scan.yml running semgrep + trivy in parallel), not separate semgrep.yml/trivy.yml.
21 lines
601 B
YAML
21 lines
601 B
YAML
name: Security
|
|
|
|
on:
|
|
push:
|
|
branches: [main]
|
|
pull_request:
|
|
branches: [main]
|
|
schedule:
|
|
- cron: '0 4 * * 1' # Mondays 04:00 UTC
|
|
|
|
# Reusable workflow lives in JonKazama-Hellion/security-workflows.
|
|
# It runs Semgrep SAST + Trivy filesystem scan in parallel.
|
|
# Inputs (all optional): severity, semgrep-config, semgrep-exclude-rules.
|
|
jobs:
|
|
scan:
|
|
uses: JonKazama-Hellion/security-workflows/.gitea/workflows/security-scan.yml@main
|
|
# Example overrides if you need them:
|
|
# with:
|
|
# severity: 'CRITICAL'
|
|
# semgrep-exclude-rules: 'csharp.lang.security.sqli.csharp-sqli'
|