Skip to content
Security Analysis

Feature/ci cd modernization #6

Sign in to view logs

Feature/ci cd modernization

Feature/ci cd modernization #6

Workflow file for this run

.github/workflows/security.yml at e3bad16
name: "Security Analysis"
on:
push:
branches:
- master
pull_request:
branches:
- master
- "feature/*"
schedule:
# Weekly scan on Monday at 6 AM UTC
- cron: '0 6 * * 1'
env:
DOTNET_CLI_TELEMETRY_OPTOUT: true
DOTNET_SKIP_FIRST_TIME_EXPERIENCE: true
DOTNET_NOLOGO: true
jobs:
analyze:
name: "CodeQL Security Analysis"
runs-on: ubuntu-22.04
env:
NUGET_PACKAGES: ${{ github.workspace }}/.nuget/packages
permissions:
actions: read
contents: read
security-events: write
strategy:
fail-fast: false
matrix:
language: [ 'csharp' ]
steps:
- name: "Checkout"
uses: actions/checkout@v4
- name: "Setup .NET SDK"
uses: actions/setup-dotnet@v4
with:
dotnet-version: |
8.0.x
9.0.x
- name: "Cache NuGet packages"
uses: actions/cache@v4
with:
path: ~/.nuget/packages
key: ${{ runner.os }}-nuget-${{ hashFiles('**/packages.lock.json', '**/*.csproj', '**/Directory.Packages.props') }}
restore-keys: |
${{ runner.os }}-nuget-
- name: "Initialize CodeQL"
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
queries: security-extended,security-and-quality
- name: "Make build script executable"
run: chmod +x ./build.sh
- name: "Build Solution"
run: ./build.sh --target build
- name: "Perform CodeQL Analysis"
uses: github/codeql-action/analyze@v3
with:
category: "/language:${{matrix.language}}"
dependency-review:
name: "Dependency Review"
runs-on: ubuntu-latest
if: github.event_name == 'pull_request'
permissions:
contents: read
pull-requests: write
steps:
- name: "Checkout"
uses: actions/checkout@v4
- name: "Dependency Review"
uses: actions/dependency-review-action@v4
with:
fail-on-severity: moderate
comment-summary-in-pr: always