From 6b2ab361b0ae5d5c350e0778d8c252358dbdf62f Mon Sep 17 00:00:00 2001 From: johnny-jtangtech <133049928+jtt-jtang@users.noreply.github.com> Date: Fri, 15 Mar 2024 11:57:44 -0500 Subject: [PATCH] Create securitycodescan.yml --- .github/workflows/securitycodescan.yml | 41 ++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100644 .github/workflows/securitycodescan.yml diff --git a/.github/workflows/securitycodescan.yml b/.github/workflows/securitycodescan.yml new file mode 100644 index 000000000..e82ff7a9a --- /dev/null +++ b/.github/workflows/securitycodescan.yml @@ -0,0 +1,41 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +# This workflow integrates SecurityCodeScan with GitHub's Code Scanning feature +# SecurityCodeScan is a vulnerability patterns detector for C# and VB.NET + +name: SecurityCodeScan + +on: + push: + branches: [ "main" ] + pull_request: + # The branches below must be a subset of the branches above + branches: [ "main" ] + schedule: + - cron: '18 3 * * 5' + +jobs: + SCS: + runs-on: windows-latest + steps: + - uses: actions/checkout@v3 + - uses: nuget/setup-nuget@04b0c2b8d1b97922f67eca497d7cf0bf17b8ffe1 + - uses: microsoft/setup-msbuild@v1.0.2 + + - name: Set up projects for analysis + uses: security-code-scan/security-code-scan-add-action@f8ff4f2763ed6f229eded80b1f9af82ae7f32a0d + + - name: Restore dependencies + run: dotnet restore + + - name: Build + run: dotnet build --no-restore + + - name: Convert sarif for uploading to GitHub + uses: security-code-scan/security-code-scan-results-action@cdb3d5e639054395e45bf401cba8688fcaf7a687 + + - name: Upload sarif + uses: github/codeql-action/upload-sarif@v2