github.com/cosmos/cosmos-sdk@v0.50.10/.github/workflows/gosec.yml

github.com/cosmos/cosmos-sdk@v0.50.10/.github/workflows/gosec.yml (about)

     1  name: Run Gosec
     2  on:
     3    pull_request:
     4      paths:
     5        - "**/*.go"
     6        - "go.mod"
     7        - "go.sum"
     8    push:
     9      branches:
    10        - main
    11      paths:
    12        - "**/*.go"
    13        - "go.mod"
    14        - "go.sum"
    15  
    16  jobs:
    17    Gosec:
    18      permissions:
    19        security-events: write
    20  
    21      runs-on: ubuntu-latest
    22      env:
    23        GO111MODULE: on
    24      steps:
    25        - name: Checkout Source
    26          uses: actions/checkout@v3
    27  
    28        - name: Run Gosec Security Scanner
    29          uses: securego/gosec@master
    30          with:
    31            # we let the report trigger content trigger a failure using the GitHub Security features.
    32            args: "-exclude=G101,G107 -no-fail -fmt sarif -out results.sarif ./..."
    33  
    34        - name: Upload SARIF file
    35          uses: github/codeql-action/upload-sarif@v2
    36          with:
    37            # Path to SARIF file relative to the root of the repository
    38            sarif_file: results.sarif