github.com/goreleaser/nfpm/v2@v2.44.0/.github/workflows/grype.yml

github.com/goreleaser/nfpm/v2@v2.44.0/.github/workflows/grype.yml (about)

     1  name: "grype"
     2  on:
     3    push:
     4      branches: ["main"]
     5      tags: ["v*"]
     6    pull_request:
     7  permissions:
     8    contents: read
     9  jobs:
    10    scan-source:
    11      name: scan-source
    12      runs-on: ubuntu-latest
    13      permissions:
    14        security-events: write
    15        actions: read
    16        contents: read
    17      steps:
    18        - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
    19        - uses: anchore/scan-action@40a61b52209e9d50e87917c5b901783d546b12d0 # v7.2.1
    20          id: scan
    21          with:
    22            path: "."
    23            fail-build: true
    24            severity-cutoff: critical
    25        - uses: github/codeql-action/upload-sarif@fe4161a26a8629af62121b670040955b330f9af2 # v4.31.6
    26          with:
    27            sarif_file: ${{ steps.scan.outputs.sarif }}