-
Notifications
You must be signed in to change notification settings - Fork 10
56 lines (46 loc) · 1.44 KB
/
code-quality-check.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
name: Scheduled Code Quality (Prod)
on:
schedule:
- cron: '0 12 * * 4'
permissions: read-all
jobs:
codeql:
name: Code QL
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
steps:
- name: Checkout repository for code analysis
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
with:
ref: main
- name: Initialize CodeQL
uses: github/codeql-action/init@d68b2d4edb4189fd2a5366ac14e72027bd4b37dd
with:
languages: javascript
queries: security-extended
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@d68b2d4edb4189fd2a5366ac14e72027bd4b37dd
nodejsscan:
name: NodeJS Scan
runs-on: ubuntu-latest
permissions:
security-events: write
actions: read
contents: read
steps:
- name: Checkout the code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
with:
ref: prod
- name: nodejsscan scan
id: njsscan
uses: ajinabraham/njsscan-action@231750a435d85095d33be7d192d52ec650625146
with:
args: '. --sarif --output results.sarif || true'
- name: Upload njsscan report
uses: github/codeql-action/upload-sarif@d68b2d4edb4189fd2a5366ac14e72027bd4b37dd
with:
sarif_file: results.sarif