Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[GH actions] Add OSV-Scanner GitHub Actions workflow for vulnerability scanning #4561

Merged
merged 1 commit into from
Jan 31, 2025
Merged

[GH actions] Add OSV-Scanner GitHub Actions workflow for vulnerability scanning #4561

merged 1 commit into from
Jan 31, 2025
+42 −0

Conversation

dautovri
Copy link
Member

This pull request introduces a new GitHub Actions workflow to integrate OSV-Scanner for security scanning. The workflow is configured to run on pull requests, scheduled events, and pushes to the master branch.

Key changes:

  • .github/workflows/osv-scanner.yml: Added a new workflow file to configure OSV-Scanner for security scanning on pull requests, scheduled events, and pushes to the master branch. The workflow includes permissions setup and job definitions for both scheduled scans and pull request scans.

@dautovri dautovri changed the title Add OSV-Scanner GitHub Actions workflow for vulnerability scanning [GH actions] Add OSV-Scanner GitHub Actions workflow for vulnerability scanning Jan 30, 2025
@dautovri dautovri added the enhancement New feature or request label Jan 30, 2025
@github-advanced-security
Copy link

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

OhmSpectator
OhmSpectator reviewed Jan 30, 2025
View reviewed changes
Copy link
Member

@OhmSpectator OhmSpectator left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Interesting, but how can we check the results on the run in this PR? =)

@OhmSpectator
Copy link
Member

Ah, I see... But no new results are available. The scanner failed for some reason. Have to check the logs...

uncleDecart
uncleDecart approved these changes Jan 30, 2025
View reviewed changes
Copy link
Member

@uncleDecart uncleDecart left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, just small yetus complaint

@github-actions github-actions bot requested a review from uncleDecart January 30, 2025 12:01
@dautovri dautovri force-pushed the dautovri-OSV-Scanner branch 4 times, most recently from 72da047 to cdbcc02 Compare January 30, 2025 12:32
@OhmSpectator
Copy link
Member

@dautovri, are you going to fix the Yetus warnings? If you don't want to spend any more time on the PR, I can do it for you.

@dautovri dautovri force-pushed the dautovri-OSV-Scanner branch from cdbcc02 to c6a7311 Compare January 30, 2025 20:33
@OhmSpectator
Copy link
Member

@dautovri, just an advice: you can run Yetus locally as well, to check how it works

MYETUS_VERBOSE=1 make mini-yetus

@dautovri dautovri force-pushed the dautovri-OSV-Scanner branch 3 times, most recently from 6b55a34 to 495262a Compare January 31, 2025 10:57
@dautovri dautovri force-pushed the dautovri-OSV-Scanner branch 2 times, most recently from 3782866 to aab5851 Compare January 31, 2025 12:27
@dautovri
Add OSV-Scanner GitHub Actions workflow for vulnerability scanning
9254a7c 
This pull request introduces a new GitHub Actions workflow to integrate OSV-Scanner for security scanning. The workflow is configured to run on pull requests, scheduled events, and pushes to the master branch.

Key changes:

.github/workflows/osv-scanner.yml: Added a new workflow file to configure OSV-Scanner for security scanning on pull requests, scheduled events, and pushes to the master branch. The workflow includes permissions setup and job definitions for both scheduled scans and pull request scans.

Signed-off-by: Ruslan Dautov <[email protected]>
@dautovri dautovri force-pushed the dautovri-OSV-Scanner branch from aab5851 to 9254a7c Compare January 31, 2025 12:41
@dautovri dautovri requested a review from OhmSpectator January 31, 2025 12:57
OhmSpectator
OhmSpectator approved these changes Jan 31, 2025
View reviewed changes
Copy link
Member

@OhmSpectator OhmSpectator left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's give it a try

@OhmSpectator OhmSpectator merged commit e418dfb into master Jan 31, 2025
17 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@OhmSpectator OhmSpectator OhmSpectator approved these changes

@deitch deitch Awaiting requested review from deitch deitch is a code owner

@yash-zededa yash-zededa Awaiting requested review from yash-zededa yash-zededa is a code owner

@eriknordmark eriknordmark Awaiting requested review from eriknordmark

@uncleDecart uncleDecart Awaiting requested review from uncleDecart

Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@dautovri @OhmSpectator @uncleDecart