-
Notifications
You must be signed in to change notification settings - Fork 511
47 lines (44 loc) · 1.3 KB
/
scans.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
# Scan the code for various flaws. See each of the scans for details.
name: Scans
on:
workflow_dispatch:
schedule:
# run this job at 00:00 UTC every day
- cron: '0 0 * * *'
permissions: {}
jobs:
call-bandit:
uses: ./.github/workflows/scan_bandit.yml
name: Bandit
call-codeql:
uses: ./.github/workflows/scan_codeql.yml
name: CodeQL
permissions:
actions: read
contents: read
security-events: write
call-coverity:
# Sorry, no other branches are supported. The result upload would fail.
if: github.ref == 'refs/heads/master'
uses: ./.github/workflows/scan_coverity.yml
secrets:
COVERITY_SCAN_NOTIFICATION_EMAIL: ${{ secrets.COVERITY_SCAN_NOTIFICATION_EMAIL }}
COVERITY_SCAN_TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
name: Coverity
call-coverage:
uses: ./.github/workflows/scan_coverage.yml
secrets:
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
name: Coverage
call-documentation:
uses: ./.github/workflows/scan_documentation.yml
name: Documentation
call-ubsan:
uses: ./.github/workflows/scan_ubsan.yml
name: UBSAN
call-stack-usage:
uses: ./.github/workflows/scan_stack_usage.yml
name: Stack usage
call-log-calls:
uses: ./.github/workflows/scan_log_calls.yml
name: Log calls