| # This workflow uses actions that are not certified by GitHub. | |
| # They are provided by a third-party and are governed by | |
| # separate terms of service, privacy policy, and support | |
| # documentation. | |
| # This workflow integrates a collection of open source static analysis tools | |
| # with GitHub code scanning. For documentation, or to provide feedback, visit | |
| # https://github.com/github/ossar-action | |
| name: OSSAR | |
| on: | |
| push: | |
| branches: [ "main" ] | |
| pull_request: | |
| branches: [ "main" ] | |
| schedule: | |
| - cron: '0 0 * * *' | |
| permissions: | |
| contents: read | |
| jobs: | |
| OSSAR-Scan: | |
| permissions: | |
| contents: read # for actions/checkout to fetch code | |
| security-events: write # for github/codeql-action/upload-sarif to upload SARIF results | |
| actions: read # required for a private repository by github/codeql-action/upload-sarif | |
| runs-on: windows-latest | |
| steps: | |
| - name: Enable long paths in Git | |
| run: git config --system core.longpaths true | |
| - name: Checkout repository into short path | |
| uses: actions/checkout@v4 | |
| with: | |
| path: repo # Clones into a folder named "repo" to shorten paths | |
| clean: true | |
| fetch-depth: 1 # Fetch only the latest commit | |
| # Uncomment the next step if you are using a self-hosted runner that does not have a compatible .NET version installed. | |
| # - name: Install .NET | |
| # uses: actions/setup-dotnet@v4 | |
| # with: | |
| # dotnet-version: '3.1.x' | |
| # Run open source static analysis tools | |
| - name: Run OSSAR | |
| uses: github/ossar-action@v1 | |
| id: ossar | |
| # Upload results to the Security tab | |
| - name: Upload OSSAR results | |
| uses: github/codeql-action/upload-sarif@v3 | |
| with: | |
| sarif_file: ${{ steps.ossar.outputs.sarifFile }} | |
| # Added this to protect failed checks | |
| - name: Fail on findings | |
| if: steps.ossar.outputs.exit_code != '0' | |
| run: exit 1 | |