| # This workflow uses actions that are not certified by GitHub. | |
| # They are provided by a third-party and are governed by | |
| # separate terms of service, privacy policy, and support | |
| # documentation. | |
| # This workflow integrates a collection of open source static analysis tools | |
| # with GitHub code scanning. For documentation, or to provide feedback, visit | |
| # https://github.com/github/ossar-action | |
| name: OSSAR | |
| on: | |
| push: | |
| branches: [ "main" ] | |
| pull_request: | |
| # The branches below must be a subset of the branches above | |
| branches: [ "main" ] | |
| schedule: | |
| - cron: '0 0 * * *' | |
| permissions: | |
| contents: read | |
| jobs: | |
| OSSAR-Scan: | |
| # OSSAR runs on windows-latest. | |
| # ubuntu-latest and macos-latest support coming soon | |
| permissions: | |
| contents: read # for actions/checkout to fetch code | |
| security-events: write # for github/codeql-action/upload-sarif to upload SARIF results | |
| actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status | |
| runs-on: windows-latest | |
| steps: | |
| - name: Enable long paths in Git | |
| run: git config --system core.longpaths true | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| with: | |
| clean: true | |
| fetch-depth: 1 # Fetch only the latest commit | |
| # Ensure a compatible version of dotnet is installed. | |
| # The [Microsoft Security Code Analysis CLI](https://aka.ms/mscadocs) is built with dotnet v3.1.201. | |
| # A version greater than or equal to v3.1.201 of dotnet must be installed on the agent in order to run this action. | |
| # GitHub hosted runners already have a compatible version of dotnet installed and this step may be skipped. | |
| # For self-hosted runners, ensure dotnet version 3.1.201 or later is installed by including this action: | |
| # - name: Install .NET | |
| # uses: actions/setup-dotnet@v4 | |
| # with: | |
| # dotnet-version: '3.1.x' | |
| # Run open source static analysis tools | |
| - name: Run OSSAR | |
| uses: github/ossar-action@v1 | |
| id: ossar | |
| # Upload results to the Security tab | |
| - name: Upload OSSAR results | |
| uses: github/codeql-action/upload-sarif@v3 | |
| with: | |
| sarif_file: ${{ steps.ossar.outputs.sarifFile }} | |
| # Added this to protect failed checks | |
| - name: Fail on findings | |
| if: steps.ossar.outputs.exit_code != '0' | |
| run: exit 1 | |