Add Debricked starter workflow #2107
Conversation
github-actions
bot
added
the
code-scanning
|
@alexisabril I've noticed that you merged this PR #2234. Could you please advise what should be done to get this one merged as well? |
There was a problem hiding this comment.
Hi @4ernovm,
Thank you for the PR! I've added a few notes below, but I'm also looking to verify you as a TPP member. You checked the box that an application has been submitted, but I'm not seeing OpenText. Would you confirm if this application has been submitted and under which name?
Hello @alexisabril, thanks for the response. Our TPP membership is through Fortify/Micro Focus, which is still a legal entity under OpenText ownership. Would it be possible to somehow connect the TPP membership of Fortify/Micro Focus with OpenText? Also, if you have time, we have another workflow in this PR which needs a review as well, if you have the time: #2245. Thanks! |
|
@4ernovm, would you email our team at [email protected] to verify your TPP membership? I want to make sure I identify the correct company and perhaps take this conversation outside of this issue. |
| contents: read | ||
|
|
||
| jobs: | ||
| vulnerabilities-scan: |
There was a problem hiding this comment.
| vulnerabilities-scan: | |
| vulnerabilities-scan: | |
| name: Vulnerabilities scan |
code-scanning/debricked.yml
Outdated
| runs-on: ubuntu-latest | ||
|
|
||
| steps: | ||
| - uses: actions/checkout@v3 |
There was a problem hiding this comment.
| - uses: actions/checkout@v3 | |
| - uses: actions/checkout@v4 |
code-scanning/debricked.yml
Outdated
|
|
||
| name: Debricked Scan | ||
|
|
||
| on: [push] |
There was a problem hiding this comment.
Personal preference:
| on: [push] | |
| on: | |
| push: |
This makes it easier for people to make changes to the workflow w/o taking blame for lines that they aren't conceptually changing.
|
This pull request has become stale and will be closed automatically within a period of time. Sorry about that. |
Pre-requisites
Please note that at this time we are only accepting new starter workflows for Code Scanning. Updates to existing starter workflows are fine.
Tasks
For all workflows, the workflow:
.ymlfile with the language or platform as its filename, in lower, kebab-cased format (for example,docker-image.yml). Special characters should be removed or replaced with words as appropriate (for example, "dotnet" instead of ".NET").GITHUB_TOKENso that the workflow runs successfully.For Code Scanning workflows, the workflow:
code-scanningdirectory.code-scanning/properties/*.properties.jsonfile (for example,code-scanning/properties/codeql.properties.json), with properties set as follows:name: Name of the Code Scanning integration.creator: Name of the organization/user producing the Code Scanning integration.description: Short description of the Code Scanning integration.categories: Array of languages supported by the Code Scanning integration.iconName: Name of the SVG logo representing the Code Scanning integration. This SVG logo must be present in theiconsdirectory.pushtobranches: [ $default-branch, $protected-branches ]andpull_requesttobranches: [ $default-branch ]. We also recommend ascheduletrigger ofcron: $cron-weekly(for example,codeql.yml).