-
Notifications
You must be signed in to change notification settings - Fork 5.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Debricked starter workflow #2107
Conversation
@alexisabril I've noticed that you merged this PR #2234. Could you please advise what should be done to get this one merged as well? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi @4ernovm,
Thank you for the PR! I've added a few notes below, but I'm also looking to verify you as a TPP member. You checked the box that an application has been submitted, but I'm not seeing OpenText. Would you confirm if this application has been submitted and under which name?
Hello @alexisabril, thanks for the response. Our TPP membership is through Fortify/Micro Focus, which is still a legal entity under OpenText ownership. Would it be possible to somehow connect the TPP membership of Fortify/Micro Focus with OpenText? Also, if you have time, we have another workflow in this PR which needs a review as well, if you have the time: #2245. Thanks! |
@4ernovm, would you email our team at [email protected] to verify your TPP membership? I want to make sure I identify the correct company and perhaps take this conversation outside of this issue. |
contents: read | ||
|
||
jobs: | ||
vulnerabilities-scan: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
vulnerabilities-scan: | |
vulnerabilities-scan: | |
name: Vulnerabilities scan |
code-scanning/debricked.yml
Outdated
runs-on: ubuntu-latest | ||
|
||
steps: | ||
- uses: actions/checkout@v3 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- uses: actions/checkout@v3 | |
- uses: actions/checkout@v4 |
code-scanning/debricked.yml
Outdated
|
||
name: Debricked Scan | ||
|
||
on: [push] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Personal preference:
on: [push] | |
on: | |
push: |
This makes it easier for people to make changes to the workflow w/o taking blame for lines that they aren't conceptually changing.
This pull request has become stale and will be closed automatically within a period of time. Sorry about that. |
Pre-requisites
Please note that at this time we are only accepting new starter workflows for Code Scanning. Updates to existing starter workflows are fine.
Tasks
For all workflows, the workflow:
.yml
file with the language or platform as its filename, in lower, kebab-cased format (for example,docker-image.yml
). Special characters should be removed or replaced with words as appropriate (for example, "dotnet" instead of ".NET").GITHUB_TOKEN
so that the workflow runs successfully.For Code Scanning workflows, the workflow:
code-scanning
directory.code-scanning/properties/*.properties.json
file (for example,code-scanning/properties/codeql.properties.json
), with properties set as follows:name
: Name of the Code Scanning integration.creator
: Name of the organization/user producing the Code Scanning integration.description
: Short description of the Code Scanning integration.categories
: Array of languages supported by the Code Scanning integration.iconName
: Name of the SVG logo representing the Code Scanning integration. This SVG logo must be present in theicons
directory.push
tobranches: [ $default-branch, $protected-branches ]
andpull_request
tobranches: [ $default-branch ]
. We also recommend aschedule
trigger ofcron: $cron-weekly
(for example,codeql.yml
).