fix(workflows): correct paths for config-file and manifest-file in re… #4
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ### | |
| # @format | |
| # ----- | |
| # Project: zenstack-monorepo | |
| # File: security-defender-for-devops.yml | |
| # Path: \.github\workflows\security-defender-for-devops.yml | |
| # Created Date: Monday, February 19th 2024 | |
| # Author: Jonathan Stevens, [email protected] | |
| # Github: https://github.com/TGTGamer | |
| # ----- | |
| # Contributing: Please read through our contributing guidelines. | |
| # Included are directions for opening issues, coding standards, | |
| # and notes on development. These can be found at | |
| # https://github.com/zenstack-monorepo/blob/develop/CONTRIBUTING.md | |
| # ----- | |
| # Code of Conduct: This project abides by the Contributor Covenant, v2.0 | |
| # Please interact in ways that contribute to an open, welcoming, diverse, | |
| # inclusive, and healthy community. Our Code of Conduct can be found at | |
| # https://github.com/zenstack-monorepo/blob/develop/CODE_OF_CONDUCT.md | |
| # ----- | |
| # Copyright (c) 2024 ZenstackHQ - All Rights Reserved | |
| # LICENSE: MIT License (MIT) | |
| # ----- | |
| # This program has been provided under confidence of the copyright holder and | |
| # is licensed for copying, distribution and modification under the terms | |
| # of the MIT License (MIT) published as the License, | |
| # or (at your option) any later version of this license. | |
| # This program is distributed in the hope that it will be useful, | |
| # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
| # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
| # MIT License for more details. | |
| # You should have received a copy of the MIT License | |
| # along with this program. If not, please write to: [email protected], | |
| # or see https://opensource.org/licenses/MIT | |
| # ----- | |
| # DELETING THIS NOTICE AUTOMATICALLY VOIDS YOUR LICENSE | |
| ### | |
| # This workflow uses actions that are not certified by GitHub. | |
| # They are provided by a third-party and are governed by | |
| # separate terms of service, privacy policy, and support | |
| # documentation. | |
| # | |
| # Microsoft Security DevOps (MSDO) is a command line application which integrates static analysis tools into the development cycle. | |
| # MSDO installs, configures and runs the latest versions of static analysis tools | |
| # (including, but not limited to, SDL/security and compliance tools). | |
| # | |
| # The Microsoft Security DevOps action is currently in beta and runs on the windows-latest queue, | |
| # as well as Windows self hosted agents. ubuntu-latest support coming soon. | |
| # | |
| # For more information about the action , check out https://github.com/microsoft/security-devops-action | |
| # | |
| # Please note this workflow do not integrate your GitHub Org with Microsoft Defender For DevOps. You have to create an integration | |
| # and provide permission before this can report data back to azure. | |
| # Read the official documentation here : https://learn.microsoft.com/en-us/azure/defender-for-cloud/quickstart-onboard-github | |
| name: Security - Microsoft Defender For Devops | |
| on: | |
| merge_group: | |
| push: | |
| branches: | |
| - main | |
| - develop | |
| - release/* | |
| - v2 | |
| pull_request: | |
| branches: | |
| - main | |
| - develop | |
| - release/* | |
| - v2 | |
| schedule: | |
| - cron: '34 12 * * 0' | |
| permissions: | |
| contents: read | |
| security-events: read | |
| jobs: | |
| MSDO: | |
| # currently only windows latest is supported | |
| runs-on: windows-latest | |
| permissions: | |
| security-events: write | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 | |
| with: | |
| egress-policy: audit | |
| # checks out the repository | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-dotnet@3447fd6a9f9e57506b15f895c5b76d3b197dc7c2 # v3.2.0 | |
| with: | |
| dotnet-version: | | |
| 5.0.x | |
| 6.0.x | |
| - name: Run Microsoft Security DevOps | |
| uses: microsoft/security-devops-action@e94440350ed10e2806d47cd0d7504a2c51abdbe9 # v1.6.0 | |
| id: msdo | |
| - name: Upload results to Security tab | |
| uses: github/codeql-action/upload-sarif@1500a131381b66de0c52ac28abb13cd79f4b7ecc # v2.22.12 | |
| with: | |
| sarif_file: ${{ steps.msdo.outputs.sarifFile }} |