Skip to content

Legitify Scan (PAT) #14

Legitify Scan (PAT)

Legitify Scan (PAT) #14

name: Legitify Scan (PAT)
on: [workflow_dispatch]
permissions:
actions: read
contents: read
security-events: write
issues: write
jobs:
scan-repository:
name: Scan Repository
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Scan Repo
uses: Legit-Labs/legitify@b814483c588aefad01b33e921008e73352639277
with:
github_token: ${{ secrets.GH_PAT }}
analyze_self_only: "true"
scorecard: yes
- name: Create Summary Issue
if: success()
env:
GH_TOKEN: ${{ github.token }}
run: |
date=`date +%m-%d-%Y`
pip install jinja2-cli
echo '{ "scan_date": "${date}", "scan_url": "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" }' > data.json
gh issue create \
--title "Daily Scan Report - ${date}" \
--body "$(jinja2 ./.github/templates/scan-report.md data.json)" \
--label "repository-report"
- name: Create Error Issue
if: failure()
env:
GH_TOKEN: ${{ github.token }}
run: |
date=`date +%m-%d-%Y`
gh issue create \
--title "Repository Scan Failed - ${date}" \
--body "The repository scan failed, see ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" \
--label "repository-report, failure"