mirror of
https://github.com/zenstackhq/zenstack
synced 2026-05-24 10:08:55 +00:00
420df87bf1
Co-authored-by: Augustin <43639468+Azzerty23@users.noreply.github.com> Co-authored-by: Jonathan Stevens <jonathan.stevens@resnovas.com> Co-authored-by: Jonathan S <jonathan.stevens@eventiva.co.uk> Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: ErikMCM <70036542+ErikMCM@users.noreply.github.com> Co-authored-by: Jason Kleinberg <ustice@gmail.com> Co-authored-by: Jonathan S <punk.gift9475@alias.org.uk> Co-authored-by: Jiasheng <jiashengguo@outlook.com>
66 lines
2.1 KiB
YAML
66 lines
2.1 KiB
YAML
# Microsoft Security DevOps (MSDO) is a command line application which integrates static analysis tools into the development cycle.
|
|
# MSDO installs, configures and runs the latest versions of static analysis tools
|
|
# (including, but not limited to, SDL/security and compliance tools).
|
|
#
|
|
# The Microsoft Security DevOps action is currently in beta and runs on the windows-latest queue,
|
|
# as well as Windows self hosted agents. ubuntu-latest support coming soon.
|
|
#
|
|
# For more information about the action , check out https://github.com/microsoft/security-devops-action
|
|
#
|
|
# Please note this workflow do not integrate your GitHub Org with Microsoft Defender For DevOps. You have to create an integration
|
|
# and provide permission before this can report data back to azure.
|
|
# Read the official documentation here : https://learn.microsoft.com/en-us/azure/defender-for-cloud/quickstart-onboard-github
|
|
|
|
name: Security - Microsoft Defender For Devops
|
|
|
|
on:
|
|
merge_group:
|
|
push:
|
|
branches:
|
|
- main
|
|
- dev
|
|
- release/*
|
|
- v2
|
|
pull_request:
|
|
branches:
|
|
- main
|
|
- dev
|
|
- release/*
|
|
- v2
|
|
schedule:
|
|
- cron: '34 12 * * 0'
|
|
|
|
permissions:
|
|
contents: read
|
|
security-events: read
|
|
|
|
jobs:
|
|
MSDO:
|
|
# currently only windows latest is supported
|
|
runs-on: windows-latest
|
|
permissions:
|
|
security-events: write
|
|
|
|
steps:
|
|
- name: Harden Runner
|
|
uses: step-security/harden-runner@v2.6.1
|
|
with:
|
|
egress-policy: audit
|
|
|
|
# checks out the repository
|
|
- uses: actions/checkout@v4
|
|
|
|
- uses: actions/setup-dotnet@v3.2.0
|
|
with:
|
|
dotnet-version: |
|
|
5.0.x
|
|
6.0.x
|
|
|
|
- name: Run Microsoft Security DevOps
|
|
uses: microsoft/security-devops-action@v1.6.0
|
|
id: msdo
|
|
|
|
- name: Upload results to Security tab
|
|
uses: github/codeql-action/upload-sarif@v2.22.12
|
|
with:
|
|
sarif_file: ${{ steps.msdo.outputs.sarifFile }}
|